Windows : Microsoft Bulletins : Microsoft Windows User Profile Service Privilege Escalation (3021674)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805126

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows User Profile Service Privilege Escalation (3021674)

Resumen: This host is missing an important security; update according to Microsoft Bulletin MS15-003.

Descripción: Summary:
This host is missing an important security
update according to Microsoft Bulletin MS15-003.

Vulnerability Insight:
Flaw is due to some weaknesses when creating
directories and mounting user hives during the login process.

Vulnerability Impact:
Successful exploitation will allow local attacker
to perform certain actions with higher privileges and potentially gain
elevated privileges.

Affected Software/OS:
- Microsoft Windows 2003 x32/x64 Service Pack 2 and prior

- Microsoft Windows Vista x32/x64 Service Pack 2 and prior

- Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Service Pack 1 and prior

- Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior

- Microsoft Windows 8 x32/x64

- Microsoft Windows 8.1 x32/x64

- Microsoft Windows Server 2012/R2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-0004
BugTraq ID: 71967
http://www.securityfocus.com/bid/71967
https://code.google.com/p/google-security-research/issues/detail?id=123
Microsoft Security Bulletin: MS15-003
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-003
http://secunia.com/advisories/61927
XForce ISS Database: ms-profsvc-cve20150004-priv-esc(99519)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99519
XForce ISS Database: win-ms15kb3021674-update(99520)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99520

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805126
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows User Profile Service Privilege Escalation (3021674)
Resumen:	This host is missing an important security; update according to Microsoft Bulletin MS15-003.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-003. Vulnerability Insight: Flaw is due to some weaknesses when creating directories and mounting user hives during the login process. Vulnerability Impact: Successful exploitation will allow local attacker to perform certain actions with higher privileges and potentially gain elevated privileges. Affected Software/OS: - Microsoft Windows 2003 x32/x64 Service Pack 2 and prior - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior - Microsoft Windows 8 x32/x64 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Server 2012/R2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0004 BugTraq ID: 71967 http://www.securityfocus.com/bid/71967 https://code.google.com/p/google-security-research/issues/detail?id=123 Microsoft Security Bulletin: MS15-003 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-003 http://secunia.com/advisories/61927 XForce ISS Database: ms-profsvc-cve20150004-priv-esc(99519) https://exchange.xforce.ibmcloud.com/vulnerabilities/99519 XForce ISS Database: win-ms15kb3021674-update(99520) https://exchange.xforce.ibmcloud.com/vulnerabilities/99520
Copyright	Copyright (C) 2015 Greenbone AG