| VID |
26711 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS15-061, 3057839) for 'Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege' has not been applied.
This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Microsoft Windows Kernel Information Disclosure Vulnerability(CVE-2015-1719)
An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles buffer elements under certain conditions, allowing an attacker to request the contents of specific memory addresses. An attacker who successfully exploited this vulnerability could then potentially read data that is not intended to be disclosed. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information in an attempt to further compromise the affected system. Workstations and servers are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage this.
- Microsoft Windows Kernel Use After Free Vulnerability(CVE-2015-1720)
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly frees an object in memory that an attacker could use to execute arbitrary code with elevated permissions. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
-Win32k Null Pointer Dereference Vulnerability(CVE-2015-1721)
An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to insufficient validation of certain data passed from user mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Multiple Microsoft Windows Kernel Vulnerabilities
Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver when it accesses an object in memory that has either not been correctly initialized or deleted. The vulnerabilities may corrupt memory in such a way that an attacker could gain elevated privileges on a targeted system.
- Multiple Windows Kernel Buffer Overflow Vulnerabilities
Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver when it improperly validates user input. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a targeted system.
- Multiple Win32k Memory Corruption Elevation of Privilege Vulnerabilities
An elevation of privilege vulnerability exists when the Windows kernel-mode driver, Win32k.sys, fails to properly free memory. An attacker who successfully exploited this vulnerability could execute arbitrary code within the context of another user. If that other user has elevated rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://technet.microsoft.com/en-us/library/security/ms15-061
* Platforms Affected:
Windows Server 2003 SP2
Windows Server 2003 x64 SP2
Windows Server 2003 SP2 for Itanium
Windows Vista SP2
Windows Vista x64 SP2
Windows Server 2008 SP2
Windows Server 2008 x64 SP2
Windows 7 SP1
Windows 7 x64 SP1
Windows Server 2008 R2 SP1
Windows Se |
| Recommendation |
Apply the appropriate patch(3057839) for your system, as listed in Microsoft Security Bulletin MS15-061 at https://technet.microsoft.com/en-us/library/security/ms15-061
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2015-1719,CVE-2015-1720,CVE-2015-1721,CVE-2015-1722,CVE-2015-1723,CVE-2015-1724,CVE-2015-1725,CVE-2015-1726,CVE-2015-1727,CVE-2015-1768 (CVE) |
| Related URL |
74998,74999,75000,75005,75006,75008,75009,75010,75012,75024,75025 (SecurityFocus) |
| Related URL |
(ISS) |
|
