|
|
 |
Accueil | Resources | Public Advisories/Alerts
| Security Advisories
Windows kernel vulnerabilities (MS09-065)
| Reference: |
CERT-IST/AV-2009.515 |
| Version: |
1.0 |
| Version date: |
12 November 2009 |
|
Vulnerability Classification
| Risk: |
 |
high |
|
| Impact: |
Take control |
| Confidence: |
Vendor-acknowledged |
| Attack expertise: |
Expert |
| Attack requirements: |
Remote (no account) over a standard service |
|
System Information
| Affected Platform(s): |
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professionnel Edition x64 Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 Edition x64 Service Pack 2
- Windows Server 2003 SP2 for Itanium-based systems
- Windows Vista, Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista Edition x64, Windows Vista Edition x64 Service Pack 1 and Windows Vista Edition x64 Service Pack 2
- Windows Server 2008 for 32 bits systems and Windows Server 2008 for 32 bits systems Service Pack 2
- Windows Server 2008 for x64 systems and Windows Server 2008 for x64 systems Service Pack 2
- Windows Server 2008 for Itanium-based systems and Windows Server 2008for Itanium-based systems Service Pack 2
|
| Affected Software(s): |
| |
Remarks: - The following systems are not impacted by these vulnerabilities:
- Windows 7 for 32 bits systems
- Windows 7 for x64 systems
- Windows Server 2008 R2 for x64 systems
- Windows Server 2008 R2 for Itanium-based systems
|
|
Description
| Problem description: |
|
| Three vulnerabilities have been discovered in the kernel Microsoft Windows systems. They allow a remote attacker or a malicious unprivileged user to take the full control of a vulnerable system. |
|
| Technical context: |
|
| "Win32k.sys" is a kernel-mode device driver containing the window manager, which controls window displays; manages screen output; collects input from the keyboard, mouse, and other devices; and passes user messages to applications. It also contains the Graphics Device Interface (GDI), which is a library of functions for graphics output devices |
|
| Technical information: |
|
The vulnerabilities are the following ones:
- CVE-2009-1127: A NULL pointer dereferencing due to a flaw in the Windows kernel"Win32k.sys" driver which does not properly validate an argument passed to a system call.
Note: This vulnerability could not be exploited remotely or by anonymous users.
- CVE-2009-2513: The Windows kernel"Win32k.sys" driver does not properly validate input passed from user mode through the kernel component of GDI.
Note: This vulnerability could not be exploited remotely or by anonymous users.
- CVE-2009-2514: The Windows kernel"Win32k.sys" driver does not properly parse the Embedded OpenType (EOT) fonts.
Note: This vulnerability could be exploited remotely by anonymous users, for example through a web page web containing a specially crafted EOT font.
These vulnerabilities allow an attacker to run arbitrary code with system privileges. |
|
Solution
Apply the Microsoft (KB969947) patches regarding the Windows kernel vulnerabilities
Patches are available for the various impacted platforms.
See the Microsoft security bulletin MS09-065 to get the appropriate patch.
The patches described in this security bulletin replace the ones described in the MS09-025. - Microsoft security bulletin MS09-065 dated November 10, 2009
|
|
Standard vulnerability IDs
Additional Resources
- Microsoft security bulletin MS09-065 dated November 10, 2009
- Novell security advisory 977951 dated November 13, 2009
- US-CERT security advisory TA09-314A dated November 10, 2009
|
|
History
|
|
|
|
|
|
|
|
|
|
Version |
|
|
|
Comment |
|
|
|
Date |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1.0 |
|
|
|
Advisory creation |
|
|
|
12 November 2009 |
|
|
|
|
|
|
|
|
|
|
|
|
|
