TITLE: Microsoft Windows XP Wireless Zero Configuration Wireless Profile Disclosure SECUNIA ADVISORY ID: SA17064 VERIFY ADVISORY: http://secunia.com/advisories/17064/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ DESCRIPTION: Laszlo Toth has discovered a security issue in Windows XP, which can be exploited by malicious, local users to gain access to certain sensitive information. The security issue is caused due to the Wireless Zero Configuration service allowing a non-privileged user to retrieve the configured wireless profiles using the "WZCQueryInterface()" API. The retrieved profile includes the configured SSIDs and WEP keys, or the PMK (Pairwise Master Key) that is used for pre-shared key authentication in WPA (Wi-Fi Protected Access). The security issue has been confirmed in Windows XP SP2 with KB893357 installed. SOLUTION: The security issue reportedly will be fixed in Longhorn. Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Laszlo Toth ORIGINAL ADVISORY: http://www.soonerorlater.hu/index.khtml?article_id=62 OTHER REFERENCES: KB893357: http://support.microsoft.com/kb/893357 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------