Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability

2007-02-13T00:00:00
ID SMNTC-22481
Type symantec
Reporter Symantec Security Response
Modified 2007-02-13T00:00:00

Description

Description

Microsoft Windows is prone to a local privilege-escalation vulnerability due to a lack of proper input validation. A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.

Technologies Affected

  • Avaya Messaging Application Server MM 3.0
  • Avaya Messaging Application Server MM 3.1
  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003 Datacenter Edition Itanium
  • Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
  • Microsoft Windows Server 2003 Datacenter Edition SP1
  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Enterprise Edition Itanium
  • Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
  • Microsoft Windows Server 2003 Enterprise Edition SP1
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Standard Edition SP1
  • Microsoft Windows Server 2003 Standard x64 Edition
  • Microsoft Windows Server 2003 Web Edition
  • Microsoft Windows Server 2003 Web Edition SP1
  • Microsoft Windows XP 64-bit Edition
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition Version 2003
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP
  • Microsoft Windows XP Embedded
  • Microsoft Windows XP Embedded SP1
  • Microsoft Windows XP Home
  • Microsoft Windows XP Home SP1
  • Microsoft Windows XP Home SP2
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Media Center Edition SP1
  • Microsoft Windows XP Media Center Edition SP2
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows XP Tablet PC Edition SP1
  • Microsoft Windows XP Tablet PC Edition SP2

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Attackers require local access to exploit this vulnerability. Permit local access for trusted individuals only.

Microsoft has released a security bulletin and fixes to address this issue. Please see the references for details.