Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability

 Security Alerts  Comments Off on Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability
Jan 072013
 

Type: Vulnerability. Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability; fixes are available.

Microsoft Windows CVE-2012-1893 Local Privilege Escalation Vulnerability

 Security Alerts  Comments Off on Microsoft Windows CVE-2012-1893 Local Privilege Escalation Vulnerability
Jul 092012
 

Type: Vulnerability. Microsoft Windows is prone to a local privilege-escalation vulnerability; fixes are available.

Microsoft Windows CVE-2012-1890 Local Privilege Escalation Vulnerability

 Security Alerts  Comments Off on Microsoft Windows CVE-2012-1890 Local Privilege Escalation Vulnerability
Jul 092012
 

Type: Vulnerability. Microsoft Windows is prone to a local privilege-escalation vulnerability; fixes are available.

Microsoft Office for Mac Improper Folder Permissions Local Privilege Escalation Vulnerability

 Security Alerts  Comments Off on Microsoft Office for Mac Improper Folder Permissions Local Privilege Escalation Vulnerability
Jul 092012
 

Type: Vulnerability. Microsoft Office for Mac is prone to a local privilege-escalation vulnerability; fixes are available.

CVE-2012-0217 (from MS12-042) applies to other environments too, (Wed, Jun 20th)

 SANS Internet Storm Center, Security Alerts  Comments Off on CVE-2012-0217 (from MS12-042) applies to other environments too, (Wed, Jun 20th)
Jun 202012
 

A week ago we covered MS12-042 (Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167))on the monthly Microsoft patch update cycle. This Microsoft advisory includes two vulnerabilities:CVE-2012-0217 and CVE-2012-1515 (VMware related).
Unfortunately, the official CVE-2012-0217 only makes references to Microsoft Windows OS, but other environments are also affected by this local privilege escalation vulnerability associated to 64-bit Intel processors. From the US-CERTnote: Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape. In particular, it affects FreeBSD or Xen (RedHat, SUSE, etc).
More details at Vulnerability Note VU#649219:SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware.
—-

Raul Siles

Founder and Senior Security Analyst with Taddong

www.taddong.com

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

%d bloggers like this: