===================================================================== CERT-Renater Note d'Information No. 2009/VULN154 _____________________________________________________________________ DATE : 15/04/2009 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows 2000, Windows 2000, Windows Server 2003, Windows Vista, Windows Server 2008. ====================================================================== KB959454 http://www.microsoft.com/technet/security/Bulletin/ms09-012.mspx ______________________________________________________________________ Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section. The security update addresses the vulnerabilities by correcting the way that Microsoft Windows addresses tokens requested by the Microsoft Distributed Transaction Coordinator (MSDTC), and by properly isolating WMI providers and processes that run under the NetworkService or LocalService accounts. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Affected Software Windows 2000 Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista and Windows Vista Service Pack 1 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 Windows Server 2008 for 32-bit Systems* Windows Server 2008 for x64-based Systems* Windows Server 2008 for Itanium-based Systems *Windows Server 2008 server core installation affected. Vulnerability Information Windows MSDTC Service Isolation Vulnerability - CVE-2008-1436 An elevation of privilege vulnerability exists in the Microsoft Distributed Transaction Coordinator (MSDTC) transaction facility in Microsoft Windows platforms. MSDTC leaves a NetworkService token that can be impersonated by any process that calls into it. The vulnerability allows a process that is not running under the NetworkService account, but that has the SeImpersonatePrivilege, to elevate its privilege to NetworkService and execute code with NetworkService privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Windows WMI Service Isolation Vulnerability - CVE-2009-0078 An elevation of privilege vulnerability exists due to the Windows Management Instrumentation (WMI) provider improperly isolating processes that run under the NetworkService or LocalService accounts. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Windows RPCSS Service Isolation Vulnerability - CVE-2009-0079 An elevation of privilege vulnerability exists due to the RPCSS service improperly isolating processes that run under the NetworkService or LocalService accounts. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Windows Thread Pool ACL Weakness Vulnerability - CVE-2009-0080 An elevation of privilege vulnerability exists due to Windows placing incorrect access control lists (ACLs) on threads in the current ThreadPool. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================