---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA32247 VERIFY ADVISORY: http://secunia.com/advisories/32247/ CRITICAL: Less critical IMPACT: Privilege escalation, DoS WHERE: Local system OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/advisories/product/22/ Microsoft Windows XP Home Edition http://secunia.com/advisories/product/16/ Microsoft Windows Vista http://secunia.com/advisories/product/13223/ Microsoft Windows Server 2008 http://secunia.com/advisories/product/18255/ Microsoft Windows Server 2003 Web Edition http://secunia.com/advisories/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/advisories/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/advisories/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/advisories/product/1175/ Microsoft Windows 2000 Server http://secunia.com/advisories/product/20/ Microsoft Windows 2000 Professional http://secunia.com/advisories/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/advisories/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/advisories/product/21/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. 1) An error exists within the processing of window properties passed from a parent to a child window when a new window is created. This can be exploited to execute arbitrary code with elevated privileges. 2) An error while processing unspecified user mode input can be exploited to execute arbitrary code with elevated privileges. 3) A double-free error within the handling of system calls from multiple threads can be exploited to cause a memory corruption. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=3a6165a6-d7e7-4526-9291-290caf0639b4 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=7718bf14-c26c-43f3-be67-4c79ab5b2607 Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=b06d3a02-b6e4-4d40-913a-3759a31f20f3 Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=6e696762-d652-4a8f-ab8f-622f9746c320 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=57ca28ea-e5e1-4191-a3d6-84aa90a3d668 Windows Server 2003 with SP1/SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=1e6c3f81-85bb-48e6-a5af-635a7e540c93 Windows Vista and Windows Vista SP1: http://www.microsoft.com/downloads/details.aspx?familyid=3483b400-cedc-441f-ba8e-594e3df89190 Windows Vista x64 Edition and Windows Vista x64 Edition SP1: http://www.microsoft.com/downloads/details.aspx?familyid=905ab030-14a5-4a3d-aa11-e8f957f6a1ea Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?familyid=8b97114a-71aa-47a2-b9e7-f4e158c18c80 Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=6e641db2-90c8-458f-9795-3e46b70a5203 Windows Server 2008 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=b6546e1c-bf7b-4354-8574-6c16fa707de0 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Paul Caton of iShadow. 2) The vendor credits Thomas Garnier of SkyRecon. 3) Reported by the vendor. ORIGINAL ADVISORY: MS08-061 (KB954211): http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------