MS KB2506014: Update for the Windows Operating System Loader

High Nessus Plugin ID 56824


The remote Windows host does not properly enforce driver signing.


The remote Windows host contains a version of the Windows OS Loader (winload.exe) which does not properly enforce driver signing. This could result in unsigned drivers being loaded by winload.exe.

While this update does not address any specific vulnerabilities, it prevents winload.exe from loading unsigned binaries. This technique is commonly used by malware (e.g. rootkits) to stay resident on a system after the initial infection.


Microsoft has released a set of patches for the 64-bit editions of Windows Vista, 2008, 7, and 2008 R2.

See Also

Plugin Details

Severity: High

ID: 56824

File Name: smb_kb2506014.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2012/02/16

Modified: 2017/08/30

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion, SMB/ARCH

Patch Publication Date: 2011/04/12

Vulnerability Publication Date: 2011/04/12

Reference Information

MSKB: 2506014