Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation

2004-12-14T16:21:48
ID OSVDB:12376
Type osvdb
Reporter Cesar Cerrudo()
Modified 2004-12-14T16:21:48

Description

Vulnerability Description

The Microsoft Windows operating system contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the validation of identity tokens within the Local Security Authority Subsystem Service (LSASS.) This flaw may lead to a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released applicable patches to address this vulnerability.

Short Description

The Microsoft Windows operating system contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the validation of identity tokens within the Local Security Authority Subsystem Service (LSASS.) This flaw may lead to a loss of confidentiality.

References:

Secunia Advisory ID:13465 Related OSVDB ID: 12372 Microsoft Security Bulletin: MS04-044 Microsoft Knowledge Base Article: 885835 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0296.html CVE-2004-0894