===================================================================== CERT-Renater Note d'Information No. 2014/VULN009 _____________________________________________________________________ DATE : 15/01/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows version 7, Server 2008. ====================================================================== KB2913602 https://technet.microsoft.com/en-us/security/bulletin/ms14-003 ______________________________________________________________________ Microsoft Security Bulletin MS14-003 - Important Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602) Published Date: January 14, 2014 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a user logs onto the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. This security update is rated Important for all supported editions of Windows 7 and Windows Server 2008 R2. Affected Software Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Vulnerability Information Win32k Window Handle Vulnerability - CVE-2014-0262 An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly uses window handle thread-owned objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================