CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS14-070 | Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935) | Windows Server | Important | 12-11-2014 |
Technical Information
Brief overview of the risk:
This security update resolves a publically reported vulnerability in TCP/IP that occurs during input/output control (IOCTL) processing. This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in the Windows TCP/IP stack (tcpip.sys, tcpip6.sys) that is caused when the Windows TCP/IP stack fails to properly handle objects in memory during IOCTL processing.
Further information on this exploit is available at : MS14-070
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Affected Software
Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems