HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2008-44
Windows Kernel Elevation of Privilege Vulnerability

Original Issue Date: April 10, 2008

Severity Rating: Medium

System Affected

  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for Itanium-based Systems
  • Windows Vista Service Pack 1
  • Windows Vista
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 x64 Edition
  • Windows Server 2003 with SP2 for Itanium based Systems
  • Windows Server 2003 with SP1 for Itanium-based Systems
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows XP Professional x64 Edition
  • Microsoft Windows 2000 Service Pack 4

Overview

A vulnerability has been reported in Windows Kernel that could be exploited by a local attacker to take complete control of an affected system.

Description

This vulnerability is caused because the windows kernel improperly validates input passed from user mode to the kernel. A local attacker can render specially crafted input to execute arbitrary code on target system with kernel level privileges and take complete control of an affected system.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-025

Vendor Information

 Vendor Information
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx

References

Security Focus
http://www.securityfocus.com/bid/28554/info

Security Tracker
http://securitytracker.com/alerts/2008/Apr/1019803.html

FrSIRT
http://www.frsirt.com/english/advisories/2008/1149

National Vulnerability Database
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1084

Secunia
http://secunia.com/advisories/29720/

CVE Name
CVE-2008-1084

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003