Microsoft Windows Error Reporting Security Feature Bypass Vulnerability
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
A security feature bypass vulnerability exists in Windows Error Reporting (WER) that allows administrative users to view the memory contents of processes protected by "Protected Process Light." "Protected Process Light" inhibits debugging of critical system processes by arbitrary users on the system, even administrative users. An attacker who successfully exploited this vulnerability could access the memory of a running process protected by "Protected Process Light."
"Protected Process Light" is designed to help mitigate attack scenarios where a malicious user already has administrative access and is trying to gather additional credentials in order to facilitate lateral attacks against other systems.
An attacker must have valid logon credentials, and be able to log on locally with administrator privileges to exploit this vulnerability. The update addresses the vulnerability by correcting how WER interacts with processes.
Impact
- Security Restriction Bypass
System / Technologies affected
- Windows 8 and Windows 8.1
- Windows RT and Windows RT 8.1
- Windows Server 2012 and Windows Server 2012 R2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS15-006
Vulnerability Identifier
Source
Related Link
Share with