Microsoft Windows Kernel "win32k.sys" Privilege Escalation Vulnerability (Security did not patch)

Hi

Can Microsoft please check on these issues.

It seems that the vulnerability did not patch this issues.

Microsoft Windows Kernel "win32k.sys" Privilege Escalation Vulnerability

Secunia Advisory SA53435

Where:

Local system

Impact:

Privilege escalation, DoS

Solution Status:

Unpatched

Operating System:

Microsoft Windows 7

Microsoft Windows 8

CVE Reference(s):

CVE-2013-3660

Description

Tavis Ormandy has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges

The vulnerability is caused due to an error within "win32k.sys" when processing certain objects and can be exploited to cause a crash or execute arbitrary code with the kernel privilege.

The vulnerability is confirmed on a fully patched Windows 7 x86 Professional (win32k.sys version 6.1.7601.18126) and reported on Windows 8. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Tavis Ormandy

Original Advisory:
http://seclists.org/fulldisclosure/2013/May/91
http://packetstormsecurity.com/files/121851/Windows-NT-2K-XP-2K3-VISTA-2K8-7-8-EPATHOBJ-Local-ring0.html

Deep Links:
Links available to Secunia VIM customers


July 4th, 2013 7:51am
I will help you report this.
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2013 4:19am

Thanks!

This vulnerability was reported from Secunia Computer Security Team.

July 7th, 2013 5:59pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics