Executive Summary

Summary
TitleVulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
Informations
NameMS15-051First vendor Publication2015-05-12
VendorMicrosoftLast vendor Modification2015-05-27
Severity (Vendor) ImportantRevision2.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V2.0 (May 27, 2015): Bulletin published.
Summary: Bulletin revised to announce the availability of a new update (3065979) that fixes a known issue that some customers experienced after installing the 3045171 security update on all supported editions of Windows 7/Windows 2008 R2 and earlier systems. The 3045171 security update causes customer applications to crash while attempting to create text-outline-based path objects using GDI+. Customers who are experiencing this known issue can correct the problem by installing the 3065979 update. See Microsoft Knowledge Base Article 3065979 for more information and download links.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-051

CWE : Common Weakness Enumeration

%idName
83 %CWE-200Information Exposure
17 %CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:29001
 
Oval ID: oval:org.mitre.oval:def:29001
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1676 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1676
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28876
 
Oval ID: oval:org.mitre.oval:def:28876
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1677 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1677
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28555
 
Oval ID: oval:org.mitre.oval:def:28555
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1679 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1679
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28068
 
Oval ID: oval:org.mitre.oval:def:28068
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1678 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1678
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28883
 
Oval ID: oval:org.mitre.oval:def:28883
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1701 (MS15-051)
Description: Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1701
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28808
 
Oval ID: oval:org.mitre.oval:def:28808
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1680 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1680
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1
Os14
Os1
Os1
Os1
Os1
Os1
Os3
Os2
Os2

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-05-14IAVM : 2015-A-0108 - Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver (MS15-051)
Severity : Category II - VMSKEY : V0060653

Snort® IPS/IDS

DateDescription
2015-06-23Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt
RuleID : 34499 - Revision : 3 - Type : OS-WINDOWS
2015-06-23Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt
RuleID : 34498 - Revision : 3 - Type : OS-WINDOWS
2015-06-17Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt
RuleID : 34443 - Revision : 3 - Type : OS-WINDOWS
2015-06-17Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt
RuleID : 34442 - Revision : 3 - Type : OS-WINDOWS
2015-06-17Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt
RuleID : 34414 - Revision : 3 - Type : OS-WINDOWS
2015-06-17Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt
RuleID : 34413 - Revision : 3 - Type : OS-WINDOWS
2015-06-17Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt
RuleID : 34378 - Revision : 3 - Type : OS-WINDOWS
2015-06-17Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt
RuleID : 34377 - Revision : 3 - Type : OS-WINDOWS

Metasploit Database

idDescription
2015-05-12 Windows ClientCopyImage Win32k Exploit

Nessus® Vulnerability Scanner

DateDescription
2015-05-12Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms15-051.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
DateInformations
2015-10-18 17:26:33
  • Multiple Updates
2015-06-23 21:26:39
  • Multiple Updates
2015-06-23 00:24:34
  • Multiple Updates
2015-06-17 21:26:37
  • Multiple Updates
2015-06-06 05:28:10
  • Multiple Updates
2015-06-06 05:15:43
  • Multiple Updates
2015-05-13 17:29:42
  • Multiple Updates
2015-05-13 13:28:08
  • Multiple Updates
2015-05-12 21:30:30
  • Multiple Updates
2015-05-12 21:16:47
  • First insertion