Windows Defender vulnerability could allow escalation of privilege
Report ID: MS201307007
Date Published: 11 July 2013
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system
Affected Product/Component:
Windows Defender for Windows 7
Windows Defender installed on Windows Server 2008 R2
Summary
A vulnerability involving Windows Defender could allow an attacker to execute code with a LocalSystem account privileges and take complete control of an affected system.
Detailed Description
Microsoft has released a security update to address an escalation of privilege vulnerability reported in Windows Defender. The vulnerability was caused by improper use of pathnames when loading an affected version of the Windows Defender service. To exploit this vulnerability, the attacker must first log on to the local system and place a specially crafted application. Upon successful exploitation, the attacker would be able to execute code in the context of a LocalSystem account and proceed to take full control of the system.
This issue has been resolved in the update by correcting the pathnames used by Windows Defender for Windows 7. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.
CVE Reference
CVE-2013-3154
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-058)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
