Microsoft: Windows Permissions Enforcement Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that Windows enforces permissions if an attacker loads a specially crafted DLL. A locally authenticated attacker who successfully exploited this vulnerability could run arbitrary code as a system administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, an attacker would need to create and implement a malicious DLL and already be able to execute code on the target system. The security update addresses the vulnerability by correcting how Windows enforces permissions.