(MS15-015) Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
Publish Date: 19 de marca de 2015
Severity: : High
CVE Kennungen: : CVE-2015-0062
Advisory Date: 19 de marca de 2015
DESCRIPTION
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to leverage the lack of impersonation-level security checks to elevate privileges during process creation. An authenticated attacker who successfully exploited this vulnerability could acquire administrator credentials and use them to elevate privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
SOLUTION
AFFECTED SOFTWARE AND VERSION:
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
- Windows 8 for 32-bit Systems
- Windows 8 for x64-based Systems
- Windows 8.1 for 32-bit Systems
- Windows 8.1 for x64-based Systems
- Windows Server 2012
- Windows Server 2012 R2
- Windows RT
- Windows RT 8.1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)