Vulnerability Note VU#410025
Microsoft Windows LSASS privilege escalation vulnerability
The Windows LSASS service contains privilege escalation vulnerability.
The Windows Local Security Authority Subsystem Service (LSASS) is a process that enforces the local security policy.
Per Microsoft Security Bulletin MS08-002:
A local, authenticated attacker may be able gain elevated privileges or execute programs in the context of a different user.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||08 Jan 2008|
CVSS Metrics (Learn More)
Microsoft credits Thomas Garnier of SkyRecon for reporting this vulnerability.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-5352
- Date Public: 08 Jan 2008
- Date First Published: 08 Jan 2008
- Date Last Updated: 08 Jan 2008
- Severity Metric: 1.50
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.