Multiple vulnerabilities in Microsoft Windows



Published: 2008-04-14 | Updated: 2016-12-14
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2009-0079
CVE-2009-0080
CVE-2009-0078
CWE-ID CWE-264
Exploitation vector Local
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #2 is being exploited in the wild.
Vulnerability #3 is being exploited in the wild.
Vulnerable software
Subscribe
Windows Server
Operating systems & Components / Operating system

Windows
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU1320

Risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2009-0079

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper isolation of processes in the RPCSS service. Accessing the computer under the context of a NetworkService or LocalService account an attacker can obtain privileged security tokens and execute code with privileges of SYSTEM account.

Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.

Note: this vulnerability was being actively exploited.


Mitigation

Install update from vendor's website:

Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyID=90FE715E-8190-43E9-9C43-DF5BE564D923
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=A794C32A-9A0C-47D9-9C57-FF5D4A8E4944
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=25ADEC10-DB8C-4CAC-BF74-2C784678150A
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=B014C399-F404-4CB2-8F9D-864DF382EFEB
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=6ADA372B-BA17-433E-B022-D2C57B35AF8A

Vulnerable software versions

Windows Server: 2003

Windows: XP

CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-012.aspx

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

2) Privilege escalation

EUVDB-ID: #VU1319

Risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2009-0080

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to incorrect placing of access control lists (ACLs) on threads in the current ThreadPool. By leveraging incorrect thread ACLs an attacker can access NetworkService or LocalService account, obtain elevated privileges and execute code with privileges of SYSTEM account.

Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.

Note: this vulnerability was being actively exploited.

Mitigation

Install update from vendor's website:

Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=F111B99A-E555-4F29-8D1F-E9EC03D5CF1F
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=FA153BDC-6B48-4DF2-9E5E-ABACD6DA782C
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9E3C7B52-65A7-42FB-BEB5-1B374934737F
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=EEBB4D4D-29D2-4247-8CBB-63A3B17585EC
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=CC383C24-B0F6-47C1-9E89-6A378B09E82F

Vulnerable software versions

Windows: Vista

Windows Server: 2008

CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-012.aspx

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

3) Privilege escalation

EUVDB-ID: #VU1318

Risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2009-0078

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to insufficient security protections in Windows Management Instrumentation (WMI) providers. Accessing the computer under the context of a NetworkService or LocalService account an attacker can obtain privileged security tokens and execute code with privileges of SYSTEM account.

Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control over the affected system.

Note: this vulnerability was being actively exploited.

Mitigation

Install update from vendor's website:


Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyID=90FE715E-8190-43E9-9C43-DF5BE564D923
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=A794C32A-9A0C-47D9-9C57-FF5D4A8E4944
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=25ADEC10-DB8C-4CAC-BF74-2C784678150A
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=B014C399-F404-4CB2-8F9D-864DF382EFEB
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=6ADA372B-BA17-433E-B022-D2C57B35AF8A
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=F111B99A-E555-4F29-8D1F-E9EC03D5CF1F
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyID=FA153BDC-6B48-4DF2-9E5E-ABACD6DA782C
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9E3C7B52-65A7-42FB-BEB5-1B374934737F
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=EEBB4D4D-29D2-4247-8CBB-63A3B17585EC
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=CC383C24-B0F6-47C1-9E89-6A378B09E82F

Vulnerable software versions

Windows: Vista, XP

Windows Server: 2003, 2008

CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-012.aspx

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.



###SIDEBAR###