InfoSec Handlers Diary Blog - CVE-2012-0217 (from MS12-042) applies to other environments too

SANS ISC: InfoSec Handlers Diary Blog - CVE-2012-0217 (from MS12-042) applies to other environments too

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- Computer Forensics
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

CVE-2012-0217 (from MS12-042) applies to other environments too

Published: 2012-06-20
Last Updated: 2012-06-20 08:28:14 UTC
by Raul Siles (Version: 1)

A week ago we covered MS12-042 ("Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)") on the monthly Microsoft patch update cycle. This Microsoft advisory includes two vulnerabilities: CVE-2012-0217 and CVE-2012-1515 (VMware related).

Unfortunately, the official CVE-2012-0217 only makes references to Microsoft Windows OS, but other environments are also affected by this local privilege escalation vulnerability associated to 64-bit Intel processors. From the US-CERT note: "Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape." In particular, it affects FreeBSD or Xen (RedHat, SUSE, etc).

More details at "Vulnerability Note VU#649219: SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware".

----
Raul Siles
Founder and Senior Security Analyst with Taddong
www.taddong.com

Keywords: CVE microsoft privilege escalation virtualization

3 comment(s)

Top of page

Diary Archives