Microsoft Updates Security Advisory 951306

US-CERT Computer Emergency Readiness Team

In April 2008, Microsoft released Security Advisory 951306 to alert users of a vulnerability in Microsoft Windows. This vulnerability may allow local users, or users who can legitimately run code in the context of IIS or SQL Server, to operate with elevated privileges. Recently, Microsoft Security Response Center (MSRC) posted several blog entries indicating that the Security Advisory was updated to reflect the availability of public exploit code. A patch or update is not available to correct this issue.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

Review the updated Security Advisory 951306 and apply the suggested workarounds.
Review the MSRC blog entries from October 9, 2008 and October 13, 2008.

Read more: US-CERT Current Activity

The alerts are updated in real time as they are released.

The Antivirus Advice website
is a collaberation of users, engineers and technical writers to present explaniations of Internet Security threats. It is sponsored by the following companies whose staff contributed to these articles.
Nortons.com

Antivirus Depot