Title

Microsoft Windows Partition Manager Privilege Escalation Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a privilege escalation vulnerability in Windows Partition Manager. Windows Partition Manager is responsible for discovering, creating, deleting, and managing partitions. To exploit this vulnerability, an attacker would log into a target system and create a malicious application. If successfully exploited, an attacker would gain the ability to run arbitrary code in kernel mode and compromise the affected system.At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS12-033 (2690533). Vulnerable Applications/Systems: Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86, x64, and Itanium) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64 and Itanium) Server Core Installation Option Windows Server 2008 SP2 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64) Verify the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Partmgr.sys Windows Vista SP2 / 2008 SP2 - 6.0.6002.18600 or 22821 Windows 7 / 2008 R2 - 6.1.7600.16979 or 21172 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17796 or 21946

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-32311

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.