SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Hyper-V Vendors:   Microsoft
Microsoft Hyper-V Lets Local Guest Users Gain Privileges on the Host System
SecurityTracker Alert ID:  1032897
SecurityTracker URL:  http://securitytracker.com/id/1032897
CVE Reference:   CVE-2015-2361, CVE-2015-2362   (Links to External Site)
Date:  Jul 14 2015
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in Microsoft Hyper-V. A local user on the guest system can gain elevated privileges on the host system.

A local privileged user on the guest system can run a specially crafted application to trigger a buffer overflow and execute arbitrary code on the host system [CVE-2015-2361].

A local privileged user on the guest system can run a specially crafted application to trigger a data structure error and gain elevated privileges on the host system [CVE-2015-2362].

Thomas Garnier of Microsoft reported these vulnerabilities.

Impact:   A local user on the guest system can gain elevated privileges on the host system.
Solution:   The vendor has issued a fix.

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=A2CF55A3-B7AD-480B-9D4B-C282E2391D5E

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=7B2A1E26-BB64-4FAB-8D39-6BEF9413BA9E

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=480C913A-FA99-4AD0-BD3D-6CDFAA633863

Windows 8.1 for x64-based Systems (3046339):

https://www.microsoft.com/downloads/details.aspx?familyid=729A9E0E-1EF7-4888-A0D1-EA8D7CB52D92

Windows 8.1 for x64-based Systems (3046359):

https://www.microsoft.com/downloads/details.aspx?familyid=BADF3804-CEF6-4C3C-8CA5-991CEE80C187

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=3303057D-310B-4FFA-B77E-FE9E94FC91DC

Windows Server 2012 R2 (3046339):

https://www.microsoft.com/downloads/details.aspx?familyid=82D7C9FD-7157-4ACD-A05F-59B1DED66F3F

Windows Server 2012 R2 (3046359):

https://www.microsoft.com/downloads/details.aspx?familyid=DBDE6FBD-3955-46D7-BEC8-142CAF698319

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=A2CF55A3-B7AD-480B-9D4B-C282E2391D5E

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=7B2A1E26-BB64-4FAB-8D39-6BEF9413BA9E

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=3303057D-310B-4FFA-B77E-FE9E94FC91DC

Windows Server 2012 R2 (3046339):

https://www.microsoft.com/downloads/details.aspx?familyid=82D7C9FD-7157-4ACD-A05F-59B1DED66F3F

Windows Server 2012 R2 (3046359):

https://www.microsoft.com/downloads/details.aspx?familyid=DBDE6FBD-3955-46D7-BEC8-142CAF698319

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-068

Vendor URL:  technet.microsoft.com/library/security/ms15-068 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (2008), Windows (2012), Windows (8)
Underlying OS Comments:  2008, 2008 R2, 8, 8.1, 2012, 2012 R2

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC