Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege



Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2015-6171
CVE-2015-6173
CVE-2015-6174
CVE-2015-6175
CWE-ID CWE-119
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerability #4 is being exploited in the wild.
Vulnerable software
 Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU5601

Risk: Medium

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2015-6171

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.

Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Windows: RT - 10

Windows Server: 2008 - 2012 R2

CPE2.3 External links

https://technet.microsoft.com/en-us/library/security/ms15-135


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Memory corruption

EUVDB-ID: #VU5604

Risk: Medium

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2015-6173

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.

Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Windows: RT - 10

Windows Server: 2008 - 2012 R2

CPE2.3 External links

https://technet.microsoft.com/en-us/library/security/ms15-135


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Memory corruption

EUVDB-ID: #VU5605

Risk: Medium

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2015-6174

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.

Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Windows: RT - 10

Windows Server: 2008 - 2012 R2

CPE2.3 External links

https://technet.microsoft.com/en-us/library/security/ms15-135


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Memory corruption

EUVDB-ID: #VU5606

Risk: Medium

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2015-6175

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Windows: 10

CPE2.3
External links

https://technet.microsoft.com/en-us/library/security/ms15-135


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###