---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Multiple Kernel Vulnerabilities SECUNIA ADVISORY ID: SA34117 VERIFY ADVISORY: http://secunia.com/advisories/34117/ DESCRIPTION: Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to potentially compromise a user's system. 1) An input validation error when passing input from user-mode through the kernel component of GDI may potentially be exploited to run arbitrary code in kernel mode by e.g. tricking a user into viewing a specially crafted EMF or WMF image file hosted on a malicious website. 2) An error in the kernel when validating handles may be exploited by unprivileged users to run arbitrary code with escalated privileges. 3) An error in the kernel when handling certain invalid pointers may be exploited by unprivileged users to run arbitrary code with escalated privileges. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=98bb7d40-89a0-470a-8eb7-06f15072a635 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=e09641ba-6cbe-4095-82b5-703d3a7dc33b Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=d0d704c6-48c2-4907-b6c3-2455d7cf21c8 Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=f5cfb8da-e7cc-4183-8631-507c2a406500 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=ecf75c70-8489-41ad-9759-3a07e13957be Windows Server 2003 with SP1/SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=04be3d7e-7dda-4dca-887a-e7a8156ede1c Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=4b1aaaba-f355-4265-83c0-50b901856ced Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=0fcac480-d6db-4a94-8c7d-b7319282cf56 Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=38851df2-4fb5-4d28-9d15-181c260cf8cf Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=ec15acc4-3e0f-4414-9383-61c122ff1382 Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=eead6f93-10fd-4492-8137-481d9876a5fe PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Helmut Buhler. 2) The vendor credits Thomas Garnier, SkyRecon. 3) Reported by the vendor. ORIGINAL ADVISORY: MS09-006 (KB958690): http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------