Microsoft Windows Kernel-Mode Driver Remote Code Execution Vulnerabilities

Last Update Date: 11 Feb 2015 10:19 Release Date: 11 Feb 2015 3063 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS
  1. Win32k Elevation of Privilege Vulnerability
    An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. The update addresses the vulnerability by correcting how the kernel-mode driver validates certain parameters against registered objects.
  2. CNG Security Feature Bypass Vulnerability
    A security feature bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) when it fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is designed to cause CNG to improperly validate impersonation levels, potentially allowing the attacker to gain access to information beyond the access level of the local user. The security update addresses the vulnerability by correcting how the kernel-mode driver validates and enforces impersonation levels.
  3. Win32k Elevation of Privilege Vulnerability
    An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
  4. Windows Cursor Object Double Free Vulnerability
    An elevation of privilege vulnerability exists in the Windows kernel-mode driver (win32k.sys) due to a double-free condition. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
  5. TrueType Font Parsing Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles TrueType fonts.
  6. Windows Font Driver Denial of Service Vulnerability
    A denial of service vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when the Windows font mapper attempts to scale a font.

Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8 and Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT and Windows RT 8.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Group Policy Remote Code Execution Vulnerability

11 Feb 2015 3131 Views

Next

Microsoft Internet Explorer Security Update

11 Feb 2015 3097 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY