New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232)
Yesterday, we reported about a new Windows Kernel vulnerability [1] . The vulnerability affects all versions of Windows (NT 3.51 up to Windows 7) unless 16-bit application support is disabled. If exploited, the vulnerability will lead to privilege escalation.
Today, Microsoft released an official response in the form of a Security Advisory [2]. The advisory (KB Article 979682) states that Microsoft is investigating the report, and is not aware of any use of the vulnerability in current exploits.
According to Microsoft's list of vulnerable and non-vulnerable systems, 64 bit version of the Windows OS are not vulnerable, but 32 bit versions are. In part this is due to the fact that 64 bit versions of Windows do not include the vulnerable feature (16 bit compatibility).
The workaround outlined by Microsoft matches the workaround proposed in the advisory: Disable access to 16 bit applications. This should work well for the vast majority of systems. But be aware that there is a reason for this feature: Some old (very old) applications do require 16 bit support. This may in particular affect old custom software and support for odd hardware configurations. A standard office desktop should not require any 16 bit applications. As always: Test first.
The CVE number CVE-2010-0232 has been assigned to this issue [3].
[1] http://isc.sans.org/diary.html?storyid=8023
[2] http://www.microsoft.com/technet/security/advisory/979682.mspx
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0232 (not live yet as of this writing)
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments
GaileF0rce
Jan 21st 2010
1 decade ago
neuropsycho
Jan 21st 2010
1 decade ago
GuenTech
Jan 22nd 2010
1 decade ago
GuenTech
Jan 22nd 2010
1 decade ago