CVE-2012-0179

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 R2 and R2 SP1 Microsoft Windows 7 Gold and SP1

Description The issue is caused by a double free vulnerability in the Windows TCP/IP stack, specifically when handling the binding of IPv6 addresses to a local interface. This allows local users to gain privileges via a crafted application. The vulnerability affects Windows 7 and Windows Server 2008 R2.

Recommendations For Microsoft Windows Server 2008 R2 and R2 SP1, update to a version that properly handles IPv6 address binding to prevent privilege escalation. For Microsoft Windows 7 Gold and SP1, update to a version that properly handles IPv6 address binding to prevent privilege escalation. As a temporary workaround, consider restricting access to the tcpip.sys module to minimize the risk of exploitation.