#VU1340 Privilege escalation in Windows and Windows Server


Published: 2016-12-16 | Updated: 2017-03-16

Vulnerability identifier: #VU1340

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-1125

CWE-ID: CWE-622

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper validation of an argument to an unspecified system call. By running a malicious application, a local attacker can submit malformed calls to the Windows Kernel and execute arbitrary code in kernel mode.

Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.

Mitigation
Install update from vendor's website:

Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd

Vulnerable software versions

Windows: Vista, 2000, XP

Windows Server: 2003 - 2008

External links
http://technet.microsoft.com/en-us/library/security/ms09-025.aspx

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple priviledge escalation vulnerabilities in Microsoft Windows