Windows : Microsoft Bulletins : Microsoft Windows Privilege Elevation Vulnerabilities (3049576)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805065

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows Privilege Elevation Vulnerabilities (3049576)

Resumen: This host is missing an important security; update according to Microsoft Bulletin MS15-038.

Descripción: Summary:
This host is missing an important security
update according to Microsoft Bulletin MS15-038.

Vulnerability Insight:
Flaws are due to:

- A type confusion flaw related to NtCreateTransactionManager that may result
in the operating system failing to properly validate and enforce impersonation
levels.

- The operating system failing to properly validate and enforce impersonation
levels when handling an MS-DOS device name. This may allow a local attacker
to gain elevated privileges.

Vulnerability Impact:
Successful exploitation will allow local users
to gain privileges via a crafted application.

Affected Software/OS:
- Microsoft Windows 8 x32/x64

- Microsoft Windows Server 2012/R2

- Microsoft Windows 8.1 x32/x64

- Microsoft Windows 2003 x32/x64 Service Pack 2 and prior

- Microsoft Windows Vista x32/x64 Service Pack 2 and prior

- Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Service Pack 1 and prior

- Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-1643
Microsoft Security Bulletin: MS15-038
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-038
http://www.securitytracker.com/id/1032113
Common Vulnerability Exposure (CVE) ID: CVE-2015-1644
BugTraq ID: 73998
http://www.securityfocus.com/bid/73998

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805065
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Privilege Elevation Vulnerabilities (3049576)
Resumen:	This host is missing an important security; update according to Microsoft Bulletin MS15-038.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-038. Vulnerability Insight: Flaws are due to: - A type confusion flaw related to NtCreateTransactionManager that may result in the operating system failing to properly validate and enforce impersonation levels. - The operating system failing to properly validate and enforce impersonation levels when handling an MS-DOS device name. This may allow a local attacker to gain elevated privileges. Vulnerability Impact: Successful exploitation will allow local users to gain privileges via a crafted application. Affected Software/OS: - Microsoft Windows 8 x32/x64 - Microsoft Windows Server 2012/R2 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows 2003 x32/x64 Service Pack 2 and prior - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1643 Microsoft Security Bulletin: MS15-038 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-038 http://www.securitytracker.com/id/1032113 Common Vulnerability Exposure (CVE) ID: CVE-2015-1644 BugTraq ID: 73998 http://www.securityfocus.com/bid/73998
Copyright	Copyright (C) 2015 Greenbone AG