<< Back
CVE Number Vulnerability Product Severity Date
MS15-052 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514) Windows 8 Important 13-05-2015

Technical Information

Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to an affected system and runs a specially crafted application.

Detailed Information on the risk:

A security feature bypass vulnerability exists when the Windows kernel fails to properly validate a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability can then retrieve the base address of cng.sys from a compromised process.


Further information on this exploit is available at : MS15-052

Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems 
Windows 8.1 for x64-based Systems 
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2 
Windows RT and Windows RT 8.1
Windows RT[2] 
Windows RT 8.1[2] 
Windows Server 2012 (Server Core installation) 
Windows Server 2012 R2 (Server Core installation)

Affected Software

Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems 
Windows 8.1 for x64-based Systems 
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2 
Windows RT and Windows RT 8.1
Windows RT[2] 
Windows RT 8.1[2] 
Windows Server 2012 (Server Core installation) 
Windows Server 2012 R2 (Server Core installation)