Vulnerability

(MS13-058) Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)

Publish date: August 14, 2013

CVE-2013-3154

SEVERITY

LOW

//  ADVISORY DATE

  


DESCRIPTION

This security update resolves a privately reported vulnerability in Windows Defender for Windows 7 and Windows Defender when installed on Windows Server 2008 R2. The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

SOLUTION

AFFECTED SOFTWARE AND VERSION

  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

Featured Stories

Connect with us on