Subscribe to Windows IT Pro
December 18, 2004 12:00 AM

Multiple Vulnerabilities in Microsoft Windows

Ken Pfeil
Windows IT Pro
InstantDoc ID #44855
Rating: (1)

Reported December 14, 2004, by Microsoft

VERSIONS AFFECTED

·         Microsoft Windows NT Server 4.0 Service Pack 6a

·         Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

·         Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

·         Microsoft Windows XP Service Pack 1

·         Microsoft Windows Server 2003

·         Microsoft Windows XP 64-Bit Edition Service Pack 1

DESCRIPTION
Two new vulnerabilities exist in Microsoft Windows, both of which could result in escalation of privileges on the vulnerable system. The first vulnerability is in the way that the Windows Kernel launches applications. The other vulnerability is in the way that LSASS validates identity tokens. Both vulnerabilities could allow a logged-on user to take complete control of the system.

VENDOR RESPONSE
Microsoft has released Security Bulletin MS04-044, "Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Cesar Cerrudo of Application Security

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Anonymous User
    8 years ago
    Dec 27, 2004

    Fix announced on 14th, article on 18th, distributed on 23rd. Don't you think this is too time-sensitive to hold for 9 days?

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.