(MS13-058) Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
Data de publicação: 14 agosto 2013
Schweregrad: : Baixo
Identificador(es) CVE: : CVE-2013-3154
Data do informe: 14 agosto 2013
Descrição
This security update resolves a privately reported vulnerability in Windows Defender for Windows 7 and Windows Defender when installed on Windows Server 2008 R2. The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Solução
Software infectado e versão:
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1