=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN119
_____________________________________________________________________

DATE                      : 09/04/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP,
                             Windows Server 2003, Windows Vista,
                             Windows Server 2008.

======================================================================
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx
______________________________________________________________________


MS08-025 Vulnerability in Windows Kernel Could Allow Elevation of Privilege

This security update resolves a privately reported vulnerability in the
Windows kernel. A local attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts.

This is an important security update for all supported editions of
Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows
Server 2008.

This security update addresses the vulnerability by modifying the way that
the Windows kernel validates inputs passed from user mode.

Microsoft recommends that customers apply the update at the earliest
opportunity.

Affected Software
    o Windows Server 2008 for 32-bit Systems
    o Windows Server 2008 for x64-based Systems
    o Windows Server 2008 for Itanium-based Systems
    o Windows Vista Service Pack 1
    o Windows Vista
    o Windows Vista x64 Edition Service Pack 1
    o Windows Vista x64 Edition
    o Windows Server 2003 Service Pack 2
    o Windows Server 2003 Service Pack 1
    o Windows Server 2003 x64 Edition Service Pack 2
    o Windows Server 2003 x64 Edition
    o Windows Server 2003 with SP2 for Itanium based Systems
    o Windows Server 2003 with SP1 for Itanium-based Systems
    o Windows XP Service Pack 2
    o Windows XP Professional x64 Edition Service Pack 2
    o Windows XP Professional x64 Edition
    o Microsoft Windows 2000 Service Pack 4

Vulnerability Information

Windows Kernel Vulnerability - CVE-2008-1084

An elevation of privilege vulnerability exists due to the Windows
kernel improperly validating input passed from user mode to the kernel.
The vulnerability could allow an attacker to run code with elevated
privileges. An attacker who successfully exploited this vulnerability
could execute arbitrary code and take complete control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================