Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows Service Control Manager vulnerability could allow escalation of privilege


Report ID: MS201309011
Date Published: 11 September 2013

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: remote


Affected Product/Component:

Windows 7
Windows Server 2008 R2




Summary

A vulnerability in Windows Service Control Manager (SCM) could allow an attacker to execute code on an affected system within the context of the Service Control Manager (service.exe).



Detailed Description

Microsoft has released a security update to address a vulnerability in the Windows Service Control Manager (SCM). The vulnerability was caused when SCM retrieves a corrupted service description from the Windows registry, resulting in "double-free" condition. An attacker who successfully exploited this vulnerability could be able to execute code in the context of the Service Control Manager (service.exe).

The vulnerability has been patched through the latest security update which corrected the way that SCM handles objects in memory when presented with corrupted service description. Users are recommended to install the update onto their system as a protection measure against exploit attempts.



CVE Reference

CVE-2013-3862



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-077)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.