Korean

<< Back VID 26620 Severity 40 Port 139,445 Protocol TCP Class SMB Detailed Description The hotfix (MS12-042, 2711167) for 'Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege' has not been applied. The Windows kernel is affected by a multiple vulnerabilities that could result in privilege escalation. - The User Mode Scheduler (UMS) is a light-weight mechanism with system API's that applications can use to schedule their own threads. An elevation of privilege vulnerability exists in the way that the Windows User Mode Scheduler handles system requests. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. (CVE-2012-0217) - An elevation of privilege vulnerability exists in the way that Windows handles BIOS memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. (CVE-2012-1515) The update addresses the vulnerability by correcting the way that Windows manages BIOS ROM or the way that the Windows User Mode Scheduler handles a particular system request. * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts. * References: http://technet.microsoft.com/en-us/security/bulletin/ms12-042 * Platforms Affected: Windows Vista SP2 Windows Server 2008 and SP2 Windows 7 and SP1 Windows Server 2008 R2 and SP1 Recommendation Apply the appropriate patch (2711167)for your system, as listed in Microsoft Security Bulletin MS12-042 at http://technet.microsoft.com/en-us/security/bulletin/ms12-042 -- OR -- Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. Related URL CVE-2012-0217,CVE-2012-1515 (CVE) Related URL 52820,53856 (SecurityFocus) Related URL (ISS)