Description: This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. The security update addresses the vulnerability by correcting the manner in which the Workstation service allocates and frees memory.

Update type: Moderate

Release date: August 11, 2009

Applies to: All versions

Knowledge base: support.microsoft.com/kb/971657

Download link: 32-bit | 64-bit

Comments:Here are the specifics on the vulnerabilities covered by this update:

• Workstation Service Memory Corruption Vulnerability – CVE-2009-1544