----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Microsoft Windows Kernel Privilege Escalation Vulnerabilities

SECUNIA ADVISORY ID:
SA35372

VERIFY ADVISORY:
http://secunia.com/advisories/35372/

DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious, local users to gain escalated
privileges.

1) An error causes changes in certain kernel objects to not be
properly validated.

2) An error causes certain pointers passed from user mode to be
insufficiently validated.

3) An error causes certain arguments passed to a Windows kernel
system call to not be properly validated.

4) An error causes input passed from user mode to the kernel to be
improperly validated when editing a specific desktop parameter.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code with kernel mode privileges.

SOLUTION:
Apply patches.

Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1

Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8

Windows Vista SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8

Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc

Windows Vista x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4

Windows Server 2008 for 32-bit Systems SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9

Windows Server 2008 for x64-based Systems SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9

Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd

Windows Server 2008 for Itanium-based Systems SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd

PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2-3) The vendor credits Thomas Garnier.
4) Reported by the vendor.

ORIGINAL ADVISORY:
MS09-025 (KB968537):
http://www.microsoft.com/technet/security/Bulletin/MS09-025.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------