CERT-In Vulnerability Note
CIVN-2015-0257
Multiple vulnerabilities in Microsoft Windows Kernel
Original Issue Date:October 14, 2015
Severity Rating: MEDIUM
Software Affected
- Microsoft Windows Vista SP2 and x64 Edition SP2
- Microsoft Windows 7 for 32-bit Systems SP1 and x64-based Systems SP1
- Microsoft Windows 8 for 32-bit Systems and x64-based Systems
- Microsoft Windows 8.1 for 32-bit Systems and x64-based Systems
- Microsoft Windows 10 for 32-bit Systems and x64-based Systems
- Microsoft Windows RT
- Microsoft Windows RT 8.1
- Microsoft Windows Server 2008 for Itanium-based Systems SP2
- Microsoft Windows Server 2008 for 32-bit Systems SP2 (Server Core installation also affected)
- Microsoft Windows Server 2008 for x64-based Systems SP 2 (Server Core installation also affected)
- Microsoft Windows Server 2008 R2 for x64-based Systems SP 1 (Server Core installation also affected)
- Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
- Microsoft Windows Server 2012 (Server Core installation also affected)
- Microsoft Windows Server 2012 R2 (Server Core installation also affected)
Overview
Multiple vulnerabilities have been reported in Microsoft windows kernel which could allow a local attacker to gain elevated privileges on the targeted system.
Description
1. Elevation Of Privilege Vulnerabilities
(
CVE-2015-2549
CVE-2015-2550
CVE-2015-2554
)
These vulnerabilities exist in Windows kernel due to improper handling of memory objects. A local attacker could exploit these vulnerabilities by running a specially crafted application to execute arbitrary code resulting in gaining elevated privileges on the targeted system .
2. Trusted Boot Security Bypass Vulnerability
(
CVE-2015-2552
)
This vulnerability exists when Window fails to enforce Windows Trusted Boot policy. A local attacker with physical system access or administrative privileges could exploit this vulnerability by supplying crafted values to the Boot Configuration Data (BCD) setting .
Successful exploitation of this vulnerability could allow the attacker to bypass security protection and may gain access to sensitive information on the targeted system .
Workarounds
- Configure BitLocker to use Trusted Platform Module (TPM)+PIN protection.
- Disable the Secure Boot integrity protection validation of BitLocker.
3. Mount Point Processing Privilege Escalation Vulnerability
(
CVE-2015-2553
)
This vulnerability exists in Windows due to improper handling of volume mount points . A local attacker could exploit this vulnerability by running a malicious program designed to create a volume mount point using a file system junction location .
Successful exploitation of this vulnerability could allow the attacker to gain elevated privileges on a targeted system .
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin
MS15-111
Vendor Information
Microsoft
https://technet.microsoft.com/en-us/library/security/ms15-111
References
Microsoft
https://technet.microsoft.com/en-us/library/security/ms15-111
Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=41370
http://tools.cisco.com/security/center/viewAlert.x?alertId=41371
http://tools.cisco.com/security/center/viewAlert.x?alertId=41372
http://tools.cisco.com/security/center/viewAlert.x?alertId=41373
http://tools.cisco.com/security/center/viewAlert.x?alertId=41374
SecurityTracker
http://www.securitytracker.com/id/1033805
CVE Name
CVE-2015-2549
CVE-2015-2550
CVE-2015-2552
CVE-2015-2553
CVE-2015-2554
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|