Windows Kernel Bugs Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1022359 |
|
SecurityTracker URL: http://securitytracker.com/id/1022359
|
|
CVE Reference:
CVE-2009-1123, CVE-2009-1124, CVE-2009-1125, CVE-2009-1126
(Links to External Site)
|
Date: Jun 9 2009
|
Impact:
Execution of arbitrary code via local system, Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP4, 2003 SP2, XP SP2, Vista SP2, 2008 SP2; and prior service packs
|
Description:
Several vulnerabilities were reported in the Windows Kernel. A local user can obtain elevated privileges on the target system.
A local user can execute arbitrary commands on the target system with kernel-level privileges.
Thomas Garnier reported one of these vulnerabilities.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af
Windows XP Service Pack 2 and Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms09-025.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms09-025.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 9 Jun 2009 15:42:51 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/ms09-025.mspx
|
Microsoft Security Bulletin MS09-025 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
CVE-2009-1123
CVE-2009-1124
CVE-2009-1125
CVE-2009-1126
|
|
