Check Point Advisories

Update Protection against Windows Kernel Exception Handler Vulnerability (MS10-015)

Check Point Reference: CPAI-2010-104
Date Published: 12 Feb 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Microsoft Security Bulletin MS10-015
Industry Reference:


Protection Provided by:
Who is Vulnerable? Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Vulnerability Description An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system, providing system level services such as device management and memory management. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Update/Patch AvaliableMicrosoft has provided a patch:
Microsoft Security Bulletin MS10-015 
Vulnerability DetailsThe Windows kernel does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (NTVDM) subsystem. The Windows Virtual DOS Machine (NTVDM) subsystem is a protected environment subsystem that emulates MS-DOS and 16-bit Windows within Windows NT-based operating systems.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.