Update Protection against Windows Kernel Exception Handler Vulnerability (MS10-015)
| Check Point Reference: | CPAI-2010-104 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS10-015 | |
| Industry Reference(s): | ||
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 7 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008 Microsoft Windows Storage Server 2003 Microsoft Windows Vista Microsoft Windows XP Home Edition Microsoft Windows XP Professional | ||
| Vulnerability Description An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system, providing system level services such as device management and memory management. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. |
||
|
Update/Patch Available Microsoft has provided a patch: Microsoft Security Bulletin MS10-015 |
|
|
Vulnerability Details The Windows kernel does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (NTVDM) subsystem. The Windows Virtual DOS Machine (NTVDM) subsystem is a protected environment subsystem that emulates MS-DOS and 16-bit Windows within Windows NT-based operating systems. |
Protection Overview IPS-1 will detect and block he transfer of windows PE files over HTTP, SMTP, FTP, TFTP and IRC.
To configure the defense, select your product from the list below and follow the related protection steps.