Tuesday, December 02, 2008   
  Search   
 
 
Register  Login  
Forums  
     Minimize  

Welcome to MeraWindows forums.

Thank you for being at the Microsoft Windows Community Site. You may have to register before posting in forums. It's absolutely free. After registering, you can get all the benefits available to our registered members, you can access our Downloads section, you can participate in contests, etc. You can post in forums in English as well as in Hindi, in fact we encourage you to use Hindi in your posts. If you have any problem with registration or login, please contact us.
     
  


 
  Microsoft Windows Forums  Windows Vista  General  Vista SP1 RTM Hit by New Hole, XP SP3 Safe
Previous Previous
 
Next Next
New Post 4/19/2008 12:21 AM
User is offline soumya
2848 posts
microsoftblog4u.blogspot.com/
Forum Guru








Vista SP1 RTM Hit by New Hole, XP SP3 Safe 

Windows XP Service Pack 3, despite the fact that it is yet to be released in its final version, is safe from the latest security vulnerability impacting a range of Windows platforms including XP SP2 and Vista SP1. Despite the fact that Windows Vista was constantly applauded throughout 2007 as the safest version of Windows available on the market, the operating system is in no way bulletproofed. And even with Service Pack 1, an update designed to increase security, among other things, Vista is still susceptible to attacks exploiting security holes. Of course that Microsoft has failed to reveal why XP SP3 is not on the list with the affected operating systems. In this regard, the company could have already patched XP SP3, or is simply ignoring the final service pack for Windows XP until its finalization.

Bill Sisk, Microsoft Security Response Center Communications Manager, informed of "a new public report of a vulnerability within Microsoft Windows which allows for privilege escalation from authenticated user to LocalSystem. Our investigation has shown that this vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008."

Both the 32-bit and 64-bit versions of Vista SP1 RTM are affected. According to the Redmond company, in the eventuality of a successful exploit, an attacker could use the flaw in order to perform an "elevation of privilege from authenticated user to LocalSystem." Microsoft warned of a few scenarios where customers would be at increased risk. Hosting providers and organizations permitting the execution of user-provided code in authenticated contexts (using Internet Information Services (IIS) and SQL Server) should work to mitigate the threat until a patch will be in place.

Microsoft recommends the following mitigations for customers running IIS 6.0 (Configure a Worker Process Identity (WPI) for an application pool in IIS to use a created account in IIS Manager and disable MSDTC); IIS 7.0 - Specify a WPI for an application pool in IIS Manager or Specify a WPI for an application pool using the Command Line utility APPCMD.exe. The mitigations are available here.

"At this time, we are not aware of attacks attempting to use the reported vulnerability, but we will continue to track this issue. The advisory contains several workarounds that customers can use to help protect themselves. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release," Sisk added.

 http://news.softpedia.com/cat/Microsoft/
 
 Page 1 of 1
Previous Previous
 
Next Next
  Microsoft Windows Forums  Windows Vista  General  Vista SP1 RTM Hit by New Hole, XP SP3 Safe


   Get Your Own E-Mail Account @MeraWindows.com Minimize  
New Page 1 New Page 1
Show your cool quotient with @merawindows.com email account
     
  
 
 
Terms Of Use   Privacy Statement  
© 2008 MeraWindows.com