Vulnerability in Windows Could Allow Elevation of Privilege

http://www.4sec.org/archives/18230/

http://www.microsoft.com/technet/security/advisory/951306.mspx

Microsoft 的说明。比较牛X。听说是token impersonation的问题,以NetworkService或者LocalService权限运行的进程都有机会提升到LocalSystem。

Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (iis) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.

关键词: 提权 , iis , 漏洞

上一篇: 70 80 90
下一篇: 风险评估杂谈

相关文章
访客评论
#1
回复 路过路过路过 2008-04-26, 17:02:04
http://www.argeniss.com/research/TokenKidnapping.pdf
发表评论

评论内容 (必填):