Multiple Vulnerabilities in Windows Kernel Allows Elevation of Privilege and DoS (MS05-018)
13 Apr. 2005
Summary
Multiple vulnerabilities have been discovered in the Windows Kernel. The vulnerabilities are: a buffer overflow in the font processing component, a buffer overflow in the object management component and a privilege escalation vulnerability via CSRSS.
* Microsoft Windows Server 2003 for Itanium-based Systems Download the update
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Immune Systems:
* Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows XP Professional x64 Edition
Font Vulnerability:
Buffer overflow in the font processing component of Microsoft Windows allows local users to gain privileges via a specially-designed application.
Mitigating Factors for Font Vulnerability:
* An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
* Attempts to exploit this vulnerability on systems that are running Windows XP Service Pack 2 would most likely result in a denial of service condition.
Status of Windows 98, Windows 98 Second Edition and Windows Millennium Edition:
Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition contain the affected component, the vulnerability is not critical.
Windows Kernel Vulnerability:
The kernel of Microsoft Windows allows local users to gain privileges via certain access requests.
This vulnerability could allow a logged on user to take complete control of the system.
Mitigating Factors for Windows Kernel Vulnerability:
* An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Status of Windows 98, Windows 98 Second Edition and Windows Millennium Edition:
This systems are not effected by this vulnerability.
Object Management Vulnerability:
Buffer overflow in Microsoft Windows allows local users to cause a denial of service via a malformed request, also known as "Object Management Vulnerability".
An attacker who exploited this vulnerability could cause the affected system to stop responding and automatically restart.
Mitigating Factors for Object Management Vulnerability:
* An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
* An attacker can cause the local system to stop responding. However, this vulnerability does not allow an attacker to execute code.
Status of Windows 98, Windows 98 Second Edition and Windows Millennium Edition:
Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition contain the affected component, the vulnerability is not critical.
CSRSS Vulnerability:
CSRSS is the user-mode part of the Win32 subsystem. Win32.sys is the kernel-mode portion of the Win32 subsystem. The Win32 subsystem must be running at all times. CSRSS is responsible for console windows, for creating threads, for deleting threads, and for some parts of the 16-bit virtual MS-DOS environment. CSRSS services only those requests that other processes make on the same local computer.
The Client Server Runtime System (CSRSS) process of Microsoft Windows allows local users to gain privileges via a specially-designed application.
Mitigating Factors for CSRSS Vulnerability:
* An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
* An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Status of Windows 98, Windows 98 Second Edition and Windows Millennium Edition:
This systems are not effected by this vulnerability.
