MS15-051: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
High Nessus Plugin ID 83370
SynopsisThe remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of Windows running on the remote host is affected by multiple vulnerabilities :
- Multiple information disclosure vulnerabilities exist due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this to reveal private address information during a function call, resulting in the disclosure of kernel memory contents. (CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, CVE-2015-1680)
- A privilege escalation vulnerability exists due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this flaw, via a specially crafted application, to execute arbitrary code in kernel mode. This vulnerability is reportedly being exploited in the wild. (CVE-2015-1701)
SolutionMicrosoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.