Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Antimalware Client vulnerability could allow escalation of privilege


Report ID: MS201304007
Date Published: 10 April 2013

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system


Affected Product/Component:

Windows Defender for Windows 8 and Windows RT




Summary

A vulnerability in the Microsoft Antimalware Client could, if successfully exploited, allow an attacker to execute code in the context of the LocalSystem account.



Detailed Description

Microsoft has issued a security update to address an escalation of privilege vulnerability in the Microsoft Antimalware Client, which was caused by the usage of improper pathnames. Upon successful exploitation, an attacker could be able to execute code in the context of the LocalSystem account.

The vulnerability issue has been fixed through the update which introduces correction in the way that Microsoft Antimalware Client uses pathnames. Users are recommended to install the update to protect their system from possible exploit attempts.



CVE Reference

CVE-2013-0078



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-034)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.