SB2010101201 - Multiple privilege escalation vulnerabilities in Win32k.sys in Microsoft Windows
Published: October 12, 2010 Updated: January 31, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2010-2744)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to an error in Win32k.sys driver when validating window class data. A local user can execute arbitrary code on the target system with SYSTEM privileges.
Successful exploitation of this vulnerability may allow an attacker to escalate privileges on vulnerable system.
2) Reference count error (CVE-ID: CVE-2010-2549)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to an error in Win32k.sys driver when updating reference count for an object. A local user can execute arbitrary code on the target system with SYSTEM privileges.
Successful exploitation of this vulnerability may allow an attacker to escalate privileges on vulnerable system.
3) Improper validation of array index (CVE-ID: CVE-2010-2743)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to an error in Win32k.sys driver when handling keyboard layouts as the Windows kernel fails to validate that an array index is within the bounds of the array. A local user can load a specially crafted keyboard layout and execute arbitrary code on the target system with privileges of SYSTEM account.
Successful exploitation of this vulnerability may allow an attacker to escalate privileges on vulnerable system.
Note: this vulnerability is being actively exploited by Stuxnet.Remediation
Install update from vendor's website.