Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error in the User Account Control (UAC) Consent UI component when processing certain registry values occurs, allowing a local attacker to use a specially crafted program to gain elevated privileges and execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• CVE ID: 2010-3961 (see also: NVD)
• Microsoft Knowledge Base Article: 2442962
• SCIP VulDB ID: 4224
• Secunia Advisory ID: 42614
• Bugtraq ID: 45318
• Vendor Specific News/Changelog Entry: http://blogs.technet.com/b/msrc/archive/2010/12/09/december-2010-advance-notification-service-is-released.aspx
• News Article: http://www.computerworld.com/s/article/9200642/Microsoft_slates_another_monster_Patch_Tuesday?taxonomyId=17&pageNumber=1
  http://www.informationweek.com/blog/main/archives/2010/12/patch_tuesday_t.html
  http://www.pcmag.com/article2/0,2817,2374148,00.asp
• Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
• Microsoft Security Bulletin: MS10-100

• Cesar Cerrudo - Argeniss