MS10-015: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Medium Nessus Plugin ID 44425
Synopsis
The Windows kernel is affected by two vulnerabilities allowing a
local attacker to execute code with SYSTEM privileges.
Description
The remote Windows host is running a version of the Windows kernel
that is affected by two vulnerabilities :
- An elevation of privilege vulnerability exists in the
kernel due to the way it handles certain exceptions. An
attacker who successfully exploited this vulnerability
could run arbitrary code in kernel mode. An attacker
could then install programs, view / change / delete
data, or create new accounts with full user rights.
(CVE-2010-0232)
- An elevation of privilege vulnerability exists in the
Windows kernel due to a double free condition. An
attacker who successfully exploited this vulnerability
could run arbitrary code in kernel mode. An attacker
could then install programs, view / change / delete
data, or create new accounts with full user rights.
(CVE-2010-0233)
Solution
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista, 2008 and 7.