| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-017 | Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898) | Microsoft System | Important | 11-02-2015 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Virtual Machine Manager (VMM). The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with those credentials to exploit the vulnerability.
Detailed Information on the risk:
A vulnerability exists in Virtual Machine Manager (VMM) when VMM improperly validates user roles. The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with those credentials to exploit the vulnerability. The security update addresses the vulnerability by correcting how VMM validates user roles.
Further information on this exploit is available at : MS15-017