‫ Microsoft Windows Kernel Multiple Vulnerabilities

IRCAD2013102926
ID: IRCAD2013102926
Release Date: 2013-10-08
Criticality level: Highly critical
 
Software:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows RT
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
 
Description:
Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to disclose potentially sensitive information and gain escalated privileges and by malicious people to compromise a vulnerable system.
1) An error when parsing OpenType fonts (OTF) can be exploited to corrupt memory.
2) An error when handling the USB descriptor of inserted USB devices can be exploited to corrupt memory.
3) A use-after-free error within the kernel-mode driver (win32k.sys) can be exploited to gain escalated privileges.
4) An error when handling objects in memory related to App Containers can be exploited to disclose information.
5) An error related to NULL page handling within the kernel-mode driver (win32k.sys) can be exploited to gain escalated privileges.
6) A double fetch error within the DirectX graphics kernel subsystem (dxgkrnl.sys) can be exploited to gain escalated privileges.
7) An error when parsing the CMAP table while rendering TrueType fonts (TTF) can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #1 and #7 allows execution of arbitrary code.
 
Solution
Apply updates.
 
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
 
References:
MS13-081 (KB2847311, KB2862330, KB2862335, KB2868038, KB2883150, KB2884256, KB2855844, KB2864202, KB2876284, KB2863725):
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 17 مهر 1392

امتیاز

امتیاز شما
تعداد امتیازها:0