Description: This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users. The security update addresses the vulnerabilities by correcting window property validation passed during the new window creation process, correcting the manner in which system calls from multiple threads are handled, and correcting validation of parameters passed to the Windows Kernel from user mode.

Update type: Important

Release date: October 14, 2008

Applies to: All

Knowledge base: http://support.microsoft.com/kb/954211

Download link: 32-bit | 64-bit

Comments: Here are the specifics on the vulnerabilities covered by this update:

• Windows Kernel Window Creation Vulnerability – CVE-2008-2250
• Windows Kernel Unhandled Exception Vulnerability – CVE-2008-2251
• Windows Kernel Memory Corruption Vulnerability – CVE-2008-2252