MS13-063: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
High Nessus Plugin ID 69328
SynopsisThe Windows kernel on the remote host is affected by multiple vulnerabilities.
DescriptionThe Windows version installed on the remote host is affected by multiple vulnerabilities :
- The Windows kernel is affected by multiple privilege escalation vulnerabilities due to a memory corruption condition in the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited these issues could run arbitrary code in kernel mode.
(CVE-2013-3196, CVE-2013-3197, CVE-2013-3198)
- A vulnerability exists in a security feature of Windows due to the improper implementation of Address Space Layout Randomization (ASLR). An attacker could bypass the ASLR security feature to load a malicious DLL.
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, and 8.