Microsoft Windows Workstation Service Vulnerability
 |
 |
 |
 |
 |
An elevation of privilege vulnerability has been reported in the Microsoft Windows Workstation Service. An attacker may exploit this issue to run arbitrary code with elevated privileges on an affected system.
Microsoft Windows Workstation Service routes local file system requests and remote file or print network requests via Remote Procedure Call (RPC). RPC is a protocol that a program can use to request a service from another program which is located on another computer in a network.
The vulnerability is due to a possible "Double Free" condition occurring in the service. The "Double Free" condition occurs when an attacker could cause an affected system, while processing a specially crafted program, to try to release or "free" memory that may have been set aside for use multiple times. Releasing memory that has already been freed could lead to memory corruption. The Windows Workstation Service fails to properly allocate and free memory when receiving specially crafted RPC messages. A remote attacker can exploit this issue by specially crafting a malicious RPC request and sending it to an affected system.
Check Point provides protection against attacks that use this vulnerability through its integrated IPS offerings, IPS Software Blade, and SmartDefense. The protection detects and blocks malformed RPC requests sent to the vulnerable service. See CPAI-2009-155.