فا

‫ Microsoft Windows Kernel Two Vulnerabilities

ID: IRCAD2014103570
Release Date: 2014-10-15
Criticality level: Highly critical
Software:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows RT 8.1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Description:
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.
1) An error in win32k.sys when handling certain objects can be exploited to execute arbitrary code with kernel privileges.
2) An error when parsing TrueType fonts can be exploited to execute arbitrary code with kernel privileges via a specially crafted TrueType font embedded within a web page.
Note: Reportedly, these vulnerabilities are currently being exploited in limited, targeted attacks.
Solution
Apply update.
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Server Core installation option
References:
MS14-058 (KB3000061):
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 27 مهر 1393

امتیاز

امتیاز شما
تعداد امتیازها:0