Geoff Mcdonald

**Name of the Vulnerable Software and Affected Versions** Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2, R2, and R2 SP1 Windows 7 versions Gold and SP1 Windows 8 version Consumer Preview **Description** The issue arises from the improper management of Keyboard Layout files by the win32k.sys in the kernel-mode drivers. This allows local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver manages Keyboard Layout files, which could allow an attacker to run arbitrary code in kernel mode. The attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights. **Recommendations** For Windows XP versions SP2 and SP3, update the win32k.sys driver to a patched version. For Windows Server 2003 version SP2, update the win32k.sys driver to a patched version. For Windows Vista version SP2, update the win32k.sys driver to a patched version. For Windows Server 2008 versions SP2, R2, and R2 SP1, update the win32k.sys driver to a patched version. For Windows 7 versions Gold and SP1, update the win32k.sys driver to a patched version. For Windows 8 version Consumer Preview, update the win32k.sys driver to a patched version.