فا

‫ Microsoft Windows Kernel Multiple Vulnerabilities

ID: IRCAD2015023757
Release Date: 2015-02-10
Criticality level: Highly critical
Software:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows RT 8.1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Description:
Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people to cause a DoS and compromise a user's system.
1) An error within the Win32k.sys module when handling a window handle in WM_SYSTIMER messages can be exploited to overwrite arbitrary memory.
2) An error within the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) can be exploited to disclose otherwise restricted information.
3) A use-after-free error within the "xxxEnableWndSBArrows()" function (Win32k.sys) can be exploited to cause memory corruption.
Successful exploitation of vulnerabilities #1 and #3 allows execution of arbitrary code with kernel privileges.
4) An error within the Windows kernel-mode driver (win32k.sys) related to Windows Cursor Object can be exploited to trigger a double-free condition within the kernel.
5) An error within the Windows kernel-mode driver (Win32k.sys) when handling TrueType fonts can be exploited to execute arbitrary code.
6) An error within the Windows kernel-mode driver (Win32k.sys) when the Windows font mapper attempts to scale a font can be exploited to cause a hang.
Solution
Apply updates.
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
References:
Microsoft (KB3036220, KB3013455, KB3013455, KB3023562):
ZDI:
Udi Yavo:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 10 اسفند 1393

امتیاز

امتیاز شما
تعداد امتیازها:0