|MS11-013||Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)||Windows XP||Critical||09-02-2011|
Brief overview of the risk:
This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer.
Detailed Information on the risk:
A spoofing vulnerability exists in implementations of Kerberos on Windows 7 and Windows Server 2008 R2. The vulnerability exists because it is possible to downgrade Kerberos authentication to use DES instead of the default, stronger encryption standards included in Windows 7 and Windows Server 2008 R2.
Further information on this exploit is available at : MS11-013
Affected SoftwareWindows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems*
Windows Server 2008 R2 for Itanium-based Systems