Windows kernel-mode drivers vulnerabilities could allow escalation of privilege
Report ID: MS201207005
Date Published: 16 July 2012
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system
Affected Product/Component:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Summary
Two reported vulnerabilities in Windows kernel-mode drivers could allow an attacker to execute code with escalated privilege.
Detailed Description
Microsoft has released a security update addressing two vulnerabilities in the Windows kernel-mode driver. One vulnerability was caused by improper handling of keyboard layout files, while the other was caused by improper validation of parameters when creating a hook procedure.
Both vulnerabilities could each lead to an attacker gaining privilege to execute code in kernel-mode. But to exploit these vulnerabilities, the attacker must have valid log-on credentials and be able to log on locally.
The latest security update resolves these issues by correcting the way in handling keyboard layout files and in validating callback parameters when creating a hook procedure. Users are recommended to install the latest update to their system as a protection against potential exploit attempts.
CVE Reference
CVE-2012-1890, CVE-2012-1893
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-047)
