| VID |
26692 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS15-010, 3036220) for 'Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution' has not been applied.
This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts.
- CNG Security Feature Bypass Vulnerability (CVE-2015-0010)
A security feature bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) when it fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is designed to cause CNG to improperly validate impersonation levels, potentially allowing the attacker to gain access to information beyond the access level of the local user. The security update addresses the vulnerability by correcting how the kernel-mode driver validates and enforces impersonation levels.
- Win32k Elevation of Privilege Vulnerability (CVE-2015-0057)
An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
- Windows Cursor Object Double Free Vulnerability (CVE-2015-0058)
An elevation of privilege vulnerability exists in the Windows kernel-mode driver (win32k.sys) due to a double-free condition. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://technet.microsoft.com/en-us/library/security/ms15-010
* Platforms Affected:
Windows Server 2003 SP2
Windows Server 2003 x64 SP2
Windows Server 2003 SP2 for Itanium
Windows Vista SP2
Windows Vista x64 SP2
Windows Server 2008 SP2
Windows Server 2008 x64 SP2
Windows 7 SP1
Windows 7 x64 SP1
Windows Server 2008 R2 SP1
Windows Server 2008 R2 x64 SP1
Windows 8
Windows 8.1
Windows Server 2012
Windows Server 2012 R2 |
| Recommendation |
Apply the appropriate patch(3036220) for your system, as listed in Microsoft Security Bulletin MS15-010 at https://technet.microsoft.com/en-us/library/security/ms15-010
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2015-0003,CVE-2015-0010,CVE-2015-0057,CVE-2015-0058,CVE-2015-0059,CVE-2015-0060 (CVE) |
| Related URL |
72457,72461,72466,72468,72470,72472 (SecurityFocus) |
| Related URL |
(ISS) |
|
