Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Windows Drivers

Vendors: Microsoft

Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges

SecurityTracker Alert ID: 1027231

SecurityTracker URL: http://securitytracker.com/id/1027231

CVE Reference: CVE-2012-1890, CVE-2012-1893 (Links to External Site)

Date: Jul 10 2012

Impact: Root access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs

Description: Two vulnerabilities were reported in Windows Kernel-Mode Drivers. A local user can obtain elevated privileges on the target system.

The Windows kernel-mode driver (win32k.sys) does not properly handle specific keyboard layouts [CVE-2012-1890]. A local user can run a specially crafted program to execute arbitrary commands on the target system with kernel level privileges.

Nicolas Economou of Core Security Technologies and Qihoo 360 Security Center reported this vulnerability.

The the Windows kernel-mode driver (win32k.sys) does not properly validate callback parameters when creating a hook procedure [CVE-2012-1893]. A local user can exploit this execute arbitrary commands on the target system with kernel level privileges.

Lufeng Li (via Secunia Research) reported this vulnerability.

Impact: A local user can obtain kernel level privileges on the target system.

Solution: The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=a4bc78fb-3927-4059-ae1c-35c369e39203

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=94029b68-5b7b-4d0e-b175-cfc2b0eba91a

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=d53bd571-ad30-41c7-8c5f-f217097770f5

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5f261883-daec-4af3-8bc1-46da9c164de7

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=60c57c8b-6d56-42de-ab1e-e4e3258c7818

Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3c957f8a-8f32-4a12-ade9-10a7e2984e88

Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7300636f-aefd-46bf-a7ba-780d6f939b4f

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ed201422-7c65-4c20-a825-8cecab1aeebc

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8e1a27c9-6495-4030-8a46-264afd78a5a1

Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=76f640b8-5aab-4880-9d74-22e2a5086342

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=b4bed780-b120-43a1-900e-89b3be7da8b1

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=b4bed780-b120-43a1-900e-89b3be7da8b1

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=3efb0de1-252b-4b72-86f3-e747f8fa2229

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=3efb0de1-252b-4b72-86f3-e747f8fa2229

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=73a9ff32-4009-4fd4-a82b-1e22c09d3087

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=73a9ff32-4009-4fd4-a82b-1e22c09d3087

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=772f2975-065d-44f3-adf8-82188bd43196

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=772f2975-065d-44f3-adf8-82188bd43196

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ed201422-7c65-4c20-a825-8cecab1aeebc

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8e1a27c9-6495-4030-8a46-264afd78a5a1

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=73a9ff32-4009-4fd4-a82b-1e22c09d3087

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=73a9ff32-4009-4fd4-a82b-1e22c09d3087

A restart is required.

The Microsoft advisory is available at:

http://technet.microsoft.com/en-us/security/bulletin/ms12-047

Vendor URL: technet.microsoft.com/en-us/security/bulletin/ms12-047 (Links to External Site)

Cause: Access control error

Underlying OS:

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC