Eng en

Select Country or Region

Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

You are here: Threats Vulnerability protection Microsoft Microsoft Antimalware Client vulnerability could allow escalation of privilege

Vulnerability protection

Microsoft Antimalware Client vulnerability could allow escalation of privilege


Report ID: MS201304007
Date Published: 10 April 2013

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system

Affected Product/Component:

Windows Defender for Windows 8 and Windows RT




Summary

A vulnerability in the Microsoft Antimalware Client could, if successfully exploited, allow an attacker to execute code in the context of the LocalSystem account.



Detailed Description

Microsoft has issued a security update to address an escalation of privilege vulnerability in the Microsoft Antimalware Client, which was caused by the usage of improper pathnames. Upon successful exploitation, an attacker could be able to execute code in the context of the LocalSystem account.

The vulnerability issue has been fixed through the update which introduces correction in the way that Microsoft Antimalware Client uses pathnames. Users are recommended to install the update to protect their system from possible exploit attempts.



CVE Reference

CVE-2013-0078



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-034)



Source

Microsoft Security Bulletin MS13-034



F-Secure Health Check

F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.



Health Check

 
Evaluate your computer's security and see recommended updates for popular programs.

 

Try it

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.

 

Read F-Secure advisories