MSRC Blog: Microsoft Security Advisory 951306


Hello, Bill here,


I wanted to let you know that we have just posted Microsoft Security Advisory (951306).


This advisory contains information regarding a new public report of a vulnerability within Microsoft Windows which allows for privilege escalation from authenticated user to LocalSystem. Our investigation has shown that this vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.


At this time, we are not aware of attacks attempting to use the reported vulnerability, but we will continue to track this issue.  The advisory contains several workarounds that customers can use to help protect themselves. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release.


We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.


In the meantime, we encourage customers to review the advisory and implement the workarounds.


Bill Sisk


*This posting is provided “AS IS” with no warranties, and confers no rights.*


Comments (2)

  1. Anonymous says:

    Microsoft warnt im Security Advisory 951306 (deutschsprachig) vor einer Sicherheitslücke (u.a.) unter Windows XP SP2 Professional, über die ein lokal angemeldeter Benutzer höhere Benutzerrechte (bis hinauf zu Systemrechten) erlangen könnte, falls der

  2. Anonymous says:

    Vulnerability in Windows Could Allow Elevation of Privilege Published: April 17, 2008 Microsoft is investigating