(MS09-058) Windows Kernel Exception Handler Vulnerability (971486)

Threat Detail

Vulnerability Type: Logic error

Impact of Exploitation: Authenticated locally logged on user with limited privileges

CVE Reference: N/A

Next Steps:

Overview
Timeline
Recommendations
Additional Resources

Overview

A vulnerability in the Windows Kernel may allow for local denial-of-service attacks.

A vulnerability in the Windows Kernel may allow for local denial-of-service attacks. The vulnerability exists due the way the kernel handles certain exceptions. An attacker could exploit the vulnerability by running a specially crafted application causing the system to restart.

Attack Vector

Authenticated locally logged on user with limited privileges

User Interaction

user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Windows 2003 SP2,

Timeline

2009-10-13

Vendor has provided a patch.

Recommendations

The vendor has released a patch to address this issue:
http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx

Recommendations McAfee Product Mitigation

Additional Resources

(MS09-058) Windows Kernel Exception Handler Vulnerability (971486)
http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx