Multiple priviledge escalation vulnerabilities in Microsoft Windows
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2009-1126 CVE-2009-1125 CVE-2009-1124 CVE-2009-1123 |
| CWE-ID | CWE-233 CWE-622 CWE-822 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Vulnerability #4 is being exploited in the wild. |
| Vulnerable software |
Windows Server Operating systems & Components / Operating system Windows Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU1341
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2009-1126
CWE-ID:
CWE-233 - Improper Handling of Parameters
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper validation of user-mode input. By running a malicious application, a local attacker can edit an unspecified desktop parameter and execute arbitrary code in kernel mode.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server: 2003
Windows: XP - 2000
CPE2.3- cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:XP:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms09-025.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Privilege escalation
EUVDB-ID: #VU1340
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2009-1125
CWE-ID:
CWE-622 - Improper Validation of Function Hook Argument
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper validation of an argument to an unspecified system call. By running a malicious application, a local attacker can submit malformed calls to the Windows Kernel and execute arbitrary code in kernel mode.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
Windows: Vista - 2000
Windows Server: 2003 - 2008
CPE2.3 External linkshttps://technet.microsoft.com/en-us/library/security/ms09-025.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU1339
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2009-1124
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper validation of changes in certain kernel objects. By running a malicious application, a local attacker can submit malformed calls to the Windows Kernel and execute arbitrary code in kernel mode.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
Windows: Vista - 2000
Windows Server: 2003 - 2008
CPE2.3https://technet.microsoft.com/en-us/library/security/ms09-025.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU1338
Risk: Medium
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2009-1123
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper validation of changes in certain kernel objects. By running a malicious application, a local attacker can submit malformed calls to the Windows Kernel and execute arbitrary code in kernel mode.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Note: according to reports this vulnerability was being actively exploited before Microsoft issued security patch.
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=79b0481d-a3d7-477b-928a-a98cc79374af
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=6349e046-a3f8-4ae5-b8c3-c9879cc99e8f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3769800e-af93-4a44-8a1e-b30cc54b226f
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9356404c-d89a-4de0-b9b4-f6e1bdadf745
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=5a3123af-173d-49eb-9997-14e82e764aee
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=13b50993-410f-4e7a-a33a-6d9b48dbb4d1
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c31b36f8-330c-4a0c-9a3d-7cbe9a1ab8c8
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=7d70a65f-07ce-4992-8bec-28fefd7587bc
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98ba52b2-da1a-4939-a10e-d43b3a7e7ed4
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=dbaa5a72-c267-4907-a207-525c2803d7b9
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
http://go.microsoft.com/fwlink/?LinkId=132503
Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=e0e3ad56-a363-44ba-af4d-b7f551c88afd
Windows: Vista - 2000
Windows Server: 2003 - 2008
CPE2.3https://technet.microsoft.com/en-us/library/security/ms09-025.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
