SkyRecon Identifies Two Kernel-Level Windows Vulnerabilities

(17/11/2008)

SkyRecon® Systems' research team has uncovered two kernel-level vulnerabilities – CVE-2008-2252 and CVE-2008-3464 – both located in multiple versions of the Microsoft® Windows® operating system.

The Microsoft Windows kernel is the virtual interface between the hardware and the operating system, providing administrative control over multiple subsystems, processes, and memory. Some of the subsystems are designed run within the kernel space, providing direct access to the other kernel-level services directly through the operating system layer. Compromise of the kernel via one of the kernel-level subsystems could expose the system to further compromise, such as a root-kit injection that could lead to hi-jacking and remote control of the endpoint.

“These are two important vulnerabilities that our research team has identified and that are being patched this month,” said Thomas Garnier, Senior Research Engineer at SkyRecon Systems. “During our ongoing security research of the Windows kernel environment and our passionate desire to protect the Windows business environment, we found these two important vulnerabilities which could be used to increase privileges for the compromised subsystem, effectively granting local access to every component of the system – both hardware and software.”

Both vulnerabilities – CVE-2008-2252 and CVE-2008-3464 – affect the kernel in the following 32-bit, 64-bit, and Itanium versions of the Windows operating systems: Windows XP Professional, Windows 2000 Server, and Windows 2003 Server. Vulnerability CVE-2008-2252 affects Windows Vista as well. CVE-2008-2252 is located in the graphical kernel interface while CVE-2008-3464 is located in the network kernel interface subsystem areas. If exploited, either vulnerability could allow for a local escalation of privilege, and ultimately, system compromise.

More information regarding the vulnerabilities and the Microsoft Security Bulletin can be found at:
-Microsoft Security Bulletin MS08-061 – Important Vulnerability
Accredited to Thomas Garnier, SkyRecon Systems

-Microsoft Security Bulletin MS08-066 – Important Vulnerability
Accredited to Fabien Le Mentec, SkyRecon Systems

SkyRecon’s partnership with Microsoft and its ongoing and recent vulnerability research, enable the endpoint security vendor to be proactive in responding to the customer need for an endpoint security solution that proactively protects the system and data from compromise while not eating up their precious hardware and IT staff resources.

StormShield Security Suite provides real-time protection from both identified and zero-day attacks. The comprehensive, proactive protection is delivered through a multi-layered, light-weight single endpoint protection platform, providing integrated endpoint policy control and enforcement for: host-based intrusion prevention (HIPS), system firewall, anti-virus & anti-spyware, application control, device control, data encryption, wireless security, and network access control (NAC).

Related topics:  Application and software security   Data management and data security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources