Wednesday, February 08, 2006

Microsoft Patches XP ACL Vulnerability

Microsoft has released a security bulletin reporting a vulnerability that can be exploited to gain privilege escalation in Windows XP SP1 and Windows Server 2003.

Access Control List (ACL) is an IT security concept used to refer to access rights for a certain object. In Windows, for example, we can set the read or write privileges of a user for a certain file.

The vulnerability reported in the Microsoft security bulletin could allow an authenticated user to carry out a privilege escalation attack.

This would allow the attacker to gain privileges for objects, which in theory, that user should not be able to access.

Microsoft confirms that the vulnerability does not affect Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1.

Therefore, users are recommended to install the latest service packs and security patch to mitigate this and other potential risks.

The security bulletin also includes details of how to modify the ACLs in affected services to mitigate possible attacks on potentially vulnerable systems. Y

ou can get full details at:http://www.microsoft.com/technet/security/advisory/914457.mspx