Windows : Microsoft Bulletins : Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900886

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS09-065.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-065.

Vulnerability Insight:
- An error in the Win32k kernel-mode driver 'Win32k.sys' when parsing
font code can be exploited to execute arbitrary code if a user
views content rendered in a specially crafted Embedded OpenType (EOT)
font, when a user visits a malicious web site.

- Some vulnerabilities in the Win32k kernel-mode driver can be exploited by
malicious, local users to gain escalated privileges.

- An error in the Win32k kernel-mode driver 'Win32k.sys' when handling input
passed through the kernel component of GDI (Graphics Device Interface) can
be exploited to execute arbitrary code in kernel mode.

Vulnerability Impact:
Successful exploitation could allow attackers to remote attackers to compromise
a vulnerable system or by local attackers to gain elevated privileges.

Affected Software/OS:
- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1127
Cert/CC Advisory: TA09-314A
http://www.us-cert.gov/cas/techalerts/TA09-314A.html
Microsoft Security Bulletin: MS09-065
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5588
Common Vulnerability Exposure (CVE) ID: CVE-2009-2513
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6277
Common Vulnerability Exposure (CVE) ID: CVE-2009-2514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6406

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900886
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-065.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-065. Vulnerability Insight: - An error in the Win32k kernel-mode driver 'Win32k.sys' when parsing font code can be exploited to execute arbitrary code if a user views content rendered in a specially crafted Embedded OpenType (EOT) font, when a user visits a malicious web site. - Some vulnerabilities in the Win32k kernel-mode driver can be exploited by malicious, local users to gain escalated privileges. - An error in the Win32k kernel-mode driver 'Win32k.sys' when handling input passed through the kernel component of GDI (Graphics Device Interface) can be exploited to execute arbitrary code in kernel mode. Vulnerability Impact: Successful exploitation could allow attackers to remote attackers to compromise a vulnerable system or by local attackers to gain elevated privileges. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1127 Cert/CC Advisory: TA09-314A http://www.us-cert.gov/cas/techalerts/TA09-314A.html Microsoft Security Bulletin: MS09-065 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5588 Common Vulnerability Exposure (CVE) ID: CVE-2009-2513 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6277 Common Vulnerability Exposure (CVE) ID: CVE-2009-2514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6406
Copyright	Copyright (C) 2009 Greenbone AG