|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Nov 10 2009 - 13:34:11 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
salessecunia.com
----------------------------------------------------------------------
TITLE:
Microsoft Windows Win32k Kernel-Mode Driver Privilege Escalation
SECUNIA ADVISORY ID:
SA37309
VERIFY ADVISORY:
http://secunia.com/advisories/37309/
DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious, local users to gain escalated
privileges.
1) An input validation error in the Win32k kernel-mode driver
(Win32k.sys) when invoking a system call can be exploited to execute
arbitrary code in kernel mode.
2) An error in the Win32k kernel-mode driver (Win32k.sys) when
handling input passed through the kernel component of GDI (Graphics
Device Interface) can be exploited to execute arbitrary code in
kernel mode.
SOLUTION:
Apply patches.
Windows Vista (optionally with SP1 / SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=54562103-1d99-42d7-8f7f-c0cbcdce90db
Windows Vista x64 Edition (optionally with SP1 / SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=fcb87cc8-6fd7-4f16-93d6-552999462fb1
Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=b97d48de-0f6d-4bca-b990-acf543fdb8b7
Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=0e2b8607-10fa-406a-96a5-18290f479c48
Windows Server 2008 for Itanium-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=28eba3f3-99a5-424c-bc8d-a718c716699e
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Agin Sun.
ORIGINAL ADVISORY:
MS09-065 (KB969947):
http://www.microsoft.com/technet/security/Bulletin/MS09-065.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]