Windows Kernel Lets Local Users Gain Kernel Level Privileges
|
|
SecurityTracker Alert ID: 1019803
|
|
SecurityTracker URL: http://securitytracker.com/id?1019803
|
|
CVE Reference: CVE-2008-1084
(Links to External Site)
|
Date: Apr 8 2008
|
Impact: Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Version(s): 2000 SP4, 2003 SP2, XP SP2, Vista SP1, 2008; and prior service packs
|
Description: A vulnerability was reported in Windows Kernel. A local user can obtain kernel level privileges on the target system.
The kernel does not properly validate input passed from user mode. A local user can supply specially crafted input to execute arbitrary code on the target system with kernel level privileges.
Thomas Garnier reported this vulnerability.
|
Impact: A local user can obtain kernel level privileges on the target system.
|
Solution: The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=8db9f328-da0e-4fb8-96c4-6d
368b47c224
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0e937f65-abd0-46dd-8883-5bfd70ea1178
Windows
XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=a29bbd13-761f-44fa-8948-e1
a8c244bd7a
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=d3b855a6-4648-4771-82
6d-11a151828eac
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=320fd10
0-35e1-4345-9399-796393235cbc
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium
based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=126426a7-be38-4327-89db-02d99d76589d
Windows Vista
and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=9640cd8b-d749-4ddd-8af9-b298cebed969
Windows
Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=d56bb4fe-304e-45e0-95f2-fde2f47b2a04
Window
s Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=4497333c-9418-4b91-83dc-0155735421c0
Windows
Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=5aefc7a6-79a4-45a2-b534-35d0ec400dda
Windows
Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=3080c26b-7456-41ef-8668-28f15bc7b8ce
A
restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-025.mspx (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 8 Apr 2008 15:54:28 -0400
Subject: Microsoft Security Bulletin MS08-025 Important: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
|
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx
CVE-2008-1084
|
|
