Windows : Microsoft Bulletins : Microsoft Windows Application Compatibility Cache Privilege Escalation (3023266)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.805125

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows Application Compatibility Cache Privilege Escalation (3023266)

Zusammenfassung: This host is missing an important security; update according to Microsoft Bulletin MS15-001.

Beschreibung: Summary:
This host is missing an important security
update according to Microsoft Bulletin MS15-001.

Vulnerability Insight:
Flaw is due to the impersonation token
of a caller is not properly checked when determining if an administrator or not.

Vulnerability Impact:
Successful exploitation will allow local attacker
to bypass the authorization check to create cache entries and in turn gain
escalated privileges on the system.

Affected Software/OS:
- Microsoft Windows 7 x32/x64 Service Pack 1 and prior

- Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior

- Microsoft Windows 8 x32/x64

- Microsoft Windows 8.1 x32/x64

- Microsoft Windows Server 2012/R2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 71972
Common Vulnerability Exposure (CVE) ID: CVE-2015-0002
http://www.securityfocus.com/bid/71972
http://twitter.com/sambowne/statuses/550384131683520512
http://www.zdnet.com/article/google-discloses-unpatched-windows-vulnerability/
https://code.google.com/p/google-security-research/issues/detail?id=118
Microsoft Security Bulletin: MS15-001
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-001
http://secunia.com/advisories/61277
XForce ISS Database: ms-appcompatcache-cve20150002-priv-esc(99523)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99523
XForce ISS Database: win-ms15kb3023266-update(99524)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99524

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.805125
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows Application Compatibility Cache Privilege Escalation (3023266)
Zusammenfassung:	This host is missing an important security; update according to Microsoft Bulletin MS15-001.
Beschreibung:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-001. Vulnerability Insight: Flaw is due to the impersonation token of a caller is not properly checked when determining if an administrator or not. Vulnerability Impact: Successful exploitation will allow local attacker to bypass the authorization check to create cache entries and in turn gain escalated privileges on the system. Affected Software/OS: - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior - Microsoft Windows 8 x32/x64 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Server 2012/R2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 71972 Common Vulnerability Exposure (CVE) ID: CVE-2015-0002 http://www.securityfocus.com/bid/71972 http://twitter.com/sambowne/statuses/550384131683520512 http://www.zdnet.com/article/google-discloses-unpatched-windows-vulnerability/ https://code.google.com/p/google-security-research/issues/detail?id=118 Microsoft Security Bulletin: MS15-001 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-001 http://secunia.com/advisories/61277 XForce ISS Database: ms-appcompatcache-cve20150002-priv-esc(99523) https://exchange.xforce.ibmcloud.com/vulnerabilities/99523 XForce ISS Database: win-ms15kb3023266-update(99524) https://exchange.xforce.ibmcloud.com/vulnerabilities/99524
Copyright	Copyright (C) 2015 Greenbone Networks GmbH