CVE-2006-0023

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP1 and SP2 through August 2004 Microsoft Windows XP version SP1 Microsoft Windows 2003 (affected versions not specified)

Description: A privilege elevation issue exists due to insecure default ACLs, allowing the Authenticated Users group to modify critical configuration information for various services, including the Simple Service Discovery Protocol (SSDP), Universal Plug and Play Device Host (UPnP), NetBT, SCardSvr, DHCP, and DnsCache services. This could allow a low-privileged user to gain privileges and potentially take complete control of the system. On Windows 2003, only members of the Network Configuration Operators group can remotely exploit this issue, and this group contains no users by default.

Recommendations: For Microsoft Windows XP versions SP1 and SP2 through August 2004, update the operating system to a version released after August 2004 to resolve the issue. For Microsoft Windows XP version SP1, consider restricting access to the identified services, such as SSDP, UPnP, NetBT, SCardSvr, DHCP, and DnsCache, until a patch is available. For Microsoft Windows 2003, restrict access to the Network Configuration Operators group to minimize the risk of exploitation, and consider disabling the vulnerable services until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability on Microsoft Windows 2003.