Microsoft Windows Kernel Multiple Vulnerabilities ( 11 August 2010 )

1. Windows Kernel Data Initialization Vulnerability

An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel deals with specific thread creation attempts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

2. Windows Kernel Double Free Vulnerability

An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel initializes objects while handling certain errors. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. Windows Kernel Improper Validation Vulnerability

A denial of service vulnerability exists in the way that the Windows kernel validates access control lists on kernel objects. An attacker could exploit the vulnerability by running a specially crafted application causing the system to become unresponsive and automatically restart.