Windows Partition Manager vulnerability could allow escalation of privilege
Report ID: MS201205005
Date Published: 9 May 2012
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system
Affected Product/Component:
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Summary
A vulnerability in the way that Windows Partition Manager handles device relation requests could allow an attacker to execute code in kernel mode.
Detailed Description
Microsoft has released a security update to address an escalation of privilege vulnerability in Windows Partition Manager. The vulnerability resulted when Plug and Play (PnP) Configuration Manager functions are called by two or more processes or threads at the same time. To exploit this vulnerability, the attacker must first log on to the local system, and then run a specially crafted application. Upon successful exploit, the attacker could be able to run code in kernel mode and take complete control of the affected system.
This issue has been resolved through the update, which introduces a correction in the way that Windows Partition Manager allocates object in memory. Users are recommended to install this latest update as a protection measure against potential exploit attempt.
CVE Reference
CVE-2012-0178
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-033)
