Windows kernel vulnerabilities could allow escalation of privilege
Report ID: MS201308005
Date Published: 14 August 2013
Criticality: Important
Compromise Type: security-bypass privilege-escalation
Compromise From: remote
Affected Product/Component:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Summary
Four vulnerabilities found in the Windows kernel could lead to security bypass and escalation of privilege situation.
Detailed Description
Microsoft has released a security update to address four reported vulnerabilities in the Windows kernel. One is a security bypass vulnerability caused by improper implementation of features which allow a DLL to be loaded at an arbitrary, non-random offset. The three others are escalation of privilege vulnerabilities caused by improper validation of address value that could lead to memory corruption.
All four vulnerabilities have been patched through the latest security update by modifying the functionality to maintain ASLR integrity and by changing the way of validating memory address value.
CVE Reference
CVE-2013-2556, CVE-2013-3196, CVE-2013-3197, CVE-2013-3198
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-063)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
