Windows XP update strange sentence?

W

Whiffy

I got an update a few days ago which said this....
"A security issue has been identified that could allow an
authenticated local
attacker to compromise your system and gain control over it."

Can you spot that there's something not quite right about this
sentence written by Microsoft or is it meant to be this way?
 
P

Paul

Whiffy said:
I got an update a few days ago which said this....
"A security issue has been identified that could allow an
authenticated local
attacker to compromise your system and gain control over it."

Can you spot that there's something not quite right about this
sentence written by Microsoft or is it meant to be this way?
Click to expand...

Um. It's meant to sound scary, so you'll install it :)

Are you scared yet ? :)

See, here's another security bulletin...

http://www.lolcatpics.com/images/infridgeeating.jpg

Paul
 
W

Whiffy

I hoped I'd not be the only one to notice the un- prefix. It normally
says "unauthenticated".

Why does it say "authenticated local attacker"?

.... surely any attacker is unauthenticated?
 
P

Paul

Whiffy said:
I hoped I'd not be the only one to notice the un- prefix. It normally
says "unauthenticated".

Why does it say "authenticated local attacker"?

... surely any attacker is unauthenticated?
Click to expand...

It could imply an elevation of privilege, from a regular
user account, to Administrator.

Paul
 
J

John John MVP

I hoped I'd not be the only one to notice the un- prefix. It normally
says "unauthenticated".

Why does it say "authenticated local attacker"?

... surely any attacker is unauthenticated?
Click to expand...

No, the attacker is logged on locally but a vulnerability could allow
him to perform actions with elevated privileges. For example, due to a
vulnerability a limited user might be able to run commands or programs
under guise of the System account or which only administrators should be
able to run, this logged on limited user is an authenticated local
attacker. This is called "token kidnapping" or "token kidnapping
privilege escalation".

John
 
I

Iceman

I got an update a few days ago which said this....
"A security issue has been identified that could allow an
authenticated local
attacker to compromise your system and gain control over it."

Can you spot that there's something not quite right about this
sentence written by Microsoft or is it meant to be this way?
Click to expand...

To control what updates get installed on your computer, disable automatic
updates and switch to notification. Make a note of the KB number of all
updates on offer and then Google the numbers for further information.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows XP and CONSTANT the same windows update. Why? 9
Just Released! Official Microsoft Security Update (KB12919) 2
KB updates ... ? :-( 2
Security Update for Windows XP KB931784 3
811493: Security Update (Windows XP) 2
Yet more Windows XP security patches 28
Windows Update repeatedly downloads patch 811493 1
Update keeps failing 2

Top