Impact: Privilege escalation
This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users.
This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
Description
Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
1) A memory allocation error in the "win32k.sys" driver when copying data from user mode can be exploited to execute code in the kernel.
2) A double-free error in the "win32k.sys" driver when handling PFE objects can be exploited to execute code in the kernel.
3) A second double-free error in the "win32k.sys" driver when running 16-bit programs can be exploited to execute code in the kernel.
4) A memory allocation error in the "win32k.sys" driver when copying data from user mode can be exploited to execute code in the kernel.
5) A logic error in the "win32k.sys" driver when linking driver object may lead to a corrupted linked list.
6) An input validation error in the "win32k.sys" driver when handling user mode data can be exploited to corrupt memory.
Solution: Apply patches.
Windows XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=BB9D1657-5BEB-4372-B74C-A612A6FFF5A8
Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=4AA39F59-2177-459F-9B8A-9543330D48EC
Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=AA7DE2E4-BA48-4D58-B034-05349F0EB920
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=D417EBCE-7841-4BBB-8ABC-B15EF5F4B733
Original Advisory: MS10-098
http://www.microsoft.com/technet/security/bulletin/ms10-098.mspx
No comments:
Post a Comment