Test ID:	1.3.6.1.4.1.25623.1.0.902767
Category:	Windows : Microsoft Bulletins
Title:	Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS11-087.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-087. Vulnerability Insight: The flaw is due to an error within the Win32k kernel-mode driver (win32k.sys) when parsing TrueType fonts. Vulnerability Impact: Successful exploitation could allow local attackers to run arbitrary code in kernel mode and take complete control of an affected system. An attacker could then install programs view, change, or delete data or create new accounts with full administrative rights. Affected Software/OS: - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	BugTraq ID: 50462 Common Vulnerability Exposure (CVE) ID: CVE-2011-3402 Cert/CC Advisory: TA11-347A http://www.us-cert.gov/cas/techalerts/TA11-347A.html Cert/CC Advisory: TA12-129A http://www.us-cert.gov/cas/techalerts/TA12-129A.html Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files http://isc.sans.edu/diary/Duqu+Mitigation/11950 http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf Microsoft Security Bulletin: MS11-087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 Microsoft Security Bulletin: MS12-034 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 Microsoft Security Bulletin: MS12-039 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645 http://www.securitytracker.com/id?1027039 http://secunia.com/advisories/49121 http://secunia.com/advisories/49122
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.