Alert – Microsoft Security Advisory 979682 Released
What is the purpose of this alert?
This alert is to notify you that Microsoft has released Security Advisory 979682 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege – on January 20, 2009.
Summary
Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.
Affected Software
The security advisory discusses the following software.
|
Affected Software |
|
Microsoft Windows 2000 Service Pack 4 |
|
Windows XP Service Pack 2 and Windows XP Service Pack 3 |
|
Windows Server 2003 Service Pack 2 |
|
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 |
|
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 |
|
Windows 7 for 32-bit Systems |
|
Non-Affected Software |
|
Windows XP Professional x64 Edition Service Pack 2 |
|
Windows Server 2003 x64 Edition Service Pack 2 |
|
Windows Server 2003 with SP2 for Itanium-based Systems |
|
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 |
|
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 |
|
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 |
|
Windows 7 for x64-based Systems |
|
Windows Server 2008 R2 for x64-based Systems |
|
Windows Server 2008 R2 for Itanium-based Systems |
Mitigating Factors
-
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
-
Windows operating systems for x64-based and Itanium-based computers are not affected.
Recommendations
Review Microsoft Security Advisory 979682 for an overview of the issue, details on affected components, mitigating factors, workarounds, suggested actions, frequently asked questions (FAQs), and links to additional resources.
Customers who believe they are affected can contact Customer Service and Support (CSS) in North America for help with security update issues or viruses at no charge using the PC Safety line (866) PCSAFETY. International customers can contact Customer Service and Support by using any method found at http://www.microsoft.com/protect/worldwide/default.mspx.
