=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN437
_____________________________________________________________________

DATE                      : 15/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Ancillary Function
                                           Driver.

======================================================================
http://www.microsoft.com/technet/security/bulletin/ms08-066.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-066 - Important

Vulnerability in the Microsoft Ancillary Function Driver Could Allow
Elevation of Privilege (956803)

   Published: October 14, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves a privately reported vulnerability in
   the Microsoft Ancillary Function Driver. A local attacker who
   successfully exploited this vulnerability could take complete control
   of an affected system. An attacker could then install programs; view,
   change, or delete data; or create new accounts with full user rights.

   This is an important security update for all supported editions of
   Windows XP and Windows Server 2003. For more information, see the
   subsection, Affected and Non-Affected Software, in this section.

   This security update addresses the vulnerability by correctly
   validating input passed to the Windows Kernel from user mode through
   the AFD component.

   Recommendation. Microsoft recommends that customers apply the update
   at the earliest opportunity.

Affected Software

   Windows XP Service Pack 2

   Windows XP Service Pack 3

   Windows XP Professional x64 Edition

   Windows XP Professional x64 Edition Service Pack 2

   Windows Server 2003 Service Pack 1

   Windows Server 2003 Service Pack 2

   Windows Server 2003 x64 Edition

   Windows Server 2003 x64 Edition Service Pack 2

   Windows Server 2003 with SP1 for Itanium-based Systems

   Windows Server 2003 with SP2 for Itanium-based Systems

Vulnerability Information

AFD Kernel Overwrite Vulnerability - CVE-2008-3464

   An elevation of privilege vulnerability exists in the Ancillary
   Function Driver (afd.sys) due to Windows improperly validating input
   passed from user mode to the kernel. The vulnerability could allow an
   attacker to run code with elevated privileges. A local attacker who
   successfully exploited this vulnerability could execute arbitrary code
   and take complete control of an affected system. The attacker could
   then install programs; view, change, or delete data; or create new
   accounts with full user rights.

Workarounds for AFD Kernel Overwrite Vulnerability - CVE-2008-3464

   Microsoft has not identified any workarounds for this vulnerability.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================