(MS13-058) Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
Publish Date: 14 agosto 2013
Gravità: : Basso
Identificatori CVE: CVE-2013-3154
Data notifica: 14 agosto 2013
Descrizione
This security update resolves a privately reported vulnerability in Windows Defender for Windows 7 and Windows Defender when installed on Windows Server 2008 R2. The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Soluzioni
Software e versione interessati:
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1