CERT-In Vulnerability Note CIVN-2008-162
Multiple Vulnerabilities in Windows Kernel

Original Issue Date:October 16, 2008

Severity Rating: Medium

Systems Affected

• Microsoft Windows 2000 Service Pack 4
• Windows XP Service Pack 2
• Windows XP Service Pack 3
• Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista and Windows Vista Service Pack 1
  Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
• Windows Server 2008 for 32-bit Systems
• Windows Server 2008 for x64-based Systems
• Windows Server 2008 for Itanium-based Systems

Overview

Multiple vulnerabilities have been reported in Microsoft Windows Kernel that could allow a local attacker to take complete control of an affected system.

Description

1. Windows Kernel Window Creation Vulnerability
    (CVE-2008-2250)

An elevation of privilege vulnerability has been reported in Microsoft Windows Kernel. This vulnerability is caused due to insufficient validation of information that is passed from parent window to child window during new creation process. Successful exploitation of this vulnerability could allow an attacker to execute an arbitrary code in kernel mode to take complete control of the vulnerable system.

2. Windows Kernel Unhandled Exception Vulnerability
    (CVE-2008-2251)

An elevation of privilege vulnerability has been reported in Windows Kernel which is due to a possible "Double Free" condition in the Windows kernel. This vulnerability is caused due to errors in errors in memory operations as a result of processing system calls from multiple sources. Windows kernel attempts to free previous freed memory areas, as a result a double-free error may occur. Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code that is designed to trigger the error which is resulting corruption of memory, to gain elevated privileges on the affected system.

3. Windows Kernel Memory Corruption Vulnerability
    (CVE-2008-2252)

An elevation of privilege vulnerability has been reported in Windows Kernel which is due to improper validation of inputs passed from user mode to kernel mode. The windows kernel fails to check size of certain inputs when passed from user mode applications to kernel mode. A local attacker could exploit this vulnerability by sending overlarge input calls to Windows kernel. The processing of large input could trigger a heap-based buffer overflow and corruption of kernel memory which could allow the attacker to execute arbitrary code with elevated privileges and to take complete control of an affected system.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-061

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx

References

Secunia
http://secunia.com/advisories/32247/

CISCO
http://www.cisco.com/web/about/security/intelligence/ERP_oct08.html

SecurityTracker
http://www.securitytracker.com/alerts/2008/Oct/1021044.html

SecurityFocus
http://www.securityfocus.com/bid/31651
http://www.securityfocus.com/bid/31652
http://www.securityfocus.com/bid/31653

CVE Name
CVE-2008-2250
CVE-2008-2251
CVE-2008-2252


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003