| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-052 | Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514) | Windows 8 | Important | 13-05-2015 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to an affected system and runs a specially crafted application.
Detailed Information on the risk:
A security feature bypass vulnerability exists when the Windows kernel fails to properly validate a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability can then retrieve the base address of cng.sys from a compromised process.
Further information on this exploit is available at : MS15-052
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2
Windows RT and Windows RT 8.1
Windows RT[2]
Windows RT 8.1[2]
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Affected Software
Windows 8 for 32-bit SystemsWindows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2
Windows RT and Windows RT 8.1
Windows RT[2]
Windows RT 8.1[2]
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)