BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Windows NtUserCheckAccessForIntegrityLevel Use-After-Free

Disclosed July 5, 2010    Fully Patched

Vulnerability Description:

Microsoft Windows 2008 and Windows Vista contain a vulnerability within the kernel-mode driver win32k.sys. By making numerous calls to the "NtUserCheckAccessForIntegrityLevel" function, a failure in "LockProcessByClientId" is triggered which decrements a reference counter to an object twice, instead of only once, thereby resulting in the freed object being used. A local attacker that is able to leverage the reference count leak could potentially execute arbitrary code with elevated privileges or cause the system to crash.

Vendors:

Microsoft

Vulnerable Software/Devices:

Windows Vista SP1
Windows Server 2008 SP1/SP2

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Denial of Service
Local denial of service This vulnerability would likely be utilized in situations where the goal of the attacker is to crash a system. It would need to be used in tandem with some other exploit to gain access to the system, since this DoS is a local vulnerability. After exploiting the vulnerability, the system will be forced to restart, thus disrupting any services might be running.

BeyondTrust Prevention and Detection:

Mitigation:

There are no known forms of mitigating this vulnerability. It may be possible to limit exploitation by restricting access to trusted users and applications.

Links:

CVE(s):

None

Leave a Reply