| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-015 | Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) | Windows 7 | Important | 11-02-2015 |
Technical Information
Brief overview of the risk:
The vulnerability could allow an attacker to leverage the lack of impersonation-level security checks to elevate privileges during process creation. An authenticated attacker who successfully exploited this vulnerability could acquire administrator credentials and use them to elevate privileges.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in Microsoft Windows when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security checks and gain elevated privileges on a targeted system. This vulnerability can be exploited only in the specific scenario where the process uses SeAssignPrimaryTokenPrivilege, which is not available for normal processes.
Further information on this exploit is available at : MS15-015
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Affected Software
Windows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1