Microsoft patched the vulnerabilities associated with the USB-drive

Posted: March 13, 2013 in Vulnerabilities, Vulnerability News
Tags: , ,

Microsoft

Patched the vulnerabilities

The monthly release of a set of patches Microsoft has corrected a previously unknown Windows vulnerability that allows a potential attacker to compromise the security of your computer system using a normal USB-drive and a simple exploit.

Vulnerability MS13-027 – this is one of the seven bulletins issued by issued by the company a few days ago.

In addition, the company has released patches for browsers Internet Explorer 6-10, running operating systems Windows XP, Vista, 7, 8 and RT. Underwent corrective and plug Microsoft Silverlight, released as on Windows, and under Mac OS X. Third critically dangerous bug has been eliminated in the products included in the suite Microsoft Office, in particular in the Office Filter Pack and Visio. The fourth critical patch released for Microsoft Sharepoint and it affects only the business users of Microsoft.

The updates are available through Windows Update, critical fixes will be installed on supported systems automatically.

Vulnerability: privilege escalation Microsoft Windows

Danger: Low
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2013-1285
CVE-2013-1286
CVE-2013-1287

Vector of operation: Local
Impact: Privilege escalation

Affected Products:
– Microsoft Windows XP Home Edition;
– Microsoft Windows XP Professional;
– Microsoft Windows Server 2003 Web Edition;
– Microsoft Windows Server 2003 Standard Edition;
– Microsoft Windows Server 2003 Enterprise Edition;
– Microsoft Windows Server 2003 Datacenter Edition;
– Microsoft Windows Storage Server 2003;
– Microsoft Windows Vista;
– Microsoft Windows Server 2008;
– Microsoft Windows 7;
– Microsoft Windows 8;
– Microsoft Windows Server 2012.

Affected versions:
– Microsoft Windows XP;
– Microsoft Windows 2003;
– Microsoft Windows Vista;
– Microsoft Windows 2008;
– Microsoft Windows 7;
– Microsoft Windows 2008 R2;
– Microsoft Windows 8;
– Microsoft Windows 2012.

Description:

Can be exploited by local users to gain escalated privileges on the target system.

1. An error in the processing of objects in memory in the USB driver. A local user can gain escalated privileges on the system.

2. An error in the processing of objects in memory in the USB driver. A local user can gain escalated privileges on the system.

3. An error in the processing of objects in memory in the USB driver. A local user can gain escalated privileges on the system.

Solution: Install the update from the manufacturer.

Links:

MS13-027: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) – http://technet.microsoft.com/en-us/security/bulletin/ms13-027

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s