Windows : Microsoft Bulletins : Microsoft Windows Privilege Elevation Vulnerabilities (3060716)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.805094

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows Privilege Elevation Vulnerabilities (3060716)

Zusammenfassung: This host is missing an important security; update according to Microsoft Bulletin MS15-090.

Beschreibung: Summary:
This host is missing an important security
update according to Microsoft Bulletin MS15-090.

Vulnerability Insight:
An elevation of privilege vulnerabilities
are exists in Windows Object Manager when it,

- Fails to properly validate and enforce impersonation levels.

- Improperly allows certain registry interactions from within vulnerable
sandboxed applications.

- Improperly allows certain filesystem interactions from within vulnerable
sandboxed applications.

Vulnerability Impact:
Successful exploitation will allow users
to gain privileges via a crafted application.

Affected Software/OS:
- Microsoft Windows 8 x32/x64

- Microsoft Windows Server 2012/R2

- Microsoft Windows 8.1 x32/x64

- Microsoft Windows Vista x32/x64 Service Pack 2 and prior

- Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Service Pack 1 and prior

- Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-2428
Microsoft Security Bulletin: MS15-090
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-090
http://www.securitytracker.com/id/1033251
Common Vulnerability Exposure (CVE) ID: CVE-2015-2429
http://www.zerodayinitiative.com/advisories/ZDI-15-379
http://www.zerodayinitiative.com/advisories/ZDI-15-380
http://www.zerodayinitiative.com/advisories/ZDI-15-459
Common Vulnerability Exposure (CVE) ID: CVE-2015-2430
BugTraq ID: 76233
http://www.securityfocus.com/bid/76233
http://www.zerodayinitiative.com/advisories/ZDI-15-378

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.805094
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows Privilege Elevation Vulnerabilities (3060716)
Zusammenfassung:	This host is missing an important security; update according to Microsoft Bulletin MS15-090.
Beschreibung:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-090. Vulnerability Insight: An elevation of privilege vulnerabilities are exists in Windows Object Manager when it, - Fails to properly validate and enforce impersonation levels. - Improperly allows certain registry interactions from within vulnerable sandboxed applications. - Improperly allows certain filesystem interactions from within vulnerable sandboxed applications. Vulnerability Impact: Successful exploitation will allow users to gain privileges via a crafted application. Affected Software/OS: - Microsoft Windows 8 x32/x64 - Microsoft Windows Server 2012/R2 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2428 Microsoft Security Bulletin: MS15-090 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-090 http://www.securitytracker.com/id/1033251 Common Vulnerability Exposure (CVE) ID: CVE-2015-2429 http://www.zerodayinitiative.com/advisories/ZDI-15-379 http://www.zerodayinitiative.com/advisories/ZDI-15-380 http://www.zerodayinitiative.com/advisories/ZDI-15-459 Common Vulnerability Exposure (CVE) ID: CVE-2015-2430 BugTraq ID: 76233 http://www.securityfocus.com/bid/76233 http://www.zerodayinitiative.com/advisories/ZDI-15-378
Copyright	Copyright (C) 2015 Greenbone AG