MS06-051: Vulnerability in Windows Kernel
Vulnerability in Windows Kernel Could Result in Remote Code Execution
MS06-051 - KB917422
This update focus on two main vulnerabilities.
- CVE-2006-3443: The User Profile Elevation of Privilege - LOCAL
- CVE-2006-3648: The Unhandled Exception - REMOTE
If any of them is successfully exploited, the attacker can gain complete control of the affected system.
The advisory focus on W2k systems. For the Elevation of Privilege vulnerability: "...If a specially crafted DLL is placed in the user directory, it is possible for WinLogon to execute the code of the DLL resulting in an elevation of the user's privileges.".
For the Unhandled Exception vulnerability, looks like a simple spam with a link would lead the user to a specially crafted website which would exploit it.
Worthless to say that it is REALLY important to patch your systems against these vulnerabilities! Test and Patch!!
-------------------------------------------------
Pedro Bueno ( pbueno //&&// isc. sans. org)
MS06-051 - KB917422
This update focus on two main vulnerabilities.
- CVE-2006-3443: The User Profile Elevation of Privilege - LOCAL
- CVE-2006-3648: The Unhandled Exception - REMOTE
If any of them is successfully exploited, the attacker can gain complete control of the affected system.
The advisory focus on W2k systems. For the Elevation of Privilege vulnerability: "...If a specially crafted DLL is placed in the user directory, it is possible for WinLogon to execute the code of the DLL resulting in an elevation of the user's privileges.".
For the Unhandled Exception vulnerability, looks like a simple spam with a link would lead the user to a specially crafted website which would exploit it.
Worthless to say that it is REALLY important to patch your systems against these vulnerabilities! Test and Patch!!
-------------------------------------------------
Pedro Bueno ( pbueno //&&// isc. sans. org)
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments