Microsoft Windows Kernel-Mode Driver Remote Code Execution Vulnerabilities
Last Update Date:
11 Feb 2015 10:19
Release Date:
11 Feb 2015
3606
Views
RISK: High Risk
TYPE: Operating Systems - Windows OS
- Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. The update addresses the vulnerability by correcting how the kernel-mode driver validates certain parameters against registered objects. - CNG Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) when it fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is designed to cause CNG to improperly validate impersonation levels, potentially allowing the attacker to gain access to information beyond the access level of the local user. The security update addresses the vulnerability by correcting how the kernel-mode driver validates and enforces impersonation levels. - Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. - Windows Cursor Object Double Free Vulnerability
An elevation of privilege vulnerability exists in the Windows kernel-mode driver (win32k.sys) due to a double-free condition. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. - TrueType Font Parsing Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles TrueType fonts. - Windows Font Driver Denial of Service Vulnerability
A denial of service vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when the Windows font mapper attempts to scale a font.
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8 and Windows 8.1
- Windows Server 2012 and Windows Server 2012 R2
- Windows RT and Windows RT 8.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/library/security/MS15-010
Vulnerability Identifier
Source
Related Link
Share with