CVE-2009-0082

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 2000 SP4, XP SP2, XP SP3, Server 2003 SP1, Server 2003 SP2, Vista Gold, Vista SP1, Server 2008

Description The Windows kernel does not properly validate handles, allowing local users to gain privileges via a crafted application. This could enable an attacker to run arbitrary code in kernel mode, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For Windows 2000 SP4, update to a newer version to mitigate the risk. For Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Windows Server 2003 SP1 and SP2, update to a newer version to mitigate the risk. For Windows Vista Gold and SP1, update to a newer version to mitigate the risk. For Windows Server 2008, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the kernel until a patch is available.