ID de Prueba:	1.3.6.1.4.1.25623.1.0.903500
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2870008)
Resumen:	This host is missing a critical security; update according to Microsoft Bulletin MS13-081
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS13-081 Vulnerability Insight: Multiple flaws exist due to: - An error when parsing OpenType fonts (OTF) can be exploited to corrupt memory. - An error when handling the USB descriptor of inserted USB devices can be exploited to corrupt memory. - A use-after-free error within the kernel-mode driver (win32k.sys) can be exploited to gain escalated privileges. - An error when handling objects in memory related to App Containers can be exploited to disclose information from a different App Container. - An error related to NULL page handling within the kernel-mode driver (win32k.sys) can be exploited to gain escalated privileges. - A double fetch error within the DirectX graphics kernel subsystem (dxgkrnl.sys) can be exploited to gain escalated privileges. - An error when parsing the CMAP table while rendering TrueType fonts (TTF) can be exploited to corrupt memory. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code with kernel-mode privileges and take complete control of the affected system. Affected Software/OS: - Microsoft Windows 8 - Microsoft Windows Server 2012 - Microsoft Windows XP x32 Edition Service Pack 3 and prior - Microsoft Windows XP x64 Edition Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior - Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3128 Cert/CC Advisory: TA13-288A http://www.us-cert.gov/ncas/alerts/TA13-288A Microsoft Security Bulletin: MS13-081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081 Microsoft Security Bulletin: MS13-082 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-082 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18847 Common Vulnerability Exposure (CVE) ID: CVE-2013-3200 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18630 Common Vulnerability Exposure (CVE) ID: CVE-2013-3879 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18718 Common Vulnerability Exposure (CVE) ID: CVE-2013-3880 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18912 Common Vulnerability Exposure (CVE) ID: CVE-2013-3881 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18614 Common Vulnerability Exposure (CVE) ID: CVE-2013-3888 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18924 Common Vulnerability Exposure (CVE) ID: CVE-2013-3894 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18899
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.