Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerabilities

Last Update Date: 10 Jun 2015 09:52 Release Date: 10 Jun 2015 3243 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

Microsoft Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles buffer elements under certain conditions, allowing an attacker to request the contents of specific memory addresses. An attacker who successfully exploited this vulnerability could then potentially read data that is not intended to be disclosed. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information in an attempt to further compromise the affected system. Workstations and servers are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage this.
Microsoft Windows Kernel Use After Free Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly frees an object in memory that an attacker could use to execute arbitrary code with elevated permissions. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Win32k Null Pointer Dereference Vulnerability
An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to insufficient validation of certain data passed from user mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Multiple Microsoft Windows Kernel Vulnerabilities
Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver when it accesses an object in memory that has either not been correctly initialized or deleted. The vulnerabilities may corrupt memory in such a way that an attacker could gain elevated privileges on a targeted system.
Multiple Windows Kernel Buffer Overflow Vulnerabilities
Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver when it improperly validates user input. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a targeted system.
Multiple Win32k Memory Corruption Elevation of Privilege Vulnerabilities
An elevation of privilege vulnerability exists when the Windows kernel-mode driver, Win32k.sys, fails to properly free memory. An attacker who successfully exploited this vulnerability could execute arbitrary code within the context of another user. If that other user has elevated rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.