Reported April 12, 2005 by Microsoft

VERSIONS AFFECTED

            Windows Server 2003
Windows XP
Windows 2000
Windows Milennium Edition (Me)
Windows 98

DESCRIPTION

The specified Windows platforms contain three vulnerabilities that could lead to privilege elevation and one vulnerability that could lead to denial of service conditions on affected systems. The privilege elevation issues are due to the way Windows processes certain fonts and access requests. The nature of denial of service condition was not explained by Microsoft in any amount of detail that could reveal what might cause the problem.

VENDOR RESPONSE

Microsoft has issued a patch, "Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)," to correct these problems.

CREDITS:

John Heasman with Next Generation Security Software Ltd.
Sanjeev Radhakrishnan, Amit Joshi, and Ananta Iyengar with GreenBorder Technologies
David Fritz