Description: This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. The security update addresses the vulnerability by correcting the manner in which the Workstation service allocates and frees memory.
Update type: Moderate
Release date: August 11, 2009
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/971657
- Workstation Service Memory Corruption Vulnerability – CVE-2009-1544