Security 10808 Published by

Microsoft just updated the following security bulletin:

- MS11-014 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) - Version:1.1



MS11-014 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (April 28, 2011): Added a link to Microsoft Knowledge Base Article 2478960 under Known Issues in the Executive Summary.

Summary: This security update resolves a privately reported vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of these operating systems. For more information, see the subsection, Affected and Non-Affected Software, in this section. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Read more