Windows kernel vulnerabilities could allow escalation of privilege
Report ID: MS201308005
Date Published: 14 August 2013
Compromise Type: security-bypass privilege-escalation
Compromise From: remote
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Four vulnerabilities found in the Windows kernel could lead to security bypass and escalation of privilege situation.
Microsoft has released a security update to address four reported vulnerabilities in the Windows kernel. One is a security bypass vulnerability caused by improper implementation of features which allow a DLL to be loaded at an arbitrary, non-random offset. The three others are escalation of privilege vulnerabilities caused by improper validation of address value that could lead to memory corruption.
All four vulnerabilities have been patched through the latest security update by modifying the functionality to maintain ASLR integrity and by changing the way of validating memory address value.
CVE-2013-2556, CVE-2013-3196, CVE-2013-3197, CVE-2013-3198
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-063)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.