Windows Kernel Mode Driver keyboard layout Local Privilege Elevation Vulnerability (MS12-047)

Release date:
Updated on:

Affected Systems:
Microsoft Windows XP Service Pack 3 0
Microsoft Windows XP Professional x64 Edition S
Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Vista SP2
Microsoft Windows Server 2008 R2 x64 SP1
Microsoft Windows Server 2008 R2 x64 0
Microsoft Windows Server 2008 R2 Itanium 0
Microsoft Windows Server 2008 for x64-based Sys
Microsoft Windows Server 2008 for Itanium-based
Microsoft Windows Server 2008 for 32-bit System
Microsoft Windows Server 2003x64 SP2
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for x64-based Systems 0
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for 32-bit Systems 0
Microsoft Windows
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54285
Cve id: CVE-2012-1890

Microsoft Windows is a series of Operating Systems launched by Microsoft.

A permission escalation vulnerability exists when the driver in Windows Kernel Mode processes a specific keyboard layout. After successful exploitation, any code can be run in kernel mode.

<* Source: Microsoft
Nicolas Economou

Link: http://www.microsoft.com/technet/security/bulletin/MS12-047.asp
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Microsoft
---------
Microsoft has released a Security Bulletin (MS12-047) and patches for this:

MS12-047: Vulnerabilities in Windows Kernel-Mode Drivers cocould Allow Elevation of Privilege (2718523)

Link: http://www.microsoft.com/technet/security/bulletin/MS12-047.asp