=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN401
_____________________________________________________________________

DATE                      : 13/10/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003 running Windows Local Procedure Call.

======================================================================
KB2360937
http://www.microsoft.com/technet/security/bulletin/MS10-084.mspx
______________________________________________________________________
	
Microsoft Security Bulletin MS10-084 - Important
Vulnerability in Windows Local Procedure Call Could Cause Elevation of
Privilege (2360937)

Version: 1.0

General Information

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft
Windows. This security update is rated Important for all supported editions of
Windows XP and Windows Server 2003. All supported editions of Windows Vista,
Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by
the vulnerability. For more information, see the subsection, Affected and
Non-Affected Software, in this section.

The vulnerability could allow elevation of privilege if an attacker logs on to
an affected system and runs specially crafted code that sends an LPC message
to the local LRPC Server. The message could then allow an authenticated user
to access resources that are running in the context of the NetworkService
account. An attacker must have valid logon credentials and be able to log on
locally to exploit this vulnerability.

Affected Software

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems

Vulnerability Information

LPC Message Buffer Overrun Vulnerability - CVE-2010-3222

An elevation of privilege vulnerability exists in the Remote Procedure Call
Subsystem (RPCSS) running in the context of the NetworkService account, where
a local application can use LPC to request that the LPC server connect back to
the client using LRPC. This request could contain specially crafted data
designed to cause a stack-based buffer overflow, allowing an authenticated
user to access resources running in the context of the NetworkService account.



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================