HighMicrosoft Windows Knowledge Base Article 2645640 update is not installed on the system, which could allow an attacker to exploit the following vulnerabilities:
The Microsoft Windows Ancillary Function Driver (afd.sys) could allow a local attacker to gain elevated privileges on the system, caused by improper validation of input passed from user mode to the kernel. By executing a malicious application on the vulnerable system, a local attacker with valid login credentials could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS12-009. See References.
Microsoft Security Bulletin MS12-009
Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
http://technet.microsoft.com/en-us/security/bulletin/ms12-009
IBM Internet Security Systems X-Force Database
Microsoft Windows Ancillary Function Driver privilege escalation
http://xforce.iss.net/xforce/xfdb/72839
IBM Internet Security Systems X-Force Database
Microsoft Windows Ancillary Function Driver privilege escalation
http://xforce.iss.net/xforce/xfdb/72840
ISS X-Force
Microsoft Windows Knowledge Base Article 2645640 update is not installed
http://www.iss.net/security_center/static/72841.php
CVE CVE-2012-0148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0148
CVE CVE-2012-0149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0149
