Summary
This host is missing an important security update according to Microsoft Bulletin MS10-021.
Impact
Successful exploitation could allow local users to cause a Denial of Service or gain escalated privileges.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
Insight
Multiple error exists in the Windows kernel due to, - the way that the kernel handles certain exceptions - improper validation of specially crafted image files - the manner in which the kernel processes the values of symbolic links - insufficient validation of registry keys passed to a Windows kernel system call
- the manner in which memory is allocated when extracting a symbolic link from a registry key
- the way that the kernel resolves the real path for a registry key from its virtual path
- not properly restricting symbolic link creation between untrusted and trusted registry hives
Affected
Micorsoft Windows 7
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.
References
Severity
Classification
-
CVE CVE-2010-0234, CVE-2010-0235, CVE-2010-0236, CVE-2010-0237, CVE-2010-0238, CVE-2010-0481, CVE-2010-0482, CVE-2010-0810 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Buffer Overrun in Messenger Service (828035)
- Consent User Interface Privilege Escalation Vulnerability (2442962)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
- Cumulative Security Update for Internet Explorer (958215)