SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows Pragmatic General Multicast (PGM) Race Condition Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1034339
SecurityTracker URL:  http://securitytracker.com/id/1034339
CVE Reference:   CVE-2015-6126   (Links to External Site)
Date:  Dec 8 2015
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1, 10; and prior service packs
Description:   A vulnerability was reported in Windows Pragmatic General Multicast (PGM) . A local user can obtain elevated privileges on the target system.

A local user can run a specially crafted program to trigger a race condition in the PGM protocol that references freed memory and execute arbitrary commands on the target system with elevated privileges.

Systems with Microsoft Message Queuing (MSMQ) installed and the Windows PGM protocol explicitly enabled are affected.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=71739059-334c-42ff-8dd5-5443fefde8ee

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=d5fda211-65f4-4623-8e7d-2f5ddf4bca97

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=a29b1f68-33ee-4ce3-90bb-37fc50928ef9

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=6ec916f9-95da-4b33-894d-20a4bff658e3

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=145d6355-59bc-47a2-af1e-b37fbd962645

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=1c5bedd6-6bf9-4b33-a4a8-278354d70165

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=2c812d49-321a-4b54-aa43-d5ce745f085e

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=d0dd95d8-f9d7-41ef-bba1-bc59d793aea8

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=9ab884b2-b253-4f42-89e3-e256fb9930cf

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=cdf47c2c-5a99-4d67-b8c4-bc1c07b5f2f0

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=f38ff119-9937-4624-b900-2c5215069e9b

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=ca05abc9-400a-422e-b111-e9eb5ff1f145

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=7dae4232-8487-4b65-8ad4-7aa1ad48037e

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=83ae30f5-b699-4587-b78a-bea23fa012a1

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=1fddb61e-99f1-4dba-a006-9f934439c8cb

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=a29b1f68-33ee-4ce3-90bb-37fc50928ef9

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=6ec916f9-95da-4b33-894d-20a4bff658e3

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=d0dd95d8-f9d7-41ef-bba1-bc59d793aea8

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=83ae30f5-b699-4587-b78a-bea23fa012a1

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=1fddb61e-99f1-4dba-a006-9f934439c8cb

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-133

Vendor URL:  technet.microsoft.com/library/security/ms15-133 (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC