Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-051: Vulnerability in Windows Kernel

Published: 2006-08-08
Last Updated: 2006-08-08 19:32:52 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Vulnerability in Windows Kernel Could Result in Remote Code Execution
MS06-051 - KB917422

This update focus on two main vulnerabilities.
    - CVE-2006-3443: The User Profile Elevation of Privilege - LOCAL
    - CVE-2006-3648: The Unhandled Exception - REMOTE

If any of them is successfully exploited, the attacker can gain complete control of the affected system.

The advisory focus on W2k systems. For the Elevation of Privilege vulnerability: "...If a specially crafted DLL is placed in the user directory, it is possible for WinLogon to execute the code of the DLL resulting in an elevation of the user's privileges.".

For the Unhandled Exception vulnerability, looks like a simple spam with a link would lead the user to a specially crafted website which would exploit it.

Worthless to say that it is REALLY important to patch your systems against these vulnerabilities! Test and Patch!!

-------------------------------------------------
Pedro Bueno ( pbueno //&&// isc. sans. org)

Keywords:
0 comment(s)
Diary Archives