Korean

<< Back VID 26186 Severity 40 Port 139,445 Protocol TCP Class SMB Detailed Description The hotfix (KB914798) for 'Vulnerability in Permissive Windows Services DACLs' has not been applied. Microsoft Windows XP SP1 and Windows Server 2003 could allow a local attacker to gain elevated privileges, caused by using insecure default Access Control Lists (ACLs) where the "Authenticated Users" group is granted permissions to modify Simple Service Discovery Protocol (SSDP) and Universal Plug and Play Device Host (UPnP) service configurations. A local unprivileged attacker could exploit this flaw to change the default binary that is associated with an affected service and to execute malicious programs with elevated privileges. * Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: http://www.microsoft.com/technet/security/bulletin/ms06-011.mspx http://www.microsoft.com/technet/security/advisory/914457.mspx http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm http://www.securityfocus.com/archive/1/archive/1/423587/100/0/threaded http://www.kb.cert.org/vuls/id/953860 http://secunia.com/advisories/19238/ http://www.frsirt.com/english/advisories/2006/0417 http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf * Platforms Affected: Microsoft Windows XP Any version SP1 Microsoft Windows Server 2003 Recommendation Apply the appropriate patch (KB914798) for your system, as listed in Microsoft Security Bulletin MS06-011 at http://www.microsoft.com/technet/security/bulletin/ms06-011.mspx -- OR -- Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. Related URL CVE-2006-0005 (CVE) Related URL 16644 (SecurityFocus) Related URL 24493 (ISS)