Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities ( 09 June 2010 )

Last Update Date: 28 Jan 2011 Release Date: 9 Jun 2010 4203 Views

RISK: Medium Risk

1. Win32k Improper Data Validation Vulnerability

An elevation of privilege vulnerability exists because the Windows kernel-mode drivers do not properly validate changes in certain kernel objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

2. Win32k Window Creation Vulnerability

An elevation of privilege vulnerability exists because Windows kernel-mode drivers do not properly validate all parameters when creating a new window. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. Win32k TrueType Font Parsing Vulnerability

An elevation of privilege vulnerability exists due to the way that the operating system provides font-related information to applications. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

Elevation of Privilege

System / Technologies affected

Microsoft Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch

Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities ( 09 June 2010 )

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link