MS14-040: Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)
High Nessus Plugin ID 76409
SynopsisThe remote Windows host contains a driver that allows elevation of privilege.
DescriptionThe remote Windows host contains a version of the Ancillary Function Driver (afd.sys) that is affected by a privilege escalation vulnerability. The flaw is due to the Ancillary Function Driver not properly processing user-supplied input, leading to a double free scenario, allowing a local attacker to elevate privileges by running a specially crafted application.
SolutionMicrosoft has released a set of patches for Windows 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 2012, 8.1, and 2012 R2.