Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-034.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the security context of the LocalSystem account. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-034

Insight

Flaw is due to an unspecified error when improper pathnames are used by Windows Defender (Microsoft Antimalware Client).

Affected

Windows Defender for Windows 8

References

http://secunia.com/advisories/52921
http://support.microsoft.com/kb/2781197
https://technet.microsoft.com/en-us/security/bulletin/ms13-034

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0078
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Active Directory Could Allow Remote Code Execution Vulnerability (957280)
Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
Microsoft IIS Security Bypass Vulnerability (970483)
Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability

Take action and discover your vulnerabilities