Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.The security update addresses the vulnerabilities by correcting validations, the creation of symbolic links, the resolution of virtual registry key paths, and exceptions handling.
Update type: Important
Release date: April 13, 2010
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/979683
- Windows Kernel Null Pointer Vulnerability – CVE-2010-0234
- Windows Kernel Symbolic Link Value Vulnerability – CVE-2010-0235
- Windows Kernel Memory Allocation Vulnerability – CVE-2010-0236
- Windows Kernel Symbolic Link Creation Vulnerability – CVE-2010-0237
- Windows Kernel Registry Key Vulnerability – CVE-2010-0238
- Windows Virtual Path Parsing Vulnerability – CVE-2010-0481
- Windows Kernel Malformed Image Vulnerability – CVE-2010-0482
- Windows Kernel Exception Handler Vulnerability – CVE-2010-0810
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB979683.