Attackers must log in locally to an affected system to exploit this vulnerability, which reduces the source of potential attacks. Systems most at risk are multi-user workstations, terminal services, or hosting providers with large user bases that may allow unknown or untrusted user access. If an exploit is successful, the attacker could execute arbitrary code, possibly resulting in a complete system compromise.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the August 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for August 2009
The update available from Microsoft corrects this vulnerability by validating data within IOCTLs.