SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Group Policy Processing Error Lets Remote Users Execute Arbitrary Code in Certain Cases
SecurityTracker Alert ID:  1031719
SecurityTracker URL:  http://securitytracker.com/id/1031719
CVE Reference:   CVE-2015-0008   (Links to External Site)
Date:  Feb 10 2015
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows. A remote user can cause arbitrary code to be executed on the target user's system in certain cases.

A remote user can exploit a flaw in the processing of Group Policy data to execute arbitrary code on the target domain-joined system when the target system connects to the remote user's domain controller.

Jeff Schmidt of JAS Global Advisors, Dr. Arnoldo Muller-Molina of simMachines, and the Internet Corporation for Assigned Names and Numbers (ICANN) reported these vulnerabilities.

Impact:   A remote user can cause arbitrary code to be executed on the target system in certain cases.
Solution:   The vendor has issued the following fixes:

Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ddf6f5df-113d-4e08-9422-d72f1bb3ea01

Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ab8a7a65-a0f6-4f79-99ed-4b4cfcbcadfd

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=a507236d-0ce1-4e8c-adbe-20186f2c1e1b

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5b009bb4-738d-42ce-9e35-5d4580b0ad25

Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7c37a025-81ea-4360-bcde-65b39171202f

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=51090490-014f-41c4-a9e5-00765457737f

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=0f56004d-5870-4294-b630-2f984640e8c6

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=b52b259b-5c72-46a9-8559-3d38c0c7a126

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=432b66df-a531-4280-9aaf-6ce696e2f696

Windows 8 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=54e7605b-a6b3-445f-9d43-ac3fa937bc47

Windows 8 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=374c14fc-82cf-4cfa-94f0-695e99d7c423

Windows 8.1 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=29857dc6-8dec-41c1-afee-a898d602d3ef

Windows 8.1 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=f0adfdbe-6056-4be1-8294-3b808c0a0e89

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=1e6052c8-77a2-4bfd-905f-50e86d6e5efa

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=48248922-d55a-43b7-a564-671d79127ac7

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=a507236d-0ce1-4e8c-adbe-20186f2c1e1b

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5b009bb4-738d-42ce-9e35-5d4580b0ad25

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=b52b259b-5c72-46a9-8559-3d38c0c7a126

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=1e6052c8-77a2-4bfd-905f-50e86d6e5efa

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=48248922-d55a-43b7-a564-671d79127ac7

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-011

Vendor URL:  technet.microsoft.com/library/security/ms15-011 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC