Executive Summary
Summary | |
---|---|
Title | Microsoft Security Advisory 3074162 |
Informations | |||
---|---|---|---|
Name | KB3074162 | First vendor Publication | 2015-07-14 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Security Advisory 3074162Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of PrivilegePublished: July 14, 2015 Version: 1.0
|
References | Identification |
CVE Reference | CVE-2015-2418 |
Last version of the Microsoft Malicious Software Removal Tool affected by this vulnerability | Version 5.25. |
First version of the Microsoft Malicious Software Removal Tool with this vulnerability addressed | Version 5.26* |
*If your version of the Microsoft Malicious Software Removal Tool is equal to or greater than this version, then you are not affected by this vulnerability and do not need to take any further action. For more information on how to verify the engine version number that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.
Affected Software
This advisory discusses the following software.
Vulnerability Severity Rating and Maximum Security Impact by Affected Software | |
Antimalware Software | MSRT Race Condition Vulnerability - CVE-2015-2418 |
Microsoft Malicious Software Removal Tool [1] | Important |
[1]Applies only to May 2015 or earlier versions of the Microsoft Malicious Software Removal Tool.
Exploitability Index
The following table provides an exploitability assessment of the vulnerability addressed in this advisory.
How do I use this table?
Use this table to learn about the likelihood of functioning exploit code being released within 30 days of this advisory release. You should review the assessment below, in accordance with your specific configuration, in order to prioritize your deployment. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.
Vulnerability Title | CVE ID | Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Elevation of privilege Exploitability Assessment | Key Notes |
MSRT Race Condition Vulnerability | CVE-2015-2418 | 3 - Exploitation Unlikely | 3 - Exploitation Unlikely | Permanent | This is an elevation of privilege vulnerability. |
Advisory FAQ
Is Microsoft releasing a Security Bulletin to address this vulnerability?
No. Microsoft is releasing this informational security advisory to inform customers that an update to the Microsoft Malicious Software Removal Tool addresses a security vulnerability that was reported to Microsoft.
Typically, no action is required of enterprise administrators or end users to install this update.
Why is typically no action required to install this update?
In response to a constantly changing threat landscape, Microsoft frequently updates Microsoft antimalware software, including the Microsoft Malicious Software Removal Tool. In order to be effective in helping to protect against new and prevalent threats, antimalware software must be kept up to date and updated in a timely manner.
For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that the Microsoft Malicious Software Removal Tool is kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.
Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malicious Software Removal Tool updates, is working as expected in their environment.
How can I install the update?
Refer to the section, Suggested Actions, for details on how to install this update.
Where can I find more information about Microsoft antimalware technology?
For more information, visit the Microsoft Malware Protection Center website.
Vulnerability Information
MSRT Race Condition Vulnerability - CVE-2015-2418
An elevation of privilege vulnerability exists in the Microsoft Malicious Software Removal Tool (MSRT) when it fails to properly handle a race condition involving a DLL-planting scenario. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
To exploit the vulnerability, an attacker would have to log on to the target system and place a specially crafted dynamic link library (.dll) file in a local directory. An attacker would then have to wait for the user to run MSRT, which would in turn run the attackers malicious code to effectively increase privileges on the target system. The update addresses the vulnerability by correcting how MSRT handles race conditions.
Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any workarounds for this vulnerability.
Suggested Actions
- Verify that the update is installed
Customers should verify that the latest version of the Microsoft Malicious Software Removal Tool and definition updates are being actively downloaded and installed for their Microsoft antimalware products.
For more information on how to verify the version number for the Microsoft Malicious Software Removal Tool that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.
For affected software, verify that the Microsoft Malicious Software Removal Tool version is 5.26 or later.
- If necessary, install the update
Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malicious Software Removal Tool and definition updates are being actively downloaded, approved and deployed in their environment.
Administrators may also obtain the update via the Microsoft Download Center (see the Affected Software table in this Advisory for a link to the relevant Download Center page).
For end-users, the affected software provide built-in mechanisms for the automatic detection and deployment of this update. For these customers the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. End users who do not wish to wait can manually update their antimalware software.
For more information on how to manually update the Microsoft Malicious Software Removal Tool and malware definitions, refer to Microsoft Knowledge Base Article 2510781.
Other Information
Microsoft Active Protections Program (MAPP)
To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.
Feedback
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
Support
- Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
- V1.0 (July 14, 2015): Advisory published.
Original Source
Url : http://www.microsoft.com/technet/security/advisory/3074162.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-07-14 | Name : The remote Windows host has an antimalware application that is affected by a ... File : smb_kb3074162.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-09 13:21:06 |
|