MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
High Nessus Plugin ID 48284
SynopsisThe Windows kernel is affected by several vulnerabilities that could allow escalation of privileges.
DescriptionThe remote Windows host is running a version of the Windows kernel that is affected by one or more of the following vulnerabilities :
- A race condition when creating certain types of kernel threads may allow a local attacker to execute arbitrary code in kernel mode and take complete control of the affected system. (CVE-2010-1888)
- A double free vulnerability when the kernel initializes objects while handling certain errors may allow a local attacker to execute arbitrary code in kernel mode and take complete control of the affected system.
- A failure to properly validate access control lists on kernel objects may allow a local attacker to cause the system to become unresponsive and automatically restart. (CVE-2010-1890)
SolutionMicrosoft has released a set of patches for Windows XP, Vista, 2008, 7, and 2008 R2.