Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows kernel-mode drivers vulnerabilities could allow remote code execution


Report ID: MS201110003
Date Published: 12 October 2011

Criticality: Important
Compromise Type: denial-of-service privilege-escalation remote-code-execution
Compromise From: local-system remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

Four vulnerabilities identified in Windows kernel-mode driver could result in escalation of privilege, denial of service and remote code execution.



Detailed Description

A security update addressing four vulnerabilities in Windows kernel-mode driver has been released. Upon exploitation, the vulnerabilities could either lead to an escalation of privilege, denial of service, or remote code execution for the most severe impact.

 

The four vulnerabilities are described below:

  • Win32k null pointer de-reference vulnerability (CVE-2011-1985)
    This escalation of privilege vulnerability was caused by improper validation of the input passed from user mode. To successfully exploit this vulnerability, the attacker must locally log on to the sytem before being able to run the specially crafted application used in the exploit.

  • Win32k TrueType font type translation vulnerability (CVE-2011-2002)
    This denial of service vulnerability was caused by improper handling of TrueType font. It could be exploited to cause an affected system to stop responding and restart.

  • Font library file buffer overrun vulnerability (CVE-2011-2003)
    This remote code execution vulnerability exists when a Windows kernel-mode driver fails to perform proper validation when writing into a buffer. Upon successful exploit, an attacker could execute arbitrary code and take complete control of an affected system.

  • Win32k use after free vulnerability (CVE-2011-2011)
    This escalation of privilege vulnerability was caused by improper management of kernel-mode driver objects. To successfully exploit this vulnerability, the attacker must locally log on to the system before being able to run the specially crafted application used in the exploit.

 

Each of the vulnerabilities mentioned above has been resolved in the latest security update, which implement correction on the way Windows kernel-mode drivers validate input passed from user mode, handle TrueType font, allocate the proper buffer size before writing to memory, and manage kernel-mode driver objects. Users are recommended to install the latest patch for applicable system as a protection from potential exploit.



CVE Reference

CVE-2011-1985, CVE-2011-2002, CVE-2011-2003, CVE-2011-2011



Solution

Install the latest patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-077).



Online Virus Scanner

 
Run a quick online virus scan of your computer.