Detections
Analytics
MS KB2506014: Update for the Windows Operating System Loader
high Nessus Plugin ID 56824
Language:
Synopsis
The remote Windows host does not properly enforce driver signing.Description
The remote Windows host contains a version of the Windows OS Loader (winload.exe) which does not properly enforce driver signing. This could result in unsigned drivers being loaded by winload.exe.While this update does not address any specific vulnerabilities, it prevents winload.exe from loading unsigned binaries. This technique is commonly used by malware (e.g. rootkits) to stay resident on a system after the initial infection.
Solution
Microsoft has released a set of patches for the 64-bit editions of Windows Vista, 2008, 7, and 2008 R2.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2011/2506014
Plugin Details
Severity: High
ID: 56824
File Name: smb_kb2506014.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 2/16/2012
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion, SMB/ARCH
Patch Publication Date: 4/12/2011
Vulnerability Publication Date: 4/12/2011
Reference Information
MSKB: 2506014