Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-051: Vulnerability in Windows Kernel SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-051: Vulnerability in Windows Kernel
Vulnerability in Windows Kernel Could Result in Remote Code Execution
MS06-051 - KB917422

This update focus on two main vulnerabilities.
    - CVE-2006-3443: The User Profile Elevation of Privilege - LOCAL
    - CVE-2006-3648: The Unhandled Exception - REMOTE

If any of them is successfully exploited, the attacker can gain complete control of the affected system.

The advisory focus on W2k systems. For the Elevation of Privilege vulnerability: "...If a specially crafted DLL is placed in the user directory, it is possible for WinLogon to execute the code of the DLL resulting in an elevation of the user's privileges.".

For the Unhandled Exception vulnerability, looks like a simple spam with a link would lead the user to a specially crafted website which would exploit it.

Worthless to say that it is REALLY important to patch your systems against these vulnerabilities! Test and Patch!!

Pedro Bueno ( pbueno //&&// isc. sans. org)


155 Posts
ISC Handler
Aug 8th 2006

Sign Up for Free or Log In to start participating in the conversation!