Executive Summary

Summary
Title Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
Informations
Name MS15-061 First vendor Publication 2015-06-09
Vendor Microsoft Last vendor Modification 2015-06-09
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V1.0 (June 9, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-061

CWE : Common Weakness Enumeration

% Id Name
45 % CWE-416 Use After Free
36 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9 % CWE-476 NULL Pointer Dereference
9 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28201
 
Oval ID: oval:org.mitre.oval:def:28201
Title: Microsoft Windows Kernel Brush Object use after free vulnerability - CVE-2015-1726 (MS15-061)
Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1726
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28508
 
Oval ID: oval:org.mitre.oval:def:28508
Title: Win32k memory corruption elevation of privilege vulnerability - CVE-2015-1768 (MS15-061)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1768
Version: 3
Platform(s): Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28665
 
Oval ID: oval:org.mitre.oval:def:28665
Title: Win32k buffer overflow vulnerability - CVE-2015-1725 (MS15-061)
Description: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1725
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28806
 
Oval ID: oval:org.mitre.oval:def:28806
Title: Microsoft Windows Kernel Bitmap handling use after free vulnerability - CVE-2015-1722 (MS15-061)
Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1722
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28994
 
Oval ID: oval:org.mitre.oval:def:28994
Title: Win32k elevation of privilege vulnerability - CVE-2015-2360 (MS15-061)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2360
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29050
 
Oval ID: oval:org.mitre.oval:def:29050
Title: Win32k Pool buffer overflow vulnerability - CVE-2015-1727 (MS15-061)
Description: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1727
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29067
 
Oval ID: oval:org.mitre.oval:def:29067
Title: Microsoft Windows Station use after free vulnerability - CVE-2015-1723 (MS15-061)
Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1723
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29093
 
Oval ID: oval:org.mitre.oval:def:29093
Title: Microsoft Windows Kernel information disclosure vulnerability – CVE-2015-1719 (MS15-061)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1719
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29118
 
Oval ID: oval:org.mitre.oval:def:29118
Title: Microsoft Windows Kernel use after free vulnerability – CVE-2015-1720 (MS15-061)
Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1720
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29124
 
Oval ID: oval:org.mitre.oval:def:29124
Title: Microsoft Windows Kernel Object use after free vulnerability - CVE-2015-1724 (MS15-061)
Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1724
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29145
 
Oval ID: oval:org.mitre.oval:def:29145
Title: Win32k Null pointer dereference vulnerability - CVE-2015-1721 (MS15-061)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1721
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 4
Os 3
Os 2
Os 1

Snort® IPS/IDS

Date Description
2015-08-14 Microsoft Windows clipboard null pointer dereference attempt
RuleID : 35113 - Revision : 2 - Type : OS-WINDOWS
2015-08-14 Microsoft Windows clipboard null pointer dereference attempt
RuleID : 35112 - Revision : 2 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows 8 CreateWindowEx privilege escalation attempt
RuleID : 34789 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows 8 CreateWindowEx privilege escalation attempt
RuleID : 34788 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows device context memory corruption attempt
RuleID : 34787 - Revision : 3 - Type : FILE-OTHER
2015-07-13 Microsoft Windows device context memory corruption attempt
RuleID : 34786 - Revision : 3 - Type : FILE-OTHER
2015-07-13 Microsoft Windows window placement invalid memory write attempt
RuleID : 34785 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows window placement invalid memory write attempt
RuleID : 34784 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows BrushAttributes use-after-free attempt
RuleID : 34783 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows BrushAttributes use-after-free attempt
RuleID : 34782 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows device context visible region memory corruption attempt
RuleID : 34781 - Revision : 3 - Type : FILE-OTHER
2015-07-13 Microsoft Windows device context visible region memory corruption attempt
RuleID : 34780 - Revision : 3 - Type : FILE-OTHER
2015-07-13 Microsoft Windows NtUserMessageCall information disclosure attempt
RuleID : 34777 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows NtUserMessageCall information disclosure attempt
RuleID : 34776 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows multiple linked fonts memory corruption attempt
RuleID : 34775 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows multiple linked fonts memory corruption attempt
RuleID : 34774 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows bitmap menu item use after free attempt
RuleID : 34771 - Revision : 3 - Type : OS-WINDOWS
2015-07-13 Microsoft Windows bitmap menu item use after free attempt
RuleID : 34770 - Revision : 3 - Type : OS-WINDOWS
2015-07-08 Microsoft Windows clipboard null pointer dereference privilege escalation att...
RuleID : 34762 - Revision : 5 - Type : OS-WINDOWS
2015-07-08 Microsoft Windows clipboard null pointer dereference privilege escalation att...
RuleID : 34761 - Revision : 5 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2015-06-09 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms15-061.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2015-08-14 21:23:53
  • Multiple Updates
2015-07-13 21:27:04
  • Multiple Updates
2015-07-08 21:27:03
  • Multiple Updates
2015-06-10 21:30:44
  • Multiple Updates
2015-06-10 13:27:54
  • Multiple Updates
2015-06-10 09:30:13
  • Multiple Updates
2015-06-09 21:30:52
  • Multiple Updates
2015-06-09 21:17:31
  • First insertion