CVE-2009-1123

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows XP SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Gold Microsoft Windows Vista SP1 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2

Description The issue is related to the improper validation of changes to unspecified kernel objects, allowing local users to gain privileges via a crafted application. This can lead to an elevation of privilege, enabling an attacker to run arbitrary code in kernel mode, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows 2000 SP4, update to a newer version to mitigate the risk. For Microsoft Windows XP SP2, update to a newer version to mitigate the risk. For Microsoft Windows XP SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista Gold, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP1, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to kernel objects to minimize the risk of exploitation.