Detections
Analytics
MS09-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
high Nessus Plugin ID 39347
Language:
Synopsis
The remote Windows kernel is affected by local privilege escalation vulnerabilities.Description
The remote host contains a version of the Windows kernel that is affected by multiple vulnerabilities :- A failure of the Windows kernel to properly validate changes in certain kernel objects allows a local user to run arbitrary code in kernel mode. (CVE-2009-1123)
- Insufficient validation of certain pointers passed from user mode allows a local user to run arbitrary code in kernel mode. (CVE-2009-1124)
- A failure to properly validate an argument passed to a Windows kernel system call allows a local user to run arbitrary code in kernel mode. (CVE-2009-1125)
- Improper validation of input passed from user mode to the kernel when editing a specific desktop parameter allows a local user to run arbitrary code in kernel mode. (CVE-2009-1126)
Solution
Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-025
Plugin Details
Severity: High
ID: 39347
File Name: smb_nt_ms09-025.nasl
Version: 1.25
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 6/10/2009
Updated: 4/25/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2009-1126
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/9/2009
Vulnerability Publication Date: 6/9/2009
CISA Known Exploited Vulnerability Due Dates: 3/24/2022
Exploitable With
Core Impact
Reference Information
CVE: CVE-2009-1123, CVE-2009-1124, CVE-2009-1125, CVE-2009-1126