(MS13-093) Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)

  Severity: HIGH
  CVE Identifier: CVE-2013-3887
  Advisory Date: NOV 21, 2013

  DESCRIPTION

This security update resolves a reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker logs on to an affected system as a local user, and runs a maliciously- crafted application on the system that is designed to enable the attacker to obtain information from a higher-privileged account.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
  • Windows 8 for x64-based Systems
  • Windows Server 2012
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012 (Server Core installation)