Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Description: This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.The security update addresses the vulnerabilities by ensuring that the Windows Kernel handles exceptions properly.
Update type: Important
Release date: February 9, 2010
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/977165
- Windows Kernel Exception Handler Vulnerability – CVE-2010-0232
- Windows Kernel Double Free Vulnerability – CVE-2010-0233
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB977165.