Microsoft Windows Vista Permissive User Information Store ACLs Information Disclosure Vulnerability

2007-06-12T00:00:00
ID SMNTC-24411
Type symantec
Reporter Symantec Security Response
Modified 2007-06-12T00:00:00

Description

Description

Microsoft Windows Vista is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may allow them to gain unauthorized access to the affected computer.

Technologies Affected

  • Microsoft Windows Vista
  • Microsoft Windows Vista Beta 1
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista December CTP
  • Microsoft Windows Vista Enterprise
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista beta 2
  • Microsoft Windows Vista beta
  • Microsoft Windows Vista x64 Edition

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Allow only trusted users to have local, interactive access to computers running the vulnerable application.

Implement filesystem access control to deny access to all sensitive files and directories.
Allow only trusted users to have access to files containing sensitive information.

The vendor released updates to address this issue. Please see the references for more information.