MS15-003: Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)
High Nessus Plugin ID 80492
SynopsisThe remote Windows host is affected by a privilege escalation vulnerability.
DescriptionThe remote Windows host is affected by a privilege escalation vulnerability due to improper validation of user privilege in the Windows User Profile Service (ProfSvc). A local attacker, with a specially crafted application, can load registry hives associated with other user accounts to execute arbitrary code with elevated permissions.
SolutionMicrosoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.