There is an authentication vulnerability in the Windows debugging subsystem (smss). This allows any user to obtain a handle with any access of any process running. With this handle an agent is injected in a SYSTEM process. The update fixes an issue with HANDLEType in win32native lib.
Thursday, March 19, 2015 - 00:00