MS15-090: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)

high Nessus Plugin ID 85322

Synopsis

The remote Windows host is affected by multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is affected by multiple elevation of privilege vulnerabilities in Windows Object Manager :

- A flaw exists in Windows Object Manager due to a failure to properly validate and enforce impersonation levels. A remote, authenticated attacker can exploit this vulnerability, via a specially crafted application, to bypass impersonation-level security, resulting in a privilege escalation. (CVE-2015-2428)

- A flaw exists in Windows Object Manager due to a failure to properly restrict certain registry interactions from within vulnerable sandboxed applications. A remote attacker can exploit this vulnerability by convincing a user to open specially crafted file that invokes a vulnerable sandboxed application, to interact with the registry and escape the application sandbox, resulting in a privilege escalation. (CVE-2015-2429)

- A flaw exists in Windows Object Manager due to a failure to properly restrict certain filesystem interactions from within vulnerable sandboxed applications. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file that invokes a vulnerable sandboxed application, to interact with the filesystem and escape the application sandbox, resulting in a privilege escalation. (CVE-2015-2430)

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-090

Plugin Details

Severity: High

ID: 85322

File Name: smb_nt_ms15-090.nasl

Version: 1.8

Type: local

Agent: windows

Published: 8/11/2015

Updated: 11/22/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-2430

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2015

Vulnerability Publication Date: 8/11/2015

Reference Information

CVE: CVE-2015-2428, CVE-2015-2429, CVE-2015-2430

BID: 76227, 76231, 76233

IAVA: 2015-A-0193

MSFT: MS15-090

MSKB: 3060716