Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-034.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the security context of the LocalSystem account. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-034

Insight

Flaw is due to an unspecified error when improper pathnames are used by Windows Defender (Microsoft Antimalware Client).

Affected

Windows Defender for Windows 8

References

http://secunia.com/advisories/52921
http://support.microsoft.com/kb/2781197
https://technet.microsoft.com/en-us/security/bulletin/ms13-034

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0078

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DirectAccess Security Advisory (2862152)
Cumulative Security Update for Internet Explorer (928090)
Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)

Take action and discover your vulnerabilities