HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-76
Multiple Vulnerabilities in Microsoft Windows Kernel

Original Issue Date:June 11, 2009

Severity Rating: Medium

Softwares Affected

  • Microsoft Windows 2000 Service Pack 4
  • Windows XP Service Pack 2 and Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista and Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 and Windows Server 2008 Service Pack 2 (including Server Core)
  • Windows Server 2008 x64 Edition and Windows Server 2008 x64 Edition Service Pack 2 (including Server Core)
  • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Overview

Multiple vulnerabilities have been reported in Microsoft Windows Kernel. Successful exploitation of any of these vulnerabilities could allow elevation of privilege. An attacker could then execute an arbitrary code and take complete control of the affected system.

Description

The Windows kernel is the core of the operating system. It provides system level services such as device management, memory management, allocates processor time to processes, and manages error handling.

1. Windows Kernel Desktop Vulnerability (CVE-2009-1123)

This is an elevation of privilege vulnerability and caused due to improper validation of changes in certain kernel objects by Windows kernel.

An attacker could exploit this vulnerability locally by running a malicious program designed to submit a malformed request to the Windows Kernel. The processing of the request could trigger the execution of arbitrary code with the privileges of the kernel and provide the complete control of an affected system.

NOTE: Prof of Concept is available on Internet.

2. Windows Kernel Pointer Validation Vulnerability
    (CVE-2009-1124)

This is an elevation of privilege vulnerability and caused due to improper validation of memory pointer objects sent from user mode to kernel mode. The processing of a malformed pointer could allow an attacker to manipulate memory structures.

An attacker could exploit this vulnerability locally by running a malicious program designed to send a malicious memory pointer to the Windows Kernel. If the kernel performs operations on the pointer, memory may become corrupted, allowing the attacker to trigger the execution of arbitrary code and provide complete control of an affected system.

3. Windows Driver Class Registration Vulnerability
    (CVE-2009-1125)

This is an elevation of privilege vulnerability and caused due to improper validation of arguments within system calls sent to the Windows Kernel.

An attacker could exploit this vulnerability locally by running a program designed to send malicious calls to the kernel, triggering an error condition that could corrupt kernel memory. The attacker could leverage the error condition to execute arbitrary code with kernel privileges and take complete control of an affected system

4. Windows Desktop Parameter Edit Vulnerability
    (CVE-2009-1126)

This is an elevation of privilege vulnerability and caused due to improper validation of input that is sent to the Windows kernel generated during the modification of specific desktop parameters.

An attacker could exploit this vulnerability locally by running a program that is designed to send malicious input to the Windows kernel. The processing of the malicious input could cause an error condition that could leverage to execute arbitrary code with elevated privileges and take complete control of an affected system.

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS09-025

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS09-025.mspx

References

Secunia
http://secunia.com/advisories/35372/

SecurityTracker
http://www.securitytracker.com/alerts/2009/Jun/1022359.html

SecurityFocus
http://www.securityfocus.com/bid/35121
http://www.securityfocus.com/bid/35238
http://www.securityfocus.com/bid/35240
http://www.securityfocus.com/bid/35120

Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=18420
http://tools.cisco.com/security/center/viewAlert.x?alertId=18421
http://tools.cisco.com/security/center/viewAlert.x?alertId=18422
http://tools.cisco.com/security/center/viewAlert.x?alertId=18423

VUPEN
http://www.vupen.com/english/advisories/2009/1544

CVE Name
CVE-2009-1123
CVE-2009-1124
CVE-2009-1125
CVE-2009-1126

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003