|MS14-002||Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)||Windows XP||Important||15-01-2014|
Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in the NDProxy component of the Windows kernel due to improper validation of input passed from user mode to the kernel. The vulnerability could allow an attacker to run code in kernel mode. An attacker who successfully exploited this vulnerability could run a specially crafted application and take complete control of an affected system.
Further information on this exploit is available at : MS14-002
Affected SoftwareWindows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems