MS11-014: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.

Synopsis :

Local users can elevate their privileges on the remote host.

Description :

The remote host allows elevation of privileges through its Local
Security Authority Subsystem Service (LSASS) due to a failure to
properly process specially crafted authentication requests.

An attacker who has the ability to log on to the affected host can
leverage this issue to gain full administrative rights.

See also :

Solution :

Microsoft has released a set of patches for Windows XP and 2003.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 51914 ()

Bugtraq ID: 46152

CVE ID: CVE-2011-0039

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now