1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Vulnerability protection

Ancillary Function Driver vulnerabilities could allow escalation of privilege

Report ID: MS201202002
Date Published: 15 February 2012

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system

Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2


Two reported vulnerabilities in the Ancillary Function Driver (afd.sys) could allow a local attacker to execute code with escalated privileges.

Detailed Description

Microsoft has released a security update to address two vulnerabilities that are affecting the Ancillary Function Driver (afd.sys). Both vulnerabilities were caused by improper input validation when receiving data from user mode. To exploit these vulnerabilities, an attacker must first log on to the local system and then run a specially crafted application. Upon successful exploit, the attacker could be able to execute code in kernel mode and take control of the affected system.

These issues have been resolved in the update by correcting the way that AFD validates input before passing it to the Windows kernel. Users are recommended to install this latest update to protect their system from potential exploit.

CVE Reference



Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-009)

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.