CVE-2011-0043

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2

Description The issue concerns a weakness in the Kerberos implementation, specifically its support for weak hashing algorithms. This weakness can be exploited by a local user to gain elevated privileges on the system by operating a service that sends crafted service tickets. The vulnerability is related to the ability to forge certain aspects of a Kerberos service ticket, potentially allowing a malicious user to obtain a token with elevated privileges.

Recommendations For Microsoft Windows XP versions SP2 through SP3, consider disabling the use of weak hashing algorithms in Kerberos until a patch is available. For Microsoft Windows Server 2003 version SP2, restrict access to services that utilize Kerberos authentication to minimize the risk of exploitation. As a temporary workaround, consider configuring the system to use stronger hashing mechanisms for Kerberos service tickets until a fix is applied.