Windows : Microsoft Bulletins : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2859537)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902990

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2859537)

Resumen: This host is missing an important security update according to; Microsoft Bulletin MS13-063.

Descripción: Summary:
This host is missing an important security update according to
Microsoft Bulletin MS13-063.

Vulnerability Insight:
The following vulnerabilities exist:

- An error within Address Space Layout Randomization (ASLR) implementation
can be exploited to bypass the ASLR security feature.

- Multiple errors within the NT Virtual DOS Machine (NTVDM) subsystem.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code with kernel-mode privileges and or corrupt memory.

Affected Software/OS:
- Microsoft Windows 8

- Microsoft Windows XP x32 Edition Service Pack 3 and prior

- Microsoft Windows 2003 x32 Edition Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior

- Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

- Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2556
Cert/CC Advisory: TA13-225A
http://www.us-cert.gov/ncas/alerts/TA13-225A
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
http://twitter.com/VUPEN/statuses/309713355466227713
http://twitter.com/thezdi/statuses/309756927301283840
Microsoft Security Bulletin: MS13-063
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18132
Common Vulnerability Exposure (CVE) ID: CVE-2013-3196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18175
Common Vulnerability Exposure (CVE) ID: CVE-2013-3197
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18364
Common Vulnerability Exposure (CVE) ID: CVE-2013-3198
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18421

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902990
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2859537)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS13-063.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS13-063. Vulnerability Insight: The following vulnerabilities exist: - An error within Address Space Layout Randomization (ASLR) implementation can be exploited to bypass the ASLR security feature. - Multiple errors within the NT Virtual DOS Machine (NTVDM) subsystem. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code with kernel-mode privileges and or corrupt memory. Affected Software/OS: - Microsoft Windows 8 - Microsoft Windows XP x32 Edition Service Pack 3 and prior - Microsoft Windows 2003 x32 Edition Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior - Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2556 Cert/CC Advisory: TA13-225A http://www.us-cert.gov/ncas/alerts/TA13-225A http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://twitter.com/VUPEN/statuses/309713355466227713 http://twitter.com/thezdi/statuses/309756927301283840 Microsoft Security Bulletin: MS13-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18132 Common Vulnerability Exposure (CVE) ID: CVE-2013-3196 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18175 Common Vulnerability Exposure (CVE) ID: CVE-2013-3197 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18364 Common Vulnerability Exposure (CVE) ID: CVE-2013-3198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18421
Copyright	Copyright (C) 2013 Greenbone AG