(MS12-001) Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)

Publish date: January 11, 2012

Severity: HIGH

CVE Identifier: CVE-2012-0001

Advisory Date: JAN 11, 2012

DESCRIPTION

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C .NET 2003 can be used to exploit this vulnerability.

SOLUTION

PATCH: http://technet.microsoft.com/en-us/security/bulletin/ms12-001

AFFECTED SOFTWARE AND VERSION

Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Related Vulnerability

January 2012- Microsoft Releases 7 Security Advisories

Featured Stories

$Open Ran Attack of xApps$
Open RAN: Attack of the xApps
This article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handling
Read more
$A Closer Exploration of Residential Proxies and CAPTCHA-Breaking Services$
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking Services
This article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.
Read more
$How Residential Proxies and CAPTCHA-Solving Services Become Agents of Abuse$
How Residential Proxies and CAPTCHA-Solving Services Become Agents of Abuse
This article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.
Read more
$Cloud-native apps$
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native Applications
We provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.
Read more

(MS12-001) Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)

DESCRIPTION

SOLUTION

AFFECTED SOFTWARE AND VERSION

Related Vulnerability

Featured Stories

Resources

Support

About Trend

Country Headquarters

(MS12-001) Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)

DESCRIPTION

SOLUTION

AFFECTED SOFTWARE AND VERSION

Related Vulnerability

Featured Stories

Resources

Support

About Trend

Country Headquarters

The Americas

Middle East & Africa

Europe

Asia & Pacific