Routing And Remote Access Privilege Escalation Vulnerability (2440591) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS10-099.

Impact

Successful exploitation could allow remote attackers to bypass security restrictions and gain the privileges. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-099.mspx

Insight

The flaw is due to Routing and Remote Access NDProxy component which does not properly validate user-supplied input when passing data from user mode to the kernel.

Affected

Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2 and prior.

References

http://support.microsoft.com/kb/2440591
http://www.microsoft.com/technet/security/bulletin/ms10-099.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3963

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
Cumulative Security Update for Internet Explorer (928090)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)

Routing and Remote Access Privilege Escalation Vulnerability (2440591)

Take action and discover your vulnerabilities