McAfee > Theat Center > Vulnerability Detail Page

Timeline

3/20/2009

subscription only

3/10/2009

Vendor has provided a patch.

Description

A vulnerability in the Windows Kernel may allow for remote code execution attacks. The flaw is specific to the kernel component of GDI (Graphics Device Interface). Input passed from user mode to the GDI kernel component is not properly validated. Exploitation can be achieved via a specially-crafted web page designed to exploit this vulnerability.Upon successful exploitation, an attacker may gain the ability to execute arbitrary code in kernel mode.

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:

(MS09-006) Microsoft Windows Kernel Input Validation Vulnerability (958690)

Signature identifier:

6492

Release date:

3/9/2009

McAfee Intrushield

Signature:

HTTP: Microsoft Windows Kernel Input Validation Vulnerability

Signature identifier:

0x40258500

Release date:

3/10/2009

First released in:

5.1.15, 4.1.45, 3.1.82

McAfee Host IPS

Signature:

Vulnerabilities in Windows Win32k Kernel Could Allow Remote Code Execution

Signature identifier:

2212

Release date:

3/10/2009

First released in:

Build

McAfee Anti-Virus protection

Detection for some attack vectors will be added in the 5551 DATs on March 12th, 2009 when scanning with heuristics enabled using the following products: SIG, SWG, GS, VSE E-mail, VSO E-mail.

Signature:

Exploit-CVE2009-0081

Signature identifier:

5551

Release date:

3/11/2009

First released in:

5551

Additional Resources

Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (KB958690)

http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx

All Information

Timeline -

3/20/2009

subscription only

3/10/2009

Vendor has provided a patch.

Description -

A vulnerability in the Windows Kernel may allow for remote code execution attacks. The flaw is specific to the kernel component of GDI (Graphics Device Interface). Input passed from user mode to the GDI kernel component is not properly validated. Exploitation can be achieved via a specially-crafted web page designed to exploit this vulnerability.Upon successful exploitation, an attacker may gain the ability to execute arbitrary code in kernel mode.

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:

(MS09-006) Microsoft Windows Kernel Input Validation Vulnerability (958690)

Signature identifier:

6492

Release date:

3/9/2009

McAfee Intrushield

Signature:

HTTP: Microsoft Windows Kernel Input Validation Vulnerability

Signature identifier:

0x40258500

Release date:

3/10/2009

First released in:

5.1.15, 4.1.45, 3.1.82

McAfee Host IPS

Signature:

Vulnerabilities in Windows Win32k Kernel Could Allow Remote Code Execution

Signature identifier:

2212

Release date:

3/10/2009

First released in:

Build

McAfee Anti-Virus protection

Detection for some attack vectors will be added in the 5551 DATs on March 12th, 2009 when scanning with heuristics enabled using the following products: SIG, SWG, GS, VSE E-mail, VSO E-mail.

Signature:

Exploit-CVE2009-0081

Signature identifier:

5551

Release date:

3/11/2009

First released in:

5551

Additional Resources

Additional Resources -

Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (KB958690)

http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx