=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN533
_____________________________________________________________________

DATE                      : 15/12/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003
                             running Routing and Remote Access NDProxy.

======================================================================
KB2440591
http://www.microsoft.com/technet/security/Bulletin/MS10-099.mspx
______________________________________________________________________

Microsoft Security Bulletin MS10-099 - Important
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege
(2440591)

Version: 1.0

General Information

Executive Summary

  This security update addresses a privately reported vulnerability in the
  Routing and Remote Access NDProxy component of Microsoft Windows. This
  security update is rated Important for all supported editions of Windows XP
  and Windows Server 2003. All supported editions of Windows Vista, Windows
  Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the
  vulnerability. For more information, see the subsection, Affected and
  Non-Affected Software, in this section.

  The vulnerability could allow elevation of privilege if an attacker logs on to
  an affected system and runs a specially crafted application. An attacker must
  have valid logon credentials and be able to log on locally to exploit this
  vulnerability. The vulnerability could not be exploited remotely or by
  anonymous users.

  The security update addresses the vulnerability by correcting the validation
  in the Routing and Remote Access component. For more information about the
  vulnerability, see the Frequently Asked Questions (FAQ) subsection for the
  specific vulnerability entry under the next section, Vulnerability
  Information.

Affected Software

  Windows XP Service Pack 3
  Windows XP Professional x64 Edition Service Pack 2
  Windows Server 2003 Service Pack 2
  Windows Server 2003 x64 Edition Service Pack 2
  Windows Server 2003 with SP2 for Itanium-based Systems

Vulnerability Information

Kernel NDProxy Buffer Overflow Vulnerability - CVE-2010-3963

  An elevation of privilege vulnerability exists in the Routing and Remote
  Access NDProxy component of the Windows kernel due to improper validation
  of input passed from user mode to the kernel. The vulnerability could
  allow an attacker to run code with elevated privileges. A local attacker
  who successfully exploited this vulnerability could execute arbitrary code
  and take complete control of an affected system. The attacker could then
  install programs; view, change, or delete data; or create new accounts
  with full user rights.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================