Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows kernel vulnerability could allow escalation of privilege


Report ID: MS201112012
Date Published: 14 December 2011

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7




Summary

A vulnerability in the Windows kernel could allow an attacker to execute code in kernel mode.



Detailed Description

Microsoft has released a security update to address a vulnerability in the Windows kernel that exists when accessing incorrectly initialized object. To exploit this vulnerability, the attacker must first log on to the local system and then run a specially crafted application. Upon successful exploit, the attacker could be able to execute arbitrary code in kernel mode.

This vulnerability has been resolved in the update by ensuring that Windows kernel initializes objects in memory. As a protection against potential exploits, users are recommended to install the latest security patch.



CVE Reference

CVE-2011-2018



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-098)




Online Virus Scanner

 
Run a quick online virus scan of your computer.