Windows Kernel Lets Local Users Gain Kernel Level Privileges - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: OS (Microsoft) > Windows Kernel

Vendors: Microsoft

Windows Kernel Lets Local Users Gain Kernel Level Privileges

SecurityTracker Alert ID: 1019803

SecurityTracker URL: http://securitytracker.com/id/1019803

CVE Reference: CVE-2008-1084 (Links to External Site)

Date: Apr 8 2008

Impact: Root access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2000 SP4, 2003 SP2, XP SP2, Vista SP1, 2008; and prior service packs

Description: A vulnerability was reported in Windows Kernel. A local user can obtain kernel level privileges on the target system.

The kernel does not properly validate input passed from user mode. A local user can supply specially crafted input to execute arbitrary code on the target system with kernel level privileges.

Thomas Garnier reported this vulnerability.

Impact: A local user can obtain kernel level privileges on the target system.

Solution: The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=8db9f328-da0e-4fb8-96c4-6d368b47c224

Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=0e937f65-abd0-46dd-8883-5bfd70ea1178

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=a29bbd13-761f-44fa-8948-e1a8c244bd7a

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=d3b855a6-4648-4771-826d-11a151828eac

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=320fd100-35e1-4345-9399-796393235cbc

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=126426a7-be38-4327-89db-02d99d76589d

Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=9640cd8b-d749-4ddd-8af9-b298cebed969

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=d56bb4fe-304e-45e0-95f2-fde2f47b2a04

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=4497333c-9418-4b91-83dc-0155735421c0

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=5aefc7a6-79a4-45a2-b534-35d0ec400dda

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=3080c26b-7456-41ef-8668-28f15bc7b8ce

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-025.mspx (Links to External Site)

Cause: Input validation error

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2019, SecurityGlobal.net LLC