MS12-009: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)

Issued: 14 FEB 2012

Internet Security Systems Guidance

Two privately reported vulnerabilities in afd.sys were addressed in this update. Both of these could be leveraged to gain an escalation of privilege if a local authenticated attacker ran a specially crafted program. Exploitation would allow the attacker to run code in the context of the kernel.

Coverage Related CVEs Coverage Date Exploit Dates Content Update Versions
win-ms12kb2645640-update CVE-2012-0149
CVE-2012-0148
14 FEB 2012 N/A Enterprise Scanner 1.90
Internet Scanner software 7.2 XPU 7.2.104

References

Microsoft: http://technet.microsoft.com/en-us/security/bulletin/ms12-009
X-Force Database: http://xforce.iss.net/xforce/xfdb/72841