MS15-111: Security Update for Windows Kernel to Address Elevation of Privilege (3096447)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host is affected by the following
vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in
the Windows kernel due to improper handling of objects
in memory. A local attacker can exploit these
vulnerabilities, via a specially crafted application, to
execute arbitrary code in kernel mode. (CVE-2015-2549,
CVE-2015-2550, CVE-2015-2554)

- A security feature bypass vulnerability exists due to a
failure to properly enforce the Windows Trusted Boot
policy. A local attacker can exploit this, via a
specially crafted Boot Configuration Data (BCD) setting,
to disable code integrity checks, resulting in the
execution of test-signed executables and drivers.
Additionally, a local attacker can exploit this
vulnerability to bypass Trusted Boot integrity
validation for BitLocker and Device Encryption security
features. (CVE-2015-2552)

- An elevation of privilege vulnerability exists due to
improper validation of junctions in certain scenarios in
which mount points are being created. An
unauthenticated, remote attacker can exploit this in
conjunction with another vulnerability to execute
arbitrary code in the context of the current user.
(CVE-2015-2553)

See also :

https://technet.microsoft.com/library/security/MS15-111
https://support.microsoft.com/en-us/kb/3096447

Solution :

Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.0
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 86373 ()

Bugtraq ID: 76994
76998
76999
77004
77014

CVE ID: CVE-2015-2549
CVE-2015-2550
CVE-2015-2552
CVE-2015-2553
CVE-2015-2554

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now