MS15-017: Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a privilege escalation vulnerability.

Description :

The remote Windows host is running a version of Microsoft System
Center Virtual Machine Manager that is affected by privilege
escalation vulnerability due to improper validation of user roles. An
attacker with valid Active Directory logon credentials can exploit
this vulnerability to gain administrative privileges.

See also :

https://technet.microsoft.com/library/security/ms15-017

Solution :

Microsoft has released a patch for Microsoft System Center Virtual
Machine Manager 2012 R2.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 81270 ()

Bugtraq ID: 72473

CVE ID: CVE-2015-0012

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now