|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU Vulnerability Note VN-2010-3

Microsoft Windows #GP Trap Handler Local Privilege Escalation Vulnerability

Original Issue Date: January 22, 2009

Severity Rating: High

Systems Affected

  • Microsoft Windows 2000 SP 4
  • Windows XP SP 2 and SP 3
  • Windows Server 2003 SP 2
  • Windows Vista, Windows Vista SP 1, and Windows Vista SP 2
  • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP 2
  • Windows 7 for 32-bit Systems

Overview

A local privilege escalation vulnerability has been reported in Microsoft Windows Kernel that could allow a local attacker to execute arbitrary code with kernel privileges and can completely compromise a vulnerable system.

Description

The Windows kernel is the core of the operating system. It provides system level services such as device management, memory management, allocates processor time to processes, and manages error handling.

The Windows Virtual DOS Machine (NTVDM) subsystem is a protected-environment subsystem that emulates MS-DOS and 16-bit Windows within Windows NT-based operating systems

This vulnerability is due to the Windows kernel not properly handling certain exceptions when setting up a VDM (Virtual DOS Machine) context, which is used to support BIOS calls that are used by 16-bit application.

This can be exploited by setting up a specially crafted request to the kernel with “VDM_TIB" in their "TEB (Thread Environment Block) and reach the "Ki386BiosCallReturnAddress()" function via the #GP trap handler (nt!KiTrap0D) that leads to kernel stack modification.

Workarounds

Note

  • Attackers with valid local logon credentials can exploit this vulnerability
  • Windows operating systems for x64-based and Itanium-based computers are not affected.
  • A proof of concept code is publically available in the internet.

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/advisory/979682.mspx

References

Microsoft
Secunia
http://secunia.com/advisories/38265/

ISS XFORCE
http://xforce.iss.net/xforce/xfdb/55742

SecurityFocus
http://www.securityfocus.com/bid/37864

VUPEN
http://www.vupen.com/english/advisories/2010/0179

Security Tracker
http://securitytracker.com/alerts/2010/Jan/1023471.html

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=19754

SANS
http://isc.sans.org/diary.html?storyid=8050

CVE Name
CVE-2010-0232

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

  
 
News & Events
 
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
Safer Internet Day 2011
10-Jul-2011
Computer Security Day 2010
  more...
 
Virus Alerts
RSS Feed
 
 
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +