CERT-In Vulnerability Note CIVN-2006-84
Microsoft Windows Kernel Remote Code execution vulnerabilities
Original Issue Date: August 09, 2006
Severity Rating:
Medium
Systems Affected
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
Overview
Two vulnerabilities have been reported in Microsoft Windows Kernel that could be exploited by attacker to take complete control of the vulnerable system.
Description
User Profile Elevation of Privileges Vulnerability (CVE-2006-3443)
Winlogon is the process that manages security-related user interactions in Windows. It handles logon and logoff requests, locking or unlocking the machine, changing the password, and other requests.
The vulnerability is caused due to an error while processing user supplied path via Winlogon. Winlogon does not check the authenticity of the supplied path.
An attacker could exploit this vulnerability by logging into the vulnerable system locally and creating and placing a specially crafted . dll file in the user directory. Winlogon could execute the code of the crafted .dll which could result in the elevation of user privileges and could allow an attacker to take complete control of the system. Remote exploitation of the vulnerability is not possible.
Unhandled Exception Vulnerability (CVE-2006-3648)
The vulnerability is caused due to improper exception handling in memory resident applications.
An attacker could remotely exploit this vulnerability by creating and hosting a website that contains a specially crafted webpage and by persuading user to visit the website typically by getting them to click on a link. An attacker could take complete control of the system by exploiting this vulnerability.
Workarounds
User Profile Elevation of Privileges Vulnerability (CVE-2006-3443)
- Set SafeDllSearchMode to 1
Unhandled Exception Vulnerability (CVE-2006-3648)
- Disable active scripting in the My Computer zone
- Read e-mail messages in plain text format if you are using Outlook 2002
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-051
Vendor Information Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-051.mspx
Refrences
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-051.mspx
US CERT
http://www.kb.cert.org/vuls/id/411516
FrSIRT
http://www.frsirt.com/english/advisories/2006/3216
CVE Name
CVE-2006-3443
CVE-2006-3648
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
