CERT reported that:
Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.
That last bit is the piece that should concern you. Microsoft responded with one of this month’s Patch Tuesday updates (thanks to Patrick Lownds for the link). MS12-042 fixes this issue and is distributed through the normal Windows Updates catalogue.
An elevation of privilege vulnerability exists in the way that the Windows User Mode Scheduler handles system requests. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Mitigating factors for user mode scheduler memory corruption vulnerability:
- An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
- This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2.
- Systems with AMD or ARM-based CPUs are not affected by this vulnerability.
Update your servers, including Hyper-V hosts with this update. System Center 2012 VMM will automate this for you if you have it and configured the updates feature.
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.