CVE-2017-8552

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP SP3 Microsoft Windows XP x64 XP2 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Microsoft Windows 7 SP1 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 8

Description The issue is related to a kernel-mode driver in Microsoft Windows that fails to properly handle objects in memory. This can allow an attacker to elevate their privileges. To exploit this, an attacker must first log on to the system. Successful exploitation could enable an attacker to run arbitrary code in kernel mode, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows XP SP3, update to a newer version that contains a fix for this issue. For Microsoft Windows XP x64 XP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2003 SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Vista, update to a newer version that contains a fix for this issue. For Microsoft Windows 7 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows 8, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the kernel-mode driver until a patch is available.