Technical Description
Two vulnerabilitieshave been identified in Microsoft Windows, which could be exploited byremote attackers to take complete control of an affected system or bymalicious users to obtain elevated privileges.
The first issue is due to an error when processing user-supplied pathsvia WinLogon, which could be exploited by malicious users to load aspecially crafted DLL with elevated privileges.
The second flaw is due to improper exception handling in memoryresident applications, which could be exploited by remote attackers tocompromise a vulnerable system.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Solution
Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS06-051.mspx
