Skip to main content

Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerabilities

Last Update Date: 10 Jun 2015 09:52 Release Date: 10 Jun 2015 3830 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS
  1. Microsoft Windows Kernel Information Disclosure Vulnerability
    An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles buffer elements under certain conditions, allowing an attacker to request the contents of specific memory addresses. An attacker who successfully exploited this vulnerability could then potentially read data that is not intended to be disclosed. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information in an attempt to further compromise the affected system. Workstations and servers are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage this.
  2. Microsoft Windows Kernel Use After Free Vulnerability
    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly frees an object in memory that an attacker could use to execute arbitrary code with elevated permissions. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
  3. Win32k Null Pointer Dereference Vulnerability
    An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to insufficient validation of certain data passed from user mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  4. Multiple Microsoft Windows Kernel Vulnerabilities
    Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver when it accesses an object in memory that has either not been correctly initialized or deleted. The vulnerabilities may corrupt memory in such a way that an attacker could gain elevated privileges on a targeted system.
  5. Multiple Windows Kernel Buffer Overflow Vulnerabilities
    Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver when it improperly validates user input. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a targeted system.
  6. Multiple Win32k Memory Corruption Elevation of Privilege Vulnerabilities
    An elevation of privilege vulnerability exists when the Windows kernel-mode driver, Win32k.sys, fails to properly free memory. An attacker who successfully exploited this vulnerability could execute arbitrary code within the context of another user. If that other user has elevated rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

  • Elevation of Privilege
  • Information Disclosure

System / Technologies affected

  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008
  • Microsoft Windows 7
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 8 and Windows 8.1
  • Microsoft Windows RT and Windows RT 8.1
  • Microsoft Windows Server 2012 and Windows Server 2012 R2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link