The Windows LSASS service contains privilege escalation vulnerability.
The Windows Local Security Authority Subsystem Service (LSASS) is a process that enforces the local security policy.
Per Microsoft Security Bulletin MS08-002:
A local, authenticated attacker may be able gain elevated privileges or execute programs in the context of a different user.
Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS08-002 for more information.
Microsoft credits Thomas Garnier of SkyRecon for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2008-01-08|
|Date Last Updated:||2008-01-08 20:57 UTC|