Oval Definition:oval:org.mitre.oval:def:3312
Revision Date:2005-02-23Version:42
Title:LSASS Privilege Escalation Vulnerability (Server 2003/64-bit XP)
Description:LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0894
Platform(s):Microsoft Windows XP
Product(s):Local Security Authority Subsystem Service (LSASS)
Definition Synopsis
  • Windows Server 2003 or Windows XP 64-Bit Edition Version 2003
  • Windows Server 2003 is installed
  • OR Windows XP 64-bit
  • Windows XP is installed
  • AND a version of Windows for the ia64 architecture is installed
  • AND the version of lsasrv.dll is less than 5.2.3790.220
  • AND NOT the patch kb885835is installed (Hotfix key)
    • BACK