Summary

Security Advisory ID : BSA-2018-602

Component : Win32k

Revision : 1.0: Final

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Technologies Affected
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2

Affected Products

No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Note

Brocade Manageability products are not vulnerable to this vulnerability. However, since the environment that runs the products is not under Brocade's Control, Brocade recommends Customers to apply the recommendation from the vendors.

Workaround

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.To exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.

Revision History