|MS11-070||Vulnerability in WINS Could Allow Elevation of Privilege (2571621)||Windows Server||Critical||14-09-2011|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in WINS, allowing arbitrary code to be executed in the context of the local system. The vulnerability is caused when the WINS server improperly processes a sequence of specially crafted packets received on the loopback interface. A local attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Further information on this exploit is available at : MS11-070
Affected SoftwareWindows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*