=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN142
_____________________________________________________________________

DATE                : 09/07/2014

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Windows version Vista, 7, Server 2008, 8, 8.1,
                  Server 2012, RT, RT 8.1 running On-Screen Keyboard.

======================================================================
KB2975685
https://technet.microsoft.com/library/security/ms14-039
______________________________________________________________________


Microsoft Security Bulletin MS14-039 - Important Vulnerability in
On-Screen Keyboard Could Allow Elevation of Privilege
(2975685)

Published: July 8, 2014

Version: 1.0


General Information

Executive Summary

This security update resolves a publicly disclosed vulnerability in
Microsoft Windows. The vulnerability could allow elevation of privilege
if an attacker uses a vulnerability in a low integrity process to
execute the On-Screen Keyboard (OSK) and upload a specially crafted
program to the target system.

This security update is rated Important for all supported release of
Windows except Windows Server 2003.


Affected Software

Windows Vista Service Pack 2 (2973201)
Windows Vista x64 Edition Service Pack 2 (2973201)
Windows Server 2008 for 32-bit Systems Service Pack 2 (2973201)
Windows Server 2008 for x64-based Systems Service Pack 2 (2973201)
Windows Server 2008 for Itanium-based Systems Service Pack 2 (2973201)
Windows 7 for 32-bit Systems Service Pack 1 (2973201)
Windows 7 for x64-based Systems Service Pack 1 (2973201)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (2973201)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (2973201)
Windows 8 for 32-bit Systems (2973201)
Windows 8 for x64-based Systems (2973201)
Windows 8.1 for 32-bit Systems(2973201)
Windows 8.1 for 32-bit Systems(2973906)
Windows 8.1 for x64-based Systems(2973201)
Windows 8.1 for x64-based Systems(2973906)
Windows Server 2012 (2973201)
Windows Server 2012 R2 (2973201)
Windows Server 2012 R2 (2973906)
Windows RT (2973201)
Windows RT 8.1 (2973201)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)(2973201)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation) (2973201)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation) (2973201)
Windows Server 2012 (Server Core installation) (2973201)
Windows Server 2012 R2 (Server Core installation) (2973201)
Windows Server 2012 R2 (Server Core installation) (2973906)


Vulnerability information

On-Screen Keyboard Elevation of Privilege Vulnerability - CVE-2014-2781

A vulnerability exists in the On-Screen Keyboard that could allow a
local elevation of privilege.

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================