Skip to main content

Microsoft Windows Error Reporting Security Feature Bypass Vulnerability

Last Update Date: 15 Jan 2015 Release Date: 14 Jan 2015 3773 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A security feature bypass vulnerability exists in Windows Error Reporting (WER) that allows administrative users to view the memory contents of processes protected by "Protected Process Light." "Protected Process Light" inhibits debugging of critical system processes by arbitrary users on the system, even administrative users. An attacker who successfully exploited this vulnerability could access the memory of a running process protected by "Protected Process Light."

"Protected Process Light" is designed to help mitigate attack scenarios where a malicious user already has administrative access and is trying to gather additional credentials in order to facilitate lateral attacks against other systems.

An attacker must have valid logon credentials, and be able to log on locally with administrator privileges to exploit this vulnerability. The update addresses the vulnerability by correcting how WER interacts with processes.


Impact

  • Security Restriction Bypass

System / Technologies affected

  • Windows 8 and Windows 8.1
  • Windows RT and Windows RT 8.1
  • Windows Server 2012 and Windows Server 2012 R2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link