Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-034.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the security context of the LocalSystem account. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-034

Insight

Flaw is due to an unspecified error when improper pathnames are used by Windows Defender (Microsoft Antimalware Client).

Affected

Windows Defender for Windows 8

References

http://secunia.com/advisories/52921
http://support.microsoft.com/kb/2781197
https://technet.microsoft.com/en-us/security/bulletin/ms13-034

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0078

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
Cumulative Patch for Internet Information Services (Q327696)

Take action and discover your vulnerabilities