==================================================================== CERT-Renater Note d'Information No. 2015/VULN142 _____________________________________________________________________ DATE : 15/07/2015 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Microsoft Malicious Software Removal Tool. ====================================================================== https://technet.microsoft.com/en-us/library/security/3074162 ______________________________________________________________________ Microsoft Security Advisory 3074162 Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege Published: July 14, 2015 Version: 1.0 Executive Summary Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and places a specially crafted dynamic link library (.dll) file in a local directory. An authenticated attacker who successfully exploited the vulnerability could elevate privileges on a target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Administrators of enterprise installations should follow their established internal processes to ensure that updates are approved in their update management software, and that clients consume the updates accordingly. Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malicious Software Removal Tool, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact timeframe depends on the software used, Internet connection, and infrastructure configuration. Affected Software Microsoft Malicious Software Removal Tool [1] [1] Applies only to May 2015 or earlier versions of the Microsoft Malicious Software Removal Tool. MSRT Race Condition Vulnerability - CVE-2015-2418 An elevation of privilege vulnerability exists in the Microsoft Malicious Software Removal Tool (MSRT) when it fails to properly handle a race condition involving a DLL-planting scenario. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. To exploit the vulnerability, an attacker would have to log on to the target system and place a specially crafted dynamic link library (.dll) file in a local directory. An attacker would then have to wait for the user to run MSRT, which would in turn run the attackers malicious code to effectively increase privileges on the target system. The update addresses the vulnerability by correcting how MSRT handles race conditions. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================