---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Shell Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA24126 VERIFY ADVISORY: http://secunia.com/advisories/24126/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an unspecified error in the Windows Shell detection and registration of new hardware. Successful exploitation allows execution of code with escalated privileges. SOLUTION: Apply patches. Microsoft Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=f821b3a0-4e5a-4737-b9bf-1249f6683f4d Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=75abff9b-c2b5-4151-b366-4be652882944 Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=418acc52-0ebd-4623-81a7-5eacc21c3965 Microsoft Windows Server 2003 for Itanium-based Systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=dc33a2fc-2d01-4577-b133-017493d1f278 Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=c3e55066-b34e-485d-ac04-179f8e3a407a PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS07-006 (KB928255): http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------