Windows AFD vulnerability could allow escalation of privilege
Report ID: MS201110006
Date Published: 12 October 2011
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system
Affected Product/Component:
Windows XP
Windows Server 2003
Summary
A vulnerability in Windows Ancillary Function Driver (AFD) could allow privilege escalation, allowing a local attacker to run arbitrary code in kernel mode and take complete control of the affected system.
Detailed Description
Microsoft has released a security update to fix a vulnerability found in Windows Ancillary Function Driver (AFD), which could allow privilege escalation to an attacker who locally logs on to an affected system. Upon successful exploit, the attacker could execute arbitrary code in kernel mode and take complete control of the system.
This vulnerability was caused by improper input validation when receiving data from user mode. To fix this issue, the way that AFD validates input before passing the input from user-mode to the Windows kernel has been corrected through the update. Users are recommended to install the latest update patch to protect their system from potential exploit.
CVE Reference
CVE-2011-2005
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-080)
