Microsoft Windows Knowledge Base Article 2913602 update is not installed (WinMs14kb2913602Update)

Vuln ID: 89966
Risk Level: High risk vulnerability  High WinMs14kb2913602Update
Platforms: Microsoft Windows 7: SP1 x32, Microsoft Windows 7: SP1 x64, Microsoft Windows Server 2008: R2 SP1 x64, Microsoft Windows Server 2008: R2 SP1 Itanium
Description:

Microsoft Windows Knowledge Base Article 2913602 update is not installed on the system, which could allow an attacker to exploit the following vulnerability:

Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by the failure to properly use window handle thread objects in memory by the kernel-mode driver. By executing a malicious application on the vulnerable system, a local attacker with valid login credentials could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS14-003. See References.

False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS14-003
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
http://technet.microsoft.com/en-us/security/bulletin/ms14-003

IBM Internet Security Systems X-Force Database
Microsoft Windows handle thread objects privilege escalation
http://xforce.iss.net/xforce/xfdb/89965

ISS X-Force
Microsoft Windows Knowledge Base Article 2913602 update is not installed
http://www.iss.net/security_center/static/89966.php

CVE CVE-2012-0262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0262


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures