Security 10810 Published by

Microsoft updated the following security bulletins:

- MS11-011 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Version:1.1
- MS10-092 - Important: Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) - Version:1.1
- Microsoft Security Advisory (2491888): Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege



MS11-011 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (March 2, 2011): Added a link to Microsoft Knowledge Base Article 2393802 under Known Issues in the Executive Summary.

Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Read more

MS10-092 - Important: Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (March 2, 2011): Added a link to Microsoft Knowledge Base Article 2305420 under Known Issues in the Executive Summary.

Summary: This security update resolves a publicly disclosed vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Read more

Microsoft Security Advisory (2491888): Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
Revision Note: V1.0 (February 23, 2011): Advisory published.

Summary: Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.
Read more