| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-014 | Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) | Windows XP | Critical | 09-02-2011 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of these operating systems.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in the way that the Microsoft Windows Local Security Authority Subsystem Service (LSASS) processes specially crafted authentication requests. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Further information on this exploit is available at : MS11-014
Affected Software
Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems