Elevation of Privilege in Microsoft Windows

Posted: November 16, 2012 in Vulnerabilities
Tags: , ,

Vulnerability

Elevation of Privilege

Vulnerability: Elevation of Privilege in Microsoft Windows

Danger: Low
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2012-2530
CVE-2012-2553
Vector of operation: Local Net
Impact: Privilege escalation

Affected products: Microsoft Windows XP Home Edition, Windows XP Professiona, Windows Server 2003 Web Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, Windows Storage Server 2003, Windows Vista, Windows Server 2008, Windows 7.

Affected versions: Microsoft Windows XP, Microsoft Windows 2003, Microsoft Windows Vista, Microsoft Windows 2008, Microsoft Windows 7, Microsoft Windows 2008 R2.

Description:

Can be exploited by local users to gain escalated privileges.

1. An error after release of win32k.sys driver. A local user can gain escalated privileges on the system.

2. Another vulnerability is caused due to an error after the release of win32k.sys driver when processing objects in memory. A local user can gain escalated privileges on the system.

Vulnerability does not apply to 64-bit versions of operating systems.

Manufacturer URL: www.microsoft.com

Solution: Install the update web site.

Links:

MS12-075: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s