Microsoft Windows Kernel-Mode Driver Elevation of Privilege Vulnerabilities
Last Update Date:
12 Mar 2015
Release Date:
11 Mar 2015
3762
Views
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
- Microsoft Windows Kernel Memory Disclosure Vulnerability
An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver fails to initialize function buffers in a manner that removes the results of previous function calls. - Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the Windows kernel-mode driver that is caused when the kernel-mode driver fails to properly validate the calling thread's token. - Microsoft Windows Kernel Memory Disclosure Vulnerability
An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver leaks private address information during a function call. - Microsoft Windows Kernel Memory Disclosure Vulnerability
An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver dereferences a NULL pointer. The NULL page is not typically allocated or mapped, so if the kernel dereferences a NULL pointer the usual result is a blue-screen condition. However, a blue-screen condition can be avoided if the NULL page is mapped and, because the NULL page resides in the user-mode memory address space, the attacker can copy kernel information into the NULL page and read its contents. This attack vector is not viable when NULL page mapping is disabled, which is the default state in Windows 8 and later operating systems.
Impact
- Denial of Service
- Elevation of Privilege
- Information Disclosure
System / Technologies affected
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8 and Windows 8.1
- Windows Server 2012 and Windows Server 2012 R2
- Windows RT and Windows RT 8.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS15-023
Vulnerability Identifier
Source
Related Link
Share with