MS15-076: Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
High Nessus Plugin ID 84748
SynopsisThe remote Windows host is affected by a privilege escalation vulnerability.
DescriptionThe remote Windows host is affected by a privilege escalation vulnerability in the Microsoft Remote Procedure Call (RPC) due to incorrectly allowing DCE/RPC connection reflection. A remote, authenticated attacker can exploit this vulnerability, with a specially crafted application, to elevate privileges.
Note that in order to exploit this issue, an attacker would first have to log onto the system.
SolutionMicrosoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.