TITLE: Microsoft Windows Kernel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA14927
VERIFY ADVISORY: http://secunia.com/advisories/14927/ CRITICAL: Less critical IMPACT: Privilege escalation, DoS WHERE: Local system OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Millenium http://secunia.com/product/14/ Microsoft Windows 98 Second Edition http://secunia.com/product/13/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: Some vulnerabilities have been reported in the Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. 1) A boundary error within the processing of certain font files can be exploited to cause a buffer overflow and gain escalated privileges by loading a malicious font. 2) An error in the validation of certain access requests in the Windows Kernel can be exploited to gain escalated privileges by running a specially crafted program. 3) A boundary error in the Object Management can be exploited to cause the system to stop responding and restart by running a specially crafted program. 4) An error within the validation of certain messages in CSRSS (Client Server Runtime System) can be exploited to gain escalated privileges by running a specially crafted program. SOLUTION: Apply patches. Microsoft Windows 2000 (requires Service Pack 3 or Service Pack 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=992C1BF9-A2C0-49D2-9059-A1DAD6703213 Microsoft Windows XP (requires Service Pack 1 or Service Pack 2): http://www.microsoft.com/downloads/details.aspx?FamilyId=F0683E2B-8E8F-474F-B8D8-46C4C33FCE99 Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=B52F9281-570F-4F7A-8DEF-5AEAB6E8E002 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=C51D6AD5-93BA-4717-A5DB-5CE78F70592E Microsoft Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=E66332D4-3952-428F-AC62-AC8124F8942A Microsoft Windows Server 2003 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=C51D6AD5-93BA-4717-A5DB-5CE78F70592E Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME): See original advisory. The following versions of Microsoft Windows are not affected: * Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 with SP1 for Itanium-based Systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows XP Professional x64 Edition ORIGINAL ADVISORY: MS05-018 (KB890859): http://www.microsoft.com/technet/security/Bulletin/MS05-018.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
