Font Vulnerability Description:
There is a privilege elevation vulnerability in the way Windows handles certain fonts. A logged in user can fully control the system by exploiting this vulnerability.
Windows Kernel Vulnerability Description:
An elevation of privilege vulnerability exists in the way that affected operating system versions handle certain access requests. A logged in user can fully control the system by exploiting this vulnerability.
Object Management Vulnerability Description:
A denial of service vulnerability exists that could allow an attacker to locally send a specially crafted request to an affected operating system version. An attacker who exploited this vulnerability could cause the affected system to stop responding and automatically restart.
CSRSS Vulnerability Description:
An elevation of privilege vulnerability exists in the way that affected operating system versions handle certain access requests. A logged in user can fully control the system by exploiting this vulnerability.
Affected Software:
· Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
?C Download this update
· Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 ?C Download this update
· Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) ?C Download this update
· Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) ?C Download this update
· Microsoft Windows Server 2003 ?C to download this update
· Microsoft Windows Server 2003 (for Itanium-based systems) )C Download this update
Unaffected Software:
· Microsoft Windows Server 2003 Service Pack 1
· Microsoft Windows Server 2003 with SP1 (for Itanium-based)
· Microsoft Windows Server 2003 x64 Edition
· Microsoft Windows XP Professional x64 Edition
Ways to mitigate the impact:
Font Vulnerability:
· An attacker must have valid login credentials and be able to log in locally to exploit this vulnerability. Anonymous users cannot exploit this vulnerability and cannot exploit this vulnerability remotely.
· Attempts to exploit this vulnerability in systems running Windows XP Service Pack 2 are most likely to result in a denial of service.
Windows Kernel Vulnerability:
· An attacker must have valid login credentials and be able to log in locally to exploit this vulnerability. Anonymous users cannot exploit this vulnerability and cannot exploit this vulnerability remotely.
Object Management Vulnerability:
· An attacker must have valid login credentials and be able to log in locally to exploit this vulnerability. Anonymous users cannot exploit this vulnerability and cannot exploit this vulnerability remotely.
· An attacker could cause the local system to stop responding. However, this vulnerability does not allow an attacker to execute code.
CSRSS Vulnerability:
· An attacker must have valid login credentials and be able to log in locally to exploit this vulnerability. Anonymous users cannot exploit this vulnerability and cannot exploit this vulnerability remotely.