Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows kernel vulnerabilities could allow escalation of privilege


Report ID: MS201308005
Date Published: 14 August 2013

Criticality: Important
Compromise Type: security-bypass privilege-escalation
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8




Summary

Four vulnerabilities found in the Windows kernel could lead to security bypass and escalation of privilege situation.



Detailed Description

Microsoft has released a security update to address four reported vulnerabilities in the Windows kernel. One is a security bypass vulnerability caused by improper implementation of features which allow a DLL to be loaded at an arbitrary, non-random offset. The three others are escalation of privilege vulnerabilities caused by improper validation of address value that could lead to memory corruption.

All four vulnerabilities have been patched through the latest security update by modifying the functionality to maintain ASLR integrity and by changing the way of validating memory address value.



CVE Reference

CVE-2013-2556, CVE-2013-3196, CVE-2013-3197, CVE-2013-3198



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-063)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.