Content
(MS09-058) Windows Kernel NULL Pointer Dereference Vulnerability (971486)
- Type
- Logic error
- Impact of exploitation
- Privilege Escalation
- User Interaction
- user interaction is needed
- Attack Vector
- Authenticated locally logged on user with limited privileges
- Rating
- Low
- CVE reference
- CVE-2009-2516,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP3,
- Windows XP X64 Professional,
- Windows Server 2003 2003 SP2,
- Windows 2003 Server X64 SP2,
- Windows Vista SP1,
- Windows Vista X64 SP1,
- Windows Server 2008 RTM,
- Summary
- A vulnerability in the Windows Kernel may allow for targeted elevation of privilege attacks.
Tab Navigation
Description
A vulnerability in the Windows Kernel may allow for targeted elevation of privilege attacks. The vulnerability is due to the insufficient validation of certain data passed from user mode. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-058) Windows Kernel NULL Pointer Dereference Vulnerability (971486)
- Signature identifier:
- 7204
- Release date:
- 10/13/2009
McAfee Intrushield
McAfee Host IPS
- Signature:
- (MS09-058) Windows Kernel NULL Pointer Dereference Vulnerability (971486)
- Signature identifier:
- 7204
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
McAfee Anti-Virus protection
This threat can be detected generically as Generic Malware.co in the 5695 DATs since August 1st, 2009.
- Signature:
- 5695
- Release date:
- 7/31/2009
- First released in:
- Generic Malware.co
Additional Resources
(MS09-058) Windows Kernel NULL Pointer Dereference Vulnerability (971486)
http://www.microsoft.com/technet/security/bulletin/ms09-0xx.mspx
All Information
Timeline -
10/13/2009
Vendor has provided a patch.
Description -
A vulnerability in the Windows Kernel may allow for targeted elevation of privilege attacks. The vulnerability is due to the insufficient validation of certain data passed from user mode. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-058.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-058) Windows Kernel NULL Pointer Dereference Vulnerability (971486)
- Signature identifier:
- 7204
- Release date:
- 10/13/2009
McAfee Intrushield
McAfee Host IPS
- Signature:
- (MS09-058) Windows Kernel NULL Pointer Dereference Vulnerability (971486)
- Signature identifier:
- 7204
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
McAfee Anti-Virus protection
This threat can be detected generically as Generic Malware.co in the 5695 DATs since August 1st, 2009.
- Signature:
- 5695
- Release date:
- 7/31/2009
- First released in:
- Generic Malware.co
Additional Resources
Additional Resources -
(MS09-058) Windows Kernel NULL Pointer Dereference Vulnerability (971486)
http://www.microsoft.com/technet/security/bulletin/ms09-0xx.mspx
