SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Kernel Vendors:   Microsoft
Windows Kernel Flaws Let Local Users Gain System Privileges and Bypass Windows Trusted Boot Policy
SecurityTracker Alert ID:  1033805
SecurityTracker URL:  http://securitytracker.com/id/1033805
CVE Reference:   CVE-2015-2549, CVE-2015-2550, CVE-2015-2552, CVE-2015-2553, CVE-2015-2554   (Links to External Site)
Date:  Oct 13 2015
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1, 10; and prior service packs
Description:   Multiple vulnerabilities were reported in the Windows Kernel. A local user can bypass security restrictions. A local user can gain system privileges on the target system.

The system does not properly validate junctions when mount points are being created. A local user that has exploited a separate flaw to execute arbitrary code in a sandboxed application can exploit this flaw to gain the privileges of the target user running the target application [CVE-2015-2553].

A local user can run a specially crafted application to trigger a object memory handling error and execute arbitrary code with system level privileges on the target system [CVE-2015-2549, CVE-2015-2550, CVE-2015-2554].

A local user can bypass the the Windows Trusted Boot policy controls on the target system [CVE-2015-2552]. This can be exploited to disable code integrity checks and bypass Trusted Boot integrity validation for BitLocker and Device Encryption security features.

dbc282f4f2f7d2466fa0078bf8034d99, Ashutosh Mehra (via HP's Zero Day Initiative), and James Forshaw of Google Project Zero reported these vulnerabilities.

Impact:   A local user can bypass security controls on the target system.

A local user can obtain system privileges on the target system.

Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=d4bb2f90-b331-4774-9fa2-bf1cc51d1006

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=9af5b138-5cfb-432d-aa2d-8557d9d879a0

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=7fe0326a-d86a-45be-abec-479d3892ec00

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=7c37061f-b881-4087-a634-111d99f4b366

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=4df2aca5-02c0-46ea-8506-735ad5273582

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=31db18d6-ec89-4bc0-b1fa-7214a8ece5d6

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=fdcf019f-1e71-4f28-a2e5-b372f855d8f1

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=a9372c4f-955b-49ab-92ae-6a96765d100e

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=a4f6e4c4-eca6-4868-9d9d-f9c2be5ecb12

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=a14f6446-32c6-412b-99c2-f385006576ea

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=9f85672a-91a4-43d5-8e96-d4dc521506ea

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=ef00e781-fe3d-499b-9200-94a7ec5ccf62

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=8c1e5a6d-a3d1-465b-b152-a24ad3224934

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=b535293e-d07a-427b-a44d-48b62779cc80

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=86f08395-904e-429a-966e-6c6dcd1b354b

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=7fe0326a-d86a-45be-abec-479d3892ec00

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=7c37061f-b881-4087-a634-111d99f4b366

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=a9372c4f-955b-49ab-92ae-6a96765d100e

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=b535293e-d07a-427b-a44d-48b62779cc80

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=86f08395-904e-429a-966e-6c6dcd1b354b

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-111

Vendor URL:  technet.microsoft.com/library/security/ms15-111 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC