Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial of service.
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.
Microsoft has released an advisory and updates. Please see the references for details. UPDATE: Microsoft has released a notice stating that some customers have to restart their computers after installing the security updates for this vulnerability. Subsequently, Microsoft has removed the updates from Windows Update for the time being until the issue can be resolved. Microsoft recommends applying the workarounds described in MS10-015 to mitigate the vulnerability. We will update this BID as more information emerges. UPDATE (February 18, 2010): Further investigation by the vendor indicates that the presence of the Alureon rootkit is the cause of the issues with the installation of the MS10-015 patch. A Windows 32-bit system infected with the Alureon rootkit will undergo a 'blue screen' crash after the security updates are installed. Since Alureon can infect only 32-bit systems, Microsoft has now opened up automatic updates of this patch for 64-bit platforms. UPDATE (March 2, 2010): Updates available via Windows Update contain revised installation code to compensate for update problems on infected computers.