Consent User Interface Privilege Escalation Vulnerability (2442962) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-100.

Impact

Successful exploitation could allow an attacker to bypass security restrictions and gain the privileges. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS10-100.mspx

Insight

Consent UI does not properly process a registry key that has been set to a specific value.

Affected

Microsoft Windows 7. Microsoft Windows Vista Service Pack 2 and prior. Microsoft Windows Server 2008 Service Pack 2 and prior.

References

http://support.microsoft.com/kb/2442962
http://www.microsoft.com/technet/security/bulletin/MS10-100.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3961
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)

Take action and discover your vulnerabilities