TITLE: Microsoft Windows Plug-and-Play Service Arbitrary Code Execution SECUNIA ADVISORY ID: SA17166 VERIFY ADVISORY: http://secunia.com/advisories/17166/ CRITICAL: Moderately critical IMPACT: Privilege escalation, System access WHERE: >From local network OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges, or by malicious users to compromise a vulnerable system. The vulnerability is caused due to error in the Plug-and-Play service and can be exploited to execute arbitrary code. On Windows 2000 and Windows XP Service Pack 1, the vulnerability can be exploited by an authenticated user via a specially crafted network message sent to a vulnerable system. On Windows XP Service Pack 2, the vulnerability can only be exploited for local privilege escalation. SOLUTION: Apply patches. Microsoft Windows 2000 (requires SP 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=FFDB8AB7-F979-41B4-9625-EA51CD503258 Microsoft Windows XP (requires SP 1 or SP 2): http://www.microsoft.com/downloads/details.aspx?FamilyId=1559E44A-DDEE-4C86-BF02-A6C3B9BEEE0C PROVIDED AND/OR DISCOVERED BY: The vendor credits eEye Digital Security. ORIGINAL ADVISORY: MS05-047 (KB905749): http://www.microsoft.com/technet/security/Bulletin/MS05-047.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------