SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows Mount Manager Symbolic Link Error Lets Physically Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1033244
SecurityTracker URL:  http://securitytracker.com/id/1033244
CVE Reference:   CVE-2015-1769   (Links to External Site)
Date:  Aug 11 2015
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, 2003 R2 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Windows Mount Manager. A local user can obtain elevated privileges on the target system.

A physically local user can insert a specially crafted USB device to trigger a flaw in the Mount Manager in the processing of symbolic links to write arbitrary code to the disk and execute the code.

Impact:   A physically local user can obtain elevated privileges on the target system.
Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=d6329153-4e54-4f6f-a11b-df241e0f211b

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=a11ddedb-a22d-47ab-bb1f-597b297810f5

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=b429f6bc-faff-47ac-92ec-4edb1fa9619f

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=eec2c3c7-1cae-47d4-9249-1edb82d95179

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=d974b0c7-c558-497a-9cc9-f51bc13b4e62

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=b1ab513b-427c-4105-b822-9469fc0da6df

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=1aaefe59-12d1-4cdf-9aba-b4eba91be016

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=97bb00de-cdd0-4d79-b649-f0c2145551a4

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=e039ed1c-aa06-494b-8ca4-c6cbaa9bfef2

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=47b2275f-1f39-4682-9ad1-894bf5d2f92e

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=a617905e-17f3-4e14-975b-8ac29e90f84a

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=67ffd403-6dd3-4046-acbc-1097a73c0677

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=16e21cb6-b9dc-4f07-94f0-57203345b622

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=4760704a-9fe5-49cb-8c45-3c8e919261da

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=e02b9dd2-56bf-47a7-94ca-7cc6666e0d02

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=b429f6bc-faff-47ac-92ec-4edb1fa9619f

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=eec2c3c7-1cae-47d4-9249-1edb82d95179

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=97bb00de-cdd0-4d79-b649-f0c2145551a4

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=4760704a-9fe5-49cb-8c45-3c8e919261da

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=e02b9dd2-56bf-47a7-94ca-7cc6666e0d02

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-085

Vendor URL:  technet.microsoft.com/library/security/ms15-085 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC