Detections
Analytics

MS15-051: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)

high Nessus Plugin ID 83370

Language:

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The version of Windows running on the remote host is affected by multiple vulnerabilities :

 - Multiple information disclosure vulnerabilities exist due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this to reveal private address information during a function call, resulting in the disclosure of kernel memory contents. (CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, CVE-2015-1680)

 - A privilege escalation vulnerability exists due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this flaw, via a specially crafted application, to execute arbitrary code in kernel mode. This vulnerability is reportedly being exploited in the wild. (CVE-2015-1701)

Solution

Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

See Also

http://www.nessus.org/u?37b0306c

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-051

Plugin Details

Severity: High

ID: 83370

File Name: smb_nt_ms15-051.nasl

Version: 1.14

Type: local

Agent: windows

Published: 5/12/2015

Updated: 3/8/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-1701

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/12/2015

Vulnerability Publication Date: 4/18/2015

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Windows ClientCopyImage Win32k Exploit)

Reference Information

CVE: CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, CVE-2015-1680, CVE-2015-1701

BID: 74245, 74483, 74494, 74495, 74496, 74497

IAVA: 2015-A-0108

MSFT: MS15-051

MSKB: 3045171, 3057191, 3065979