<< Back
CVE Number Vulnerability Product Severity Date
MS15-117 Security Update for NDIS to Address Elevation of Privilege (3101722) Windows Vista Important 11-11-2015

Technical Information

Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.

Detailed Information on the risk:

An elevation of privilege vulnerability exists when NDIS fails to check the length of a buffer prior to copying memory into it. An attacker who successfully exploited this vulnerability could gain elevated privileges on a targeted system.
To exploit the vulnerability, an attacker would first have to log on to the system. The attacker could then run a specially crafted application designed to elevate privileges. The security update corrects how NDIS validates buffer length.

Further information on this exploit is available at : MS15-117

Windows Vista Service Pack 2 
Windows Vista x64 Edition Service Pack 2 
Windows Server 2008 for 32-bit Systems Service Pack 2 
Windows Server 2008 for x64-based Systems Service Pack 2 
Windows Server 2008 for Itanium-based Systems Service Pack 2 
Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 

Affected Software

Windows Vista Service Pack 2 
Windows Vista x64 Edition Service Pack 2 
Windows Server 2008 for 32-bit Systems Service Pack 2 
Windows Server 2008 for x64-based Systems Service Pack 2 
Windows Server 2008 for Itanium-based Systems Service Pack 2 
Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1