Windows kernel vulnerability could allow escalation of privilege
Report ID: MS201112012
Date Published: 14 December 2011
Compromise Type: privilege-escalation
Compromise From: local-system
Windows Server 2003
Windows Server 2008
A vulnerability in the Windows kernel could allow an attacker to execute code in kernel mode.
Microsoft has released a security update to address a vulnerability in the Windows kernel that exists when accessing incorrectly initialized object. To exploit this vulnerability, the attacker must first log on to the local system and then run a specially crafted application. Upon successful exploit, the attacker could be able to execute arbitrary code in kernel mode.
This vulnerability has been resolved in the update by ensuring that Windows kernel initializes objects in memory. As a protection against potential exploits, users are recommended to install the latest security patch.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-098)