| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-090 | Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716) | Windows Vista | Important | 12-08-2015 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in Windows Object Manager when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system.
In order to exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability by itself does not allow arbitrary code execution; however, an attacker could use this vulnerability in conjunction with another vulnerability to effect arbitrary code execution. The update addresses the vulnerability by correcting how Windows Object Manager handles object symbolic links created by a sandbox process.
Windows Vista Service Pack 2 In order to exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability by itself does not allow arbitrary code execution; however, an attacker could use this vulnerability in conjunction with another vulnerability to effect arbitrary code execution. The update addresses the vulnerability by correcting how Windows Object Manager handles object symbolic links created by a sandbox process.
Further information on this exploit is available at : MS15-090
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Affected Software
Windows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)