SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Installer Flaw Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1030719
SecurityTracker URL:  http://securitytracker.com/id/1030719
CVE Reference:   CVE-2014-1814   (Links to External Site)
Date:  Aug 12 2014
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows Installer. A local user can obtain elevated privileges on the target system.

A local user can run a specially crafted application to repair a previously installed application and execute arbitrary code with kernel-level privileges.

Denis Gundarev of Entisys reported this vulnerability.

Impact:   A local user can obtain kernel-level privileges on the target system.
Solution:   The vendor has issued the following fixes:

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=c275aafa-7092-4728-acd1-cf564b99690f

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7ad63032-97bc-4a5e-82e6-66a546d8a0ab

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=89d8ae8c-c8db-4140-a15d-48e73569aa36

Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8ba6af8c-fc10-4e3e-ba3f-f15ddad7ad10

Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=cd5023fa-0938-419f-b170-18c19d2390a3

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=095e704f-f35f-4638-95f4-f873064c2814

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=314f752b-e5cc-485c-9d17-801a56b926a9

Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=94c14134-1d03-47de-aa31-77e711809cb7

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6a38fe4b-8add-4238-b0ac-a4967b630994

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=eb2822a0-6841-4033-b4d0-15943e8dda93

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=b1b1d61c-9b1e-4c7d-8163-7d8bf1736f9d

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=62afd62b-5e6f-40c1-b4a0-f2ef1ce79b3b

Windows 8 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=13322112-ec48-4468-957a-ccd155d91671

Windows 8 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=0e05f1e4-ad06-4eb8-815c-4ee3487ef8cc

Windows 8.1 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=5bef16ee-b227-4082-9477-02d93718951e

Windows 8.1 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=1274d188-ae78-476c-b310-1a11ffe0cc00

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=56b1ae11-dc8d-42bf-90b2-d980251144b6

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=48d1ee0d-27f9-46e1-a52a-40a733589dc4

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=095e704f-f35f-4638-95f4-f873064c2814

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=314f752b-e5cc-485c-9d17-801a56b926a9

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=b1b1d61c-9b1e-4c7d-8163-7d8bf1736f9d

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=56b1ae11-dc8d-42bf-90b2-d980251144b6

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=48d1ee0d-27f9-46e1-a52a-40a733589dc4

A restart is required.

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms14-049

Vendor URL:  technet.microsoft.com/library/security/ms14-049 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC