Content

(MS07-066) Microsoft Windows Kernel Vulnerability (943078)

Type
Logic error
Impact of exploitation
Privilege Escalation
User Interaction
user interaction is needed
Attack Vector
Authenticated locally logged on user with limited privileges
Rating
Medium
CVE reference
CVE-2007-5350,
Vendor Status
Responded and patched
Vulnerable systems
Windows   Vista,
Windows  Vista x64,
Summary
A vulnerability in Microsoft Windows Vista may allow for local privilege-escalation attacks.

Tab Navigation

Description

Windows Vista is a popular operating system developed by Microsoft. A vulnerability in Microsoft Windows Vista may allow for local privilege-escalation attacks. The vulnerability lies in the improper handling of certain requests by the Vista kernel. Successful exploitation would allow code execution at the level of the kernel.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (943078): http://www.microsoft.com/technet/security/Bulletin/MS07-066.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS07-066) Microsoft Windows Kernel Vulnerability (943078)
Signature identifier:
5626
Release date:
12/10/2007

Additional Resources

Microsoft Security Bulletin: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)

http://www.microsoft.com/technet/security/Bulletin/MS07-066.mspx

All Information

Timeline -

12/11/2007

Vendor has provided a patch.

Description -

Windows Vista is a popular operating system developed by Microsoft. A vulnerability in Microsoft Windows Vista may allow for local privilege-escalation attacks. The vulnerability lies in the improper handling of certain requests by the Vista kernel. Successful exploitation would allow code execution at the level of the kernel.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft (943078): http://www.microsoft.com/technet/security/Bulletin/MS07-066.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS07-066) Microsoft Windows Kernel Vulnerability (943078)
Signature identifier:
5626
Release date:
12/10/2007

Additional Resources

Additional Resources -

Microsoft Security Bulletin: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)

http://www.microsoft.com/technet/security/Bulletin/MS07-066.mspx