The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows xp |
||
microsoft windows server 2003 |
||
microsoft windows server 2008 r2 |
||
microsoft windows 7 |
||
microsoft windows 8 - |
||
microsoft windows server 2012 - |
||
microsoft windows vista |
||
microsoft windows server 2008 |
Stolen card values on the way down ahead of chip card debut
A hacker group has stolen some 10 million credit cards, putting itself in a position to score US$400 million (£279 million, A$516 million) by infecting 2000 payment terminals with the Trinity point of sales malware. Security firm FireEye and subsidiaries iSIGHT Partners and Mandiant examined the "Fin6" group last year after it was found plundering millions of cards. The first two firms now say the cards stolen from hospitality and retails firms have earned the hacking group hundreds of millions...
Plus: Dodgy app unpatched for 180 days? We'll kick it out of Marketplace
Microsoft's Patch Tuesday for July landed overnight with a bumper crop of seven bulletins, six of which cover critical flaws that carry remote code execution risks. And the Windows 8 giant today revealed that one of these, CVE-2013-3163, is currently under active attack online. Every supported operating system, every version of MS Office, Lync, Silverlight, Visual Studio and .NET will need patching - creating plenty of work for sysadmins worldwide. The patch batch grapples with a total of 34 vul...
Sysadmins, take a deep breath...
Microsoft is planning a high-impact edition of Patch Tuesday with seven bulletins this month - six of which cover critical flaws. The less-than-magnificent seven cover all supported versions of Windows and every version of MS Office, as well as updates for Lync, Silverlight, Visual Studio and .NET. Internet Explorer, from IE6 on Windows XP to IE10 on Windows 8, and also on Windows RT, needs patching because of a critical vulnerability. "This is one of the uglier releases we’ve seen from Micros...