The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in Windows Kernel Allows Elevation of Privilege (MS07-066)
------------------------------------------------------------------------
SUMMARY
This important security update resolves a privately reported vulnerability
in the Windows kernel. An attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full administrative rights.
DETAILS
Affected Software
* Windows Vista - Elevation of Privilege - Important - None
* Windows Vista x64 Edition - Elevation of Privilege - Important -None
Non-Affected Software
* Microsoft Windows 2000 Service Pack 4
* Windows XP Service Pack 2
* Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium based systems
* Windows Server 2003 x64 Edition and Windows Server x64 Edition Service
Pack 2
Windows Kernel Vulnerability:
An elevation of privilege vulnerability exists in the way that the Windows
kernel processes certain access requests. This vulnerability could allow
an attacker to run code and to take complete control of the system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full administrative rights. Users whose accounts
are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.
Mitigating Factors for Windows Kernel Vulnerability
Mitigation refers to a setting, common configuration, or general
best-practice, existing in a default state, that could reduce the severity
of exploitation of a vulnerability. The following mitigating factors may
be helpful in your situation:
* An attacker must have valid logon credentials and be able to log on
locally to exploit this vulnerability. The vulnerability could not be
exploited remotely or by anonymous users.
FAQ for Windows Kernel Vulnerability
What is the scope of the vulnerability?
This is an elevation of privilege vulnerability. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts that have full privileges.
What causes the vulnerability?
Windows Advanced Local Procedure Call (ALPC) improperly validates certain
conditions in legacy reply paths.
What is the kernel?
The kernel is the core of the operating system and it provides basic
services for all other parts of the operating system.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that have
full privileges.
How could an attacker exploit the vulnerability?
To exploit this vulnerability, an attacker would first have to log on to
the system. An attacker could then run a specially crafted application
that could exploit the vulnerability and take complete control over the
affected system.
What systems are primarily at risk from the vulnerability?
Systems that are running Windows Vista are the systems that are primarily
at risk.
What does the update do?
The update removes the vulnerability by modifying the way that the Windows
kernel validates certain conditions in legacy reply paths.
When this security bulletin was issued, had this vulnerability been
publicly disclosed?
No. Microsoft received information about this vulnerability through
responsible disclosure. Microsoft had not received any information to
indicate that this vulnerability had been publicly disclosed when this
security bulletin was originally issued.
When this security bulletin was issued, had Microsoft received any reports
that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this
vulnerability had been publicly used to attack customers and had not seen
any examples of proof of concept code published when this security
bulletin was originally issued.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5350>
CVE-2007-5350
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx>
http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
