MS15-052: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)
Medium Nessus Plugin ID 83361
SynopsisThe remote Windows host is affected by a security bypass vulnerability.
DescriptionThe remote Windows host is affected by a security feature bypass vulnerability due to a failure to properly validate memory addresses by the Windows kernel. A remote attacker can exploit this flaw, via a specially crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR), resulting in the disclosure of the base address of the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys).
SolutionMicrosoft has released a set of patches for Windows 8, 2012, 8.1, and 2012 R2.