==================================================================== CERT-Renater Note d'Information No. 2015/VULN156 _____________________________________________________________________ DATE : 15/07/2015 OLE objects HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows version Server 2003, Vista, Server 2008, 7, 8, 8.1, Server 2012, RT, RT 8.1 running Windows Kernel-Mode Driver. ====================================================================== KB3070102 https://technet.microsoft.com/en-us/library/security/MS15-073 ______________________________________________________________________ Microsoft Security Bulletin MS15-073 Important: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) Bulletin Number: MS15-073 Bulletin Title: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege Severity: Important KB Article: 3070102 Version: 1.0 Published Date: July 14, 2015 Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. This security update is rated Important for all supported releases of Microsoft Windows. For more information, see the Affected Software section. Affected Software Windows Server 2003 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 R2 Service Pack 2 Windows Server 2003 R2 x64 Edition Service Pack 2 Windows Vista Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows 8 and Windows 8.1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2012 and Windows Server 2012 R2 Windows Server 2012 Windows Server 2012 R2 Windows RT and Windows RT 8.1 Windows RT[1] Windows RT 8.1[1] Server Core installation option Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation) [1]This update is available via Windows Update only. Vulnerability Information Win32k Elevation of Privilege Vulnerability - CVE-2015-2363 An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over an affected system. The update addresses this vulnerability by correcting how the Windows Kernel-mode driver handles objects in memory. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. Win32k Elevation of Privilege Vulnerability - CVE-2015-2365 An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over an affected system. The update addresses this vulnerability by correcting how the Windows Kernel-mode driver handles objects in memory. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. Win32k Elevation of Privilege Vulnerability - CVE-2015-2366 An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over an affected system. The update addresses this vulnerability by correcting how the Windows Kernel-mode driver handles objects in memory. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. Win32k Information Disclosure Vulnerability - CVE-2015-2367 An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles certain non-initialized values in memory. An attacker who successfully exploited this vulnerability could leak memory addresses or other sensitive kernel information that could be used for further exploitation of the system. The update addresses this vulnerability by correcting how the Windows Kernel-mode driver handles objects in memory. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. Win32k Information Disclosure Vulnerability - CVE-2015-2381 An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver leaks private address information during a function call. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use it in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR). The update addresses this vulnerability by changing how the kernel-mode driver handles objects in memory. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. Win32k Information Disclosure Vulnerability - CVE-2015-2382 An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver leaks private address information during a function call. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use it in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR). The update addresses this vulnerability by changing how the kernel-mode driver handles objects in memory. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================