Microsoft Windows Error Reporting Security Feature Bypass Vulnerability

Last Update Date: 15 Jan 2015 Release Date: 14 Jan 2015 3165 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A security feature bypass vulnerability exists in Windows Error Reporting (WER) that allows administrative users to view the memory contents of processes protected by "Protected Process Light." "Protected Process Light" inhibits debugging of critical system processes by arbitrary users on the system, even administrative users. An attacker who successfully exploited this vulnerability could access the memory of a running process protected by "Protected Process Light."

"Protected Process Light" is designed to help mitigate attack scenarios where a malicious user already has administrative access and is trying to gather additional credentials in order to facilitate lateral attacks against other systems.

An attacker must have valid logon credentials, and be able to log on locally with administrator privileges to exploit this vulnerability. The update addresses the vulnerability by correcting how WER interacts with processes.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Windows 8 and Windows 8.1
  • Windows RT and Windows RT 8.1
  • Windows Server 2012 and Windows Server 2012 R2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Network Location Awareness Service Security Feature Bypass Vulnerability

14 Jan 2015 3189 Views

Next

Network Policy Server Denial of Service Vulnerability

14 Jan 2015 3127 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY