SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Audio Service Lets Users Gain Elevated Privileges
SecurityTracker Alert ID:  1031191
SecurityTracker URL:  http://securitytracker.com/id/1031191
CVE Reference:   CVE-2014-6322   (Links to External Site)
Date:  Nov 11 2014
Impact:   User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows Audio Service. A user can obtain elevated privileges on the target system in certain cases.

A remote user that is able to exploit a separate vulnerability can trigger a permission validation flaw in the audio service component to gain elevated privileges.

James Forshaw of Google Project Zero reported this vulnerability.

Impact:   A user that can exploit a separate flaw can obtain elevated privileges on the target system.
Solution:   The vendor has issued the following fixes:

Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=128b634e-b84a-470e-b079-da05f3887b93

Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=d7b1e5c7-eba9-42f8-a84d-132276ab4b58

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=b9cd9561-bf89-4407-a675-e88fc2de292d

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=f712163c-8cae-4e43-8165-c3f5ddddf885

Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=f2a8b834-ba6c-4b73-97be-5c0a67012e34

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a1a59619-48cb-4fd7-99a3-6ae192651fca

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=ff321be2-21a4-4a83-8627-39ee66ec3b5c

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=ed27de55-608b-4100-83c8-6a6d650c2617

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6320be6f-1ec0-418b-8daf-d128a94acfa7

Windows 8 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=0d0517bd-b655-4c0b-997f-5ce8a6d6acf0

Windows 8 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=14993001-5fe7-48da-9c97-5466b54d3b71

Windows 8.1 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=c2731c48-0d62-45f1-ae85-ff0ab2f81de6

Windows 8.1 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=e86f6680-7ca6-4daf-8f3b-fa5817697a2b

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=7311cd7b-b766-4738-bd30-b8742e9d65c1

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=67d42388-0e33-4568-a9ef-08f12dc113b9

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms14-071

Vendor URL:  technet.microsoft.com/library/security/ms14-071 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC