ESISS

Microsoft have released a security advisory of a potential threat arising from the Windows service isolation feature. This feature enables windows to secure objects such as registry entry used by a service by applying an access control with a unique security ID without having to use a super-administrator account. The current vulnerability in the service could allow an attacker to gain elevated privileges when untrusted code is being executed under the NetworkService account.

Affected products include: Windows XP, Vista, Windows 7, Server 2003, 2008 (all versions)

For further information on this advisory and details on the affected configuration scenarios please visit the original post here.

Comments are closed.