Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows kernel-mode drivers vulnerabilities could allow remote code execution


Report ID: MS201202001
Date Published: 15 February 2012

Criticality: Critical
Compromise Type: remote-code-execution privilege-escalation
Compromise From: remote local-system


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

Two vulnerabilities affecting the Windows kernel-mode drivers could allow an attacker to execute arbitrary code and take control of an affected system.



Detailed Description

Microsoft has issued a security update to address two vulnerabilities found in the win32k.sys component. One vulnerability, caused by improper validation of the input passed through the kernel component of GDI, could allow an attacker to execute arbitrary code from a remote location.

The other vulnerability was caused by improper handling of keyboard layout errors. It could allow an attacker to execute code in kernel mode, but to exploit this vulnerability, the attacker must first log on to the local system.

In the latest security update, modification has been made in the way that user mode calls to GDI are handled, and the way that keyboard layout errors are handled. Users are recommended to install this latest update to protect their system from potential exploit.



CVE Reference

CVE-2011-5046
CVE-2012-0154



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-008)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.