Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the kernel-mode drivers in win32k.sys fail to properly validate pseudo-handle values in callback parameters during window creation, allowing a local authenticated attacker to gain full user privileges.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• CVE ID: 2010-1897 (see also: NVD)
• Microsoft Knowledge Base Article: 2160329
• Secunia Advisory ID: 40878
• Bugtraq ID: 42206
• Related OSVDB ID: 66979 66980 66981 66982
• Mail List Post: http://seclists.org/fulldisclosure/2010/Aug/115
• Other Advisory URL: http://www.coresecurity.com/content/microsoft-windows-createwindow-function-callback-bug
• Microsoft Security Bulletin: MS10-048

• Nicolas Economou - Core Security Technologies