Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2778930) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-005.

Impact

Successful exploitation will allow remote attackers to gain escalated privileges. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-005

Insight

The flaw is due to an error in 'win32k.sys' when handling window broadcast messages.

Affected

Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

References

http://secunia.com/advisories/51704/
http://support.microsoft.com/kb/2778930
http://technet.microsoft.com/en-us/security/bulletin/ms13-005

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0008

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
Active Directory Could Allow Remote Code Execution Vulnerability (957280)
Microsoft DirectShow Remote Code Execution Vulnerability (977935)
Cumulative Security Update for Internet Explorer (969897)

Take action and discover your vulnerabilities