MS11-014: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

Local users can elevate their privileges on the remote host.

Description :

The remote host allows elevation of privileges through its Local
Security Authority Subsystem Service (LSASS) due to a failure to
properly process specially crafted authentication requests.

An attacker who has the ability to log on to the affected host can
leverage this issue to gain full administrative rights.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms11-014

Solution :

Microsoft has released a set of patches for Windows XP and 2003.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 51914 ()

Bugtraq ID: 46152

CVE ID: CVE-2011-0039