|CERT-In Vulnerability Note
Multiple Privilege Escalation Vulnerabilities in Microsoft Windows Ancillary Function Driver
Original Issue Date:February 15, 2012
Severity Rating: HIGH
- Windows XP Professional x64 Edition SP2 and prior
- Windows Server 2003 x64 Edition SP2 and prior
- Windows Server 2003 with SP2 and prior for Itanium-based Systems
- Windows Vista x64 Edition SP2 and prior
- Windows Server 2008 for x64-based Systems SP2 and prior
- Windows Server 2008 for Itanium-based Systems SP2 and prior
- Windows 7 for x64-based Systems SP1 and prior
- Windows Server 2008 R2 for x64-based Systems SP1 and prior
- Windows Server 2008 R2 for Itanium-based Systems SP1 and prior
Multiple vulnerabilities have been reported in Microsoft Windows Ancillary Function Driver (afd.sys) that could allow a local attacker to gain elevated privileges on a system.
1. AfdPoll Elevation of Privilege Vulnerability
The vulnerability exists because of improper validation of usermode data that is passed from applications to the Windows kernel. An attacker could exploit the vulnerability by running a malicious application to execute arbitrary code with the elevated privileges of the Windows kernel.
2. Kernel Ancillary Function Driver Privilege Escalation Vulnerability
The vulnerability is because of improper input checks on usermode data. An attacker could exploit the vulnerability by running a malicious application to execute arbitrary code on the targeted system with the elevated privileges of the Windows kernel.
Apply appropriate patches as mentioned in Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Department of Information Technology
Ministry of Communications & Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003