MS15-001: Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)
High Nessus Plugin ID 80490
SynopsisThe remote Windows host is affected by a privilege escalation vulnerability.
DescriptionThe remote Windows host is affected by a privilege escalation vulnerability due to improper validation of the authorization of a caller's impersonation token in the Microsoft Windows Application Compatibility Infrastructure (AppCompat) component. A local attacker, with a specially crafted program, can bypass the authorization check to create cache entries, resulting in an escalation of privileges.
SolutionMicrosoft has released a set of patches for Windows 2008, 7, 2008 R2, 8, 8.1, 2012 and 2012 R2.