===================================================================== CERT-Renater Note d'Information No. 2010/VULN398 _____________________________________________________________________ DATE : 13/10/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 running Windows Kernel-Mode Drivers. ====================================================================== KB981957 http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx ______________________________________________________________________ Microsoft Security Bulletin MS10-073 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) Version: 1.0 General Information Executive Summary This security update resolves several publicly disclosed vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. This security update is rated Important for all supported editions of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section. Affected Software Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Vista Service Pack 1 and Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 Windows 7 for 32-bit Systems Windows 7 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Vulnerability Information Win32K Reference Count Vulnerability - CVE-2010-2549 An elevation of privilege vulnerability exists due to the way that the Windows kernel-mode drivers maintain the reference count for an object. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Win32K Keyboard Layout Vulnerability - CVE-2010-2743 An elevation of privilege vulnerability exists due to the way that the Windows kernel-mode drivers load specific keyboard layouts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Win32k Window Class Vulnerability - CVE-2010-2744 An elevation of privilege vulnerability exists when the Windows kernel-mode drivers do not properly validate window class data. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================