Title

Multiple Vulnerabilities in Microsoft Windows Kernel (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities affecting the Windows kernel. The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling. To exploit these vulnerabilities, an attacker would gain access to an affected system and run a malicious application designed to exploit these vulnerabilities. If successfully exploited, these vulnerabilities would allow an attacker to execute arbitrary code in kernel mode and compromise affected systems. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. Driver Improper Interaction with Windows Kernel Vulnerability - (CVE-2010-4398): An elevation of privilege vulnerability exists due to the improper interaction of drivers with the Windows kernel. The vulnerability is caused by the improper interaction of drivers with the Windows kernel. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system. Windows Kernel Integer Truncation Vulnerability - (CVE-2011-0045): An elevation of privilege vulnerability exists due to the way that the Windows kernel allocates memory when reading user-supplied data. The Windows kernel does not properly validate user-supplied data before allocating memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode and take complete control of an affected system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-011 (2393802). Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64, and Itanium) Windows Vista SP1 and SP2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP2 (x86*, x64*, and Itanium) Windows 7 (x86 and x64) Windows Server 2008 R2 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below. Ntdll.dll Windows XP SP3 - 5.1.2600.6055 Windows XP SP2 x64 - 5.2.3790.4789 Windows 2003 SP2 - 5.2.3790.4789 Windows Vista SP1 / 2008 - 6.0.6001.18538 or 22777 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18327 or 22505 Windows 7 and 2008 R2 Fixed by SP1 Windows 7 / 2008 R2 - 6.1.7600.16695 or 20826

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-26065

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.