Elevation of privilege allowed by vulnerability in the Windows kernel
Microsoft has issued a security advisory warning of a vulnerability in the Windows kernel using which logged-in users can elevate their privileges on the system and so take control of it. Windows XP Professional with Service Pack 2, Vista, Server 2003 and Server 2008 are affected.
Server operators such as hosting providers who permit the execution of user code within IIS and SQL Server are reported to be particularly vulnerable.
Microsoft has not yet given details of the vulnerability, and is still investigating the problem. In its security advisory, it does however give instructions to server operators to protect themselves against exploitation of the hole. It is still not clear when a patch for the hole will appear.
See also:
- Vulnerability in Windows Could Allow Elevation of Privilege, security advisory from Microsoft
(mba)