Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) |
Informations | |||
---|---|---|---|
Name | MS09-012 | First vendor Publication | 2009-04-14 |
Vendor | Microsoft | Last vendor Modification | 2009-04-29 |
Severity (Vendor) | Important | Revision | 2.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.0 (April 29, 2009): Added an entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update to communicate the rerelease of the Norwegian-language update for Microsoft Windows 2000 Service Pack 4 (KB952004). Customers who require the Norwegian-language update need to download and install the rereleased update. No other updates or locales are affected by this rerelease.Summary: This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-012.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
75 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-269 | Improper Privilege Management |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5891 | |||
Oval ID: | oval:org.mitre.oval:def:5891 | ||
Title: | Microsoft Distributed Transaction Coordinator Service Isolation Vulnerability | ||
Description: | Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1436 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Distributed Transaction Coordinator |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6147 | |||
Oval ID: | oval:org.mitre.oval:def:6147 | ||
Title: | Windows RPCSS Service Isolation Vulnerability | ||
Description: | The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0079 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6177 | |||
Oval ID: | oval:org.mitre.oval:def:6177 | ||
Title: | Windows Thread Pool ACL Weakness Vulnerability | ||
Description: | The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0080 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6193 | |||
Oval ID: | oval:org.mitre.oval:def:6193 | ||
Title: | Windows WMI Service Isolation Vulnerability | ||
Description: | The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0078 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-15 | Name : Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) File : nvt/secpod_ms09-012.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53668 | Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation |
53667 | Microsoft Windows RPCSS Service Isolation Local Privilege Escalation |
53666 | Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Pr... |
44580 | Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImp... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | IIS ASP/ASP.NET potentially malicious file upload attempt RuleID : 15470 - Revision : 8 - Type : FILE-EXECUTABLE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-15 | Name : A local user can elevate his privileges on the remote host. File : smb_nt_ms09-012.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:12 |
|
2014-01-19 21:30:18 |
|