Microsoft KB Archive/914798

= MS06-011: Permissive Windows services DACLs could lead to elevation of privilege =

Article ID: 914798

Article Last Modified on 3/22/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Tablet PC Edition

-





Notice
The Windows XP package has been refreshed to update the DACLs on three registry keys. For the DACL settings on the full set of keys on the system that the Windows XP SP1 KB914798 update modifies, see Table 4.



Microsoft has released security bulletin MS06-011. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites, depending on whether you are a home user or an IT professional:  Home users:

http://www.microsoft.com/athome/security/update/bulletins/200603.mspx

 IT professionals:

http://www.microsoft.com/technet/security/bulletin/MS06-011.mspx





Known issues and caveats
 Users cannot remove the packages that are included with security update 914798. Users may examine the record state of the discretionary access control lists (DACLs) on the services that will be changed before they install the updates that are included with security update 914798. For more information and guidance on the correct setting for DACLs, click the following article number to view the article in the Microsoft Knowledge Base:

914392 Best practices and guidance for writers of service discretionary access control lists

To examine the DACLs, users can run the following commands:  Microsoft Windows XP:  sc sdshow netbt</li> sc sdshow ssdpsrv</li> sc sdshow upnphost</li> sc sdshow dnscache</li> sc sdshow dhcp</li> sc sdshow msdtc</li> sc sdshow scardsvr</li></ul> </li> Microsoft Windows Server 2003:  sc sdshow netbt</li> sc sdshow dhcp</li> sc sdshow dnscache</li> sc sdshow MSDTC</li> sc sdshow sysmonlog</li></ul> </li></ul> </li> Users might want to back up the registry before they install this update. If users want to return the DACLs to a base state on one or more registry keys without having to back up the registry beforehand, they can follow these steps to find the permissions for a registry key: <ol> <li>Start Registry Editor.</li> <li>Locate the registry key.</li> <li>Right-click the registry key, and then click Permissions.</li></ol>

For more information about how to back up the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up, edit, and restore the registry in Windows XP and Windows Server 2003

</li> <li>To restore the DACLs on the registry keys, follow these steps: <ol> <li>Determine the appropriate accounts and access levels. To do this, see the security descriptor definition language (SDDL) in Table 3 or in Table 4. For more information about how to determine user account and access from SDDL, click the following article number to view the article in the Microsoft Knowledge Base:

914392 Best practices and guidance for writers of service discretionary access control lists

</li> <li>Start Registry Editor.</li> <li>Locate the registry key.</li> <li>Right-click the registry key, and then click Permissions.</li> <li>Add the appropriate accounts and permissions.</li></ol> </li> <li>If you return the DACLs on the services or registry keys to the default or a less secure state, delete the registry key that indicates that the update has been installed. <ul> <li>Windows Server 2003:

</li> <li>Windows XP SP1:

</li></ul> </li></ul>

The default DACLs of the services are as follows.

Table 2: Windows XP SP1 default service DACLs
For the registry keys that have DACLs that are changed by applying the update, the default out of the box state is as follows.

Table 4: Windows XP SP1 default registry DACLs
Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbhotfixserver kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbwinxppresp2fix kbbug kbfix kbwinserv2003presp1fix kbwin2000presp5fix kbwinnt400presp7fix kbpubtypekc KB914798

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.