| VID |
26650 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (MS13-053, 2850851) for 'Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution' has not been applied.
This security update resolves two publicly disclosed and six privately reported vulnerabilities in Microsoft Windows. The most severe vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
- Win32k Memory Allocation Vulnerability (CVE-2013-1300)
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
- Win32k Dereference Vulnerability (CVE-2013-1340)
An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context or cause the target system to stop responding.
- Win32k Vulnerability (CVE-2013-1345)
An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context or cause the target system to stop responding.
- TrueType Font Parsing Vulnerability (CVE-2013-3129)
A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font files. The vulnerability could allow remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
- Win32k Information Disclosure Vulnerability (CVE-2013-3167)
An information disclosure vulnerability that could lead to elevation of privilege exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
- Win32k Buffer Overflow Vulnerability (CVE-2013-3172)
A denial of service vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause the target system to stop responding.
- Win32k Buffer Overwrite Vulnerability (CVE-2013-3173)
An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
- Win32k Read AV Vulnerability (CVE-2013-3660)
A theoretical remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability as a remote code execution vulnerability could execute arbitrary code in the security context of the Windows kernel.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://technet.microsoft.com/en-us/security/bul |
| Recommendation |
Apply the appropriate patch (2850851) for your system, as listed in Microsoft Security Bulletin MS13-053 at https://technet.microsoft.com/en-us/security/bulletin/ms13-053
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2013-1300,CVE-2013-1340,CVE-2013-1345,CVE-2013-3129,CVE-2013-3167,CVE-2013-3172,CVE-2013-3173,CVE-2013-3660 (CVE) |
| Related URL |
60051,60946,60947,60948,60949,60950,60951,60978 (SecurityFocus) |
| Related URL |
(ISS) |
|
