Detections
Analytics
MS KB982316: Elevation of Privilege Using Windows Service Isolation Bypass
medium Nessus Plugin ID 48761
Language:
Synopsis
The remote Windows host has a privilege escalation vulnerability.Description
Windows Service Isolation can be bypassed on the remote host, resulting in the elevation of privileges.A local attacker could exploit this by leveraging the TAPI service to execute code as SYSTEM.
A similar problem affects other Windows services that run as the NetworkService user (e.g. IIS, SQL Server), though Nessus has not checked for those issues.
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 :Although these patches mitigate this vulnerability, users should be aware this is considered a non-security update by Microsoft. Refer to the Microsoft advisory for more information.
See Also
http://argeniss.com/research/TokenKidnappingRevengePaper.pdf
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2264072
Plugin Details
Severity: Medium
ID: 48761
File Name: smb_kb982316.nasl
Version: 1.12
Type: local
Agent: windows
Family: Windows
Published: 8/26/2010
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion
Exploit Ease: No known exploits are available
Patch Publication Date: 8/10/2010
Vulnerability Publication Date: 8/10/2010
Reference Information
CVE: CVE-2010-1886
BID: 42278
MSKB: 982316