==================================================================== CERT-Renater Note d'Information No. 2015/VULN076 _____________________________________________________________________ DATE : 13/05/2015 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows version Server 2003, Vista, Server 2008, 7, 8, 8.1, Server 2012, RT, RT 8.1 running Service Control Manager. ====================================================================== KB3055642 https://technet.microsoft.com/en-us/library/security/MS15-050 ______________________________________________________________________ MS15-050: Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642) Bulletin Number: MS15-050 Bulletin Title: Vulnerability in Service Control Manager Could Allow Elevation of Privilege Severity: Important KB Article: 3055642 Version: 1.0 Published Date: May 12, 2015 Executive Summary This security update resolves a vulnerability in the Windows Service Control Manager (SCM), which is caused when the SCM improperly verifies impersonation levels. The vulnerability could allow elevation of privilege if an attacker can first log on to the system, and then run a specially crafted application designed to increase privileges. This security update is rated Important for all supported editions of Microsoft Windows. For more information, see the Affected Software section. Affected Software Windows Server 2003 Service Pack 2[1] Windows Server 2003 x64 Edition Service Pack 2[1] Windows Server 2003 with SP2 for Itanium-based Systems[1] Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2012 Windows Server 2012 R2 Windows RT[2] Windows RT 8.1[2] Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation) [1]Windows Server 2003 is affected, but an update is not being issued for it. See the Update FAQ for more information. [2]This update is available via Windows Update only. Vulnerability Information Service Control Manager Elevation of Privilege Vulnerability - CVE-2015-1702 An elevation of privilege vulnerability exists in the Windows Service Control Manager (SCM) when the SCM improperly verifies impersonation levels. An attacker who successfully exploited this vulnerability could gain elevated privileges and make calls to SCM for which they lack sufficient privilege. The update addresses the vulnerability by correcting the way that the SCM verifies impersonation levels. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to increase privileges. Workstations and terminal servers are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this to occur. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================