=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN429
_____________________________________________________________________

DATE                      : 15/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows Kernel.

======================================================================
KB954211
 http://www.microsoft.com/technet/security/bulletin/ms08-061.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-061 - Important

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
(954211)

   Published: October 14, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves one publicly disclosed and two privately
   reported vulnerabilities in the Windows kernel. A local attacker who
   successfully exploited these vulnerabilities could take complete
   control of an affected system. The vulnerabilities could not be
   exploited remotely or by anonymous users.

   This security update is rated Important for all supported editions of
   Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows
   Vista, and Windows Server 2008. For more information, see the
   subsection, Affected and Non-Affected Software, in this section.

   The security update addresses the vulnerabilities by correcting window
   property validation passed during the new window creation process,
   correcting the manner in which system calls from multiple threads are
   handled, and correcting validation of parameters passed to the Windows
   Kernel from user mode.

   Recommendation. Microsoft recommends that customers apply the update
   at the earliest opportunity.

Affected Software

   Microsoft Windows 2000 Service Pack 4

   Windows XP Service Pack 2

   Windows XP Service Pack 3

   Windows XP Professional x64 Edition

   Windows XP Professional x64 Edition Service Pack 2

   Windows Server 2003 Service Pack 1

   Windows Server 2003 Service Pack 2

   Windows Server 2003 x64 Edition

   Windows Server 2003 x64 Edition Service Pack 2

   Windows Server 2003 with SP1 for Itanium-based Systems

   Windows Server 2003 with SP2 for Itanium-based Systems

   Windows Vista

   Windows Vista Service Pack 1

   Windows Vista x64 Edition

   Windows Vista x64 Edition Service Pack 1

   Windows Server 2008 for 32-bit Systems

   Windows Server 2008 for x64-based Systems

   Windows Server 2008 for Itanium-based Systems

Vulnerability Information

Windows Kernel Window Creation Vulnerability - CVE-2008-2250

   An elevation of privilege vulnerability exists because the Windows
   kernel does not properly validate properties of a window passed during
   the new window creation process. An attacker who successfully
   exploited this vulnerability could run arbitrary code in kernel mode.
   An attacker could then install programs; view, change, or delete data;
   or create new accounts with full user rights.

Workarounds for Windows Kernel Window Creation Vulnerability - CVE-2008-2250

   Microsoft has not identified any workarounds for this vulnerability.

Windows Kernel Unhandled Exception Vulnerability - CVE-2008-2251

   An elevation of privilege vulnerability exists due to a possible
   "Double Free" condition in the Windows kernel. The vulnerability could
   allow an attacker to run code with elevated privileges. An attacker
   who successfully exploited this vulnerability could execute arbitrary
   code and take complete control of an affected system. An attacker
   could then install programs; view, change, or delete data; or create
   new accounts with full user rights.

Workarounds for Windows Kernel Unhandled Exception Vulnerability -
CVE-2008-2251

   Microsoft has not identified any workarounds for this vulnerability.

Windows Kernel Memory Corruption Vulnerability - CVE-2008-2252

   An elevation of privilege vulnerability exists due to the Windows
   kernel improperly validating input passed from user mode to the
   kernel. The vulnerability could allow an attacker to run code with
   elevated privileges. An attacker who successfully exploited this
   vulnerability could execute arbitrary code and take complete control
   of an affected system. An attacker could then install programs; view,
   change, or delete data; or create new accounts with full user rights.

Workarounds for Windows Kernel Memory Corruption Vulnerability -
CVE-2008-2252

   Microsoft has not identified any workarounds for this vulnerability.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================