Windows : Microsoft Bulletins : Microsoft Windows User Profile Service Privilege Escalation (3021674)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.805126

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows User Profile Service Privilege Escalation (3021674)

Zusammenfassung: This host is missing an important security; update according to Microsoft Bulletin MS15-003.

Beschreibung: Summary:
This host is missing an important security
update according to Microsoft Bulletin MS15-003.

Vulnerability Insight:
Flaw is due to some weaknesses when creating
directories and mounting user hives during the login process.

Vulnerability Impact:
Successful exploitation will allow local attacker
to perform certain actions with higher privileges and potentially gain
elevated privileges.

Affected Software/OS:
- Microsoft Windows 2003 x32/x64 Service Pack 2 and prior

- Microsoft Windows Vista x32/x64 Service Pack 2 and prior

- Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Service Pack 1 and prior

- Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior

- Microsoft Windows 8 x32/x64

- Microsoft Windows 8.1 x32/x64

- Microsoft Windows Server 2012/R2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-0004
BugTraq ID: 71967
http://www.securityfocus.com/bid/71967
https://code.google.com/p/google-security-research/issues/detail?id=123
Microsoft Security Bulletin: MS15-003
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-003
http://secunia.com/advisories/61927
XForce ISS Database: ms-profsvc-cve20150004-priv-esc(99519)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99519
XForce ISS Database: win-ms15kb3021674-update(99520)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99520

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.805126
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows User Profile Service Privilege Escalation (3021674)
Zusammenfassung:	This host is missing an important security; update according to Microsoft Bulletin MS15-003.
Beschreibung:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-003. Vulnerability Insight: Flaw is due to some weaknesses when creating directories and mounting user hives during the login process. Vulnerability Impact: Successful exploitation will allow local attacker to perform certain actions with higher privileges and potentially gain elevated privileges. Affected Software/OS: - Microsoft Windows 2003 x32/x64 Service Pack 2 and prior - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior - Microsoft Windows 8 x32/x64 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Server 2012/R2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0004 BugTraq ID: 71967 http://www.securityfocus.com/bid/71967 https://code.google.com/p/google-security-research/issues/detail?id=123 Microsoft Security Bulletin: MS15-003 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-003 http://secunia.com/advisories/61927 XForce ISS Database: ms-profsvc-cve20150004-priv-esc(99519) https://exchange.xforce.ibmcloud.com/vulnerabilities/99519 XForce ISS Database: win-ms15kb3021674-update(99520) https://exchange.xforce.ibmcloud.com/vulnerabilities/99520
Copyright	Copyright (C) 2015 Greenbone AG