MS14-015: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
High Nessus Plugin ID 72934
SynopsisThe Windows kernel drivers on the remote host are affected by multiple vulnerabilities.
DescriptionThe remote Windows host has the following vulnerabilities :
- A privilege escalation vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. If successfully exploited, a locally authenticated attacker could run a specially crafted application in kernel mode to take control of the system. (CVE-2014-0300)
- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. An attacker could exploit this issue to disclose information from kernel memory on the local system. (CVE-2014-0323)
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.