Windows kernel-mode drivers vulnerability could allow escalation of privilege
Report ID: MS201203002
Date Published: 14 March 2012
Compromise Type: privilege-escalation
Compromise From: local-system
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
A vulnerability in the Windows kernel-mode drivers could allow an attacker to execute arbitrary code with escalated privilege.
Microsoft has issued a security update to address a vulnerability that was found in the win32k.sys component, a kernel-mode driver. The vulnerability was caused by improper handling of the input passed via PostMessage function.
In order to exploit this vulnerability, an attacker need to log on to the system first, and then run a specifically crafted application. Upon successful exploit, the attacker could be able to execute arbitrary code in kernel mode and take control of the affected system.
The latest security update corrects the way that Windows kernel-mode driver handles window messaging. As a protection against potential exploit, users are recommended to install this latest update.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-018)