KB2914486: Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
High Nessus Plugin ID 71140
SynopsisThe remote Windows host has a privilege elevation vulnerability in a system-provided communications driver.
DescriptionThe remote host has an unspecified privilege elevation vulnerability in NDProxy.sys, a system-provided communications driver. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in kernel mode. Additionally, the attacker could view, change or even delete data, as well as install programs and/or create new accounts with full administrative rights.
SolutionApply the workaround referenced in Microsoft Security Advisory (2914486). This workaround will cause certain services that rely on Windows Telephony Application Programming Interfaces (TAPI) to not function. Refer to the advisory for more information.