Ancillary Function Driver vulnerabilities could allow escalation of privilege
Report ID: MS201202002
Date Published: 15 February 2012
Compromise Type: privilege-escalation
Compromise From: local-system
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Two reported vulnerabilities in the Ancillary Function Driver (afd.sys) could allow a local attacker to execute code with escalated privileges.
Microsoft has released a security update to address two vulnerabilities that are affecting the Ancillary Function Driver (afd.sys). Both vulnerabilities were caused by improper input validation when receiving data from user mode. To exploit these vulnerabilities, an attacker must first log on to the local system and then run a specially crafted application. Upon successful exploit, the attacker could be able to execute code in kernel mode and take control of the affected system.
These issues have been resolved in the update by correcting the way that AFD validates input before passing it to the Windows kernel. Users are recommended to install this latest update to protect their system from potential exploit.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-009)