In April 2008, Microsoft released Security Advisory 951306 to alert users of a vulnerability in Microsoft Windows. This vulnerability may allow local users, or users who can legitimately run code in the context of IIS or SQL Server, to operate with elevated privileges. Recently, Microsoft Security Response Center (MSRC) posted several blog entries indicating that the Security Advisory was updated to reflect the availability of public exploit code. A patch or update is not available to correct this issue.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Review the updated Security Advisory 951306 and apply the suggested workarounds.
• Review the MSRC blog entries from October 9, 2008 and October 13, 2008.

Read more: US-CERT Current Activity