CVE-2013-1293

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 7 Gold Microsoft Windows 7 SP1

Description The issue allows local users to gain privileges or cause a denial of service via a crafted application that leverages improper handling of objects in memory. An elevation of privilege vulnerability exists when the NTFS kernel-mode driver improperly handles objects in memory, allowing an attacker to run arbitrary code in kernel mode. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 R2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 Gold, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the NTFS kernel-mode driver to minimize the risk of exploitation.