[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for Windows (English)'
autonotify at us.ibm.com
autonotify at us.ibm.com
Fri Nov 29 02:01:06 PST 2013
Fixlet Site - 'Patches for Windows (English)'
Current Version: 1881 Published: Thu, 28 Nov 2013 11:31:33 GMT
New Fixlets:
============
***************************************************************
Title: 2914486: Microsoft Security Advisory - Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege - Enable workaround - Windows XP SP3 / Windows Server 2003 SP2
Severity: <Unspecified>
Fixlet ID: 291448601
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2914486
Fixlet Description: Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003. The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Important Note: This is a Workaround which disables NDProxy.sys. Disabling NDProxy.sys will cause certain services that rely on Windows Telephony Application Programming Interfaces (TAPI) to not function. Services that will no longer work include Remote Access Service (RAS), dial-up networking, and virtual private networking (VPN).
***************************************************************
Title: 2914486: Microsoft Security Advisory - Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege - Disable Workaround - Windows XP SP3 / Windows Server 2003 SP2
Severity: <Unspecified>
Fixlet ID: 291448603
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2914486
Fixlet Description: Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003. The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Important Note: This is a Workaround which disables NDProxy.sys. Disabling NDProxy.sys will cause certain services that rely on Windows Telephony Application Programming Interfaces (TAPI) to not function. Services that will no longer work include Remote Access Service (RAS), dial-up networking, and virtual private networking (VPN).
More information about the BigFix-Announcements
mailing list