Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Description: This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users. The security update addresses the vulnerabilities by correcting window property validation passed during the new window creation process, correcting the manner in which system calls from multiple threads are handled, and correcting validation of parameters passed to the Windows Kernel from user mode.
Update type: Important
Release date: October 14, 2008
Applies to: All
Knowledge base: http://support.microsoft.com/kb/954211
Comments: Here are the specifics on the vulnerabilities covered by this update:
- Windows Kernel Window Creation Vulnerability – CVE-2008-2250
- Windows Kernel Unhandled Exception Vulnerability – CVE-2008-2251
- Windows Kernel Memory Corruption Vulnerability – CVE-2008-2252
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB954211.