MS14-047: Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
Medium Nessus Plugin ID 77165
SynopsisThe remote Windows host is affected by a security bypass vulnerability.
DescriptionThe remote Windows host is affected by a security feature bypass vulnerability in Microsoft Remote Procedure Call (LRPC). The vulnerability is due to RPC improperly freeing malformed messages, allowing an attacker to fill up the address space of a process.
Successful exploitation of the issue allows an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.
SolutionMicrosoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.