Microsoft Windows NT 'NTLMSSP' Privilege Escalation Vulnerability

NTLM Security Support Provider contains a flaw when handling user requests, which could result in a user gaining escalated privileges. Windows NT has a facility called Local Procedure Call (LPC) that allows processes to communicate with each other. Upon user connection, various requests are sent to NTLM Security Support Provider to handle portions of the NTLM protocol. Due to a flaw in NTLM Security Support Provider, requests made are not properly verified. A local user could insert malicious instructions which would then be executed with LocalSystem privileges.


Privacy Statement
Copyright 2010, SecurityFocus