Paul Caton

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000 SP4 through Server 2008 Description: The issue arises from the Windows kernel's failure to properly validate window properties sent from a parent window to a child window during the creation of a new window. This allows local users to gain privileges via a crafted application. An attacker who successfully exploits this could run arbitrary code in kernel mode, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Recommendations: For Microsoft Windows 2000 SP4, update to a newer version to mitigate the risk. For Microsoft Windows XP SP2 and SP3, apply the relevant patch or update to a newer version. For Microsoft Windows Server 2003 SP1 and SP2, apply the relevant patch or update to a newer version. For Microsoft Windows Vista Gold and SP1, apply the relevant patch or update to a newer version. For Microsoft Windows Server 2008, apply the relevant patch or update to a newer version.