---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Kernel Privilege Escalation and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA39373 VERIFY ADVISORY: http://secunia.com/advisories/39373/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. 1) An error in the Windows kernel due to insufficient validation of registry keys passed to a Windows kernel system call can be exploited to restart the system. 2) An error in the Windows kernel when handling symbolic links can be exploited to cause the system to restart. 3) A memory allocation error in the Windows kernel when extracting the destination key of a symbolic-link type registry key can be exploited to execute arbitrary code with kernel privileges. 4) The Windows kernel does not properly restrict creation of symbolic links between untrusted and trusted registry hives, which can be exploited to execute arbitrary code with escalated privileges. 5) An error in the Windows kernel when validating registry keys can be exploited to cause the system to restart. 6) An error exists in the Windows kernel when resolving the real path for a registry key from its virtual path, which can be exploited to cause the system to restart. 7) An error in the Windows kernel when handling certain exceptions can be exploited to cause the system to restart. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=C5F4577E-7546-40E9-8BCD-BE11C1B260A6 Windows XP SP2 / SP3: http://www.microsoft.com/downloads/details.aspx?familyid=142710FD-9CD4-4DD0-AABA-2AACE03C008F Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=3C0CB02E-3484-4CDF-8C64-C697AD3E2889 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=0A7EA2D0-61CE-4B68-AD82-D917B1A56F9D Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=1FC66F54-260A-4219-A0B4-056BA9DD0ABE Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=8DCB8BE8-FB78-4518-AA7E-F8B17F7DFB86 Windows Vista: http://www.microsoft.com/downloads/details.aspx?familyid=86D7B054-AF4F-4D8A-9873-CB5246466374 Windows Vista SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?familyid=86D7B054-AF4F-4D8A-9873-CB5246466374 Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=7C84AA24-6331-427A-969C-27F7D39DB3D7 Windows Vista x64 Edition SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?familyid=7C84AA24-6331-427A-969C-27F7D39DB3D7 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1-5) Matthew 'j00ru' Jurczyk and Gynvael Coldwind of Hispasec Virustotal 6, 7) Tavis Ormandy of Google, Inc. ORIGINAL ADVISORY: MS10-021 (KB979683): http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------