Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege
Description: This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. The security update addresses the vulnerability by modifying the way that Virtual Address Descriptor handles memory allocation variables.
Update type: Important
Release date: October 14, 2008
Applies to: All
Knowledge base: http://support.microsoft.com/kb/956841
Comments: Here are the specifics on the vulnerabilities covered by this update:
- Virtual Address Descriptor Elevation of Privilege Vulnerability – CVE-2008-4036
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB956841.