Microsoft Windows Wireless Zero Configuration Service Information Disclosure Vulnerability

Microsoft Windows Wireless Zero Configuration Service Information Disclosure Vulnerability

WZCSVC is affected by an information disclosure vulnerability.

Reportedly, the Pairwise Master Key (PMK) of the Wi-Fi Protected Access (WPA) preshared key authentication and the WEP keys of the interface may be obtained by a local unauthorized attacker.

A successful attack can allow an attacker to obtain the keys and subsequently gain unauthorized access to a device. This attack would likely present itself in a multi-user environment with restricted or temporary wireless access such as an Internet cafe, where an attacker could return at a later time and gain unauthorized access.

Microsoft Windows XP SP2 was reported to be vulnerable, however, it is possible that other versions are affected as well.