Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1025345 |
|
SecurityTracker URL: http://securitytracker.com/id/1025345
|
|
CVE Reference:
CVE-2011-0662, CVE-2011-0665, CVE-2011-0666, CVE-2011-0667, CVE-2011-0670, CVE-2011-0671, CVE-2011-0672, CVE-2011-0673, CVE-2011-0674, CVE-2011-0675, CVE-2011-0676, CVE-2011-0677, CVE-2011-1225, CVE-2011-1226, CVE-2011-1227, CVE-2011-1228, CVE-2011-1229, CVE-2011-1230, CVE-2011-1231, CVE-2011-1232, CVE-2011-1233, CVE-2011-1234, CVE-2011-1235, CVE-2011-1236, CVE-2011-1237, CVE-2011-1238, CVE-2011-1239, CVE-2011-1240, CVE-2011-1241, CVE-2011-1242
(Links to External Site)
|
Date: Apr 12 2011
|
Impact:
Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
|
Description:
Multiple vulnerabilities were reported in the Windows Kernel. A local user can obtain elevated privileges on the target system.
A local user can trigger a use-after free or null pointer dereference to execute arbitrary commands on the target system with kernel level privileges.
Tarjei Mandt of Norman reported these vulnerabilities.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=39E55BBF-C1C5-4696-BFE7-632E997CD98E
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=83771177-284E-4918-86A9-980E8229C7C9
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=AF320F27-BB3A-4E76-A279-4632267C8761
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9C95F81C-9812-4070-88D7-34422C638E42
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=F58CF64A-BF31-4496-BE75-5775A123338B
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=B4743167-9614-445A-9E91-10EFDAC505A8
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7E410D5C-B9F7-4A63-8300-36B2D57C6128
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=C6AC26B8-8CC8-40FE-BAAB-22BF13DF1AA8
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=AC49F5D3-5E2F-4916-99BE-A3254278DA7E
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3B93DE4F-01F4-4EFD-AFC1-31D87B92FAD2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=6E7FF003-FF3F-49BB-8E45-D869885DD8D7
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=0C0AEF7E-501C-4CA3-AE7F-497A8C169121
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=2FC66224-45C6-4E8F-AD00-6A1EC30B4505
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=485CCF96-27A0-499E-9F52-2836B73D26D2
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-034.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-034.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Apr 2011 19:51:42 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms11-034.mspx
|
Microsoft Security Bulletin MS11-034 - Important: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
CVE-2011-0662
CVE-2011-0665
CVE-2011-0666
CVE-2011-0667
CVE-2011-0670
CVE-2011-0671
CVE-2011-0672
CVE-2011-0674
CVE-2011-0675
CVE-2011-1234
[solution_section]
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=39E55BBF-C1C5-4696-BFE7-632E997CD98E
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=83771177-284E-4918-86A9-980E8229C7C9
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=AF320F27-BB3A-4E76-A279-4632267C8761
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9C95F81C-9812-4070-88D7-34422C638E42
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=F58CF64A-BF31-4496-BE75-5775A123338B
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=B4743167-9614-445A-9E91-10EFDAC505A8
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7E410D5C-B9F7-4A63-8300-36B2D57C6128
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=C6AC26B8-8CC8-40FE-BAAB-22BF13DF1AA8
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=AC49F5D3-5E2F-4916-99BE-A3254278DA7E
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3B93DE4F-01F4-4EFD-AFC1-31D87B92FAD2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=6E7FF003-FF3F-49BB-8E45-D869885DD8D7
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=0C0AEF7E-501C-4CA3-AE7F-497A8C169121
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=2FC66224-45C6-4E8F-AD00-6A1EC30B4505
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=485CCF96-27A0-499E-9F52-2836B73D26D2
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-034.mspx
[/solution_section]
[bugno]2506223
[msno]MS11-034
[severity]Important
|
|
Go to the Top of This SecurityTracker Archive Page
|
