CVE-2012-1890

Name of the Vulnerable Software and Affected Versions Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2, R2, and R2 SP1 Windows 7 versions Gold and SP1

Description The issue arises from the improper handling of keyboard-layout files by the win32k.sys in the kernel-mode drivers. This allows local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver handles specific keyboard layouts, potentially enabling an attacker to run arbitrary code in kernel mode. This could lead to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full administrative rights.

Recommendations For Windows XP versions SP2 and SP3, update the kernel-mode driver to a version that properly handles keyboard-layout files. For Windows Server 2003 version SP2, apply a patch that fixes the elevation of privilege vulnerability in the Windows kernel-mode driver. For Windows Vista version SP2, install an update that addresses the improper handling of keyboard layouts. For Windows Server 2008 versions SP2, R2, and R2 SP1, apply a security update that resolves the vulnerability in the kernel-mode driver. For Windows 7 versions Gold and SP1, install a patch that fixes the elevation of privilege vulnerability in the Windows kernel-mode driver.