Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0073

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2015-0073
Last Modified 10 Sep 2015 11:59:34
Published 11 Mar 2015 06:59:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-0073

Summary

The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka "Registry Virtualization Elevation of Privilege Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 7

  • Microsoft Windows 8 -

  • Microsoft Windows 8.1 -

  • Microsoft Windows Rt -

  • Microsoft Windows Rt 8.1 -

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Server 2012 -

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Vista


References

MS - MS15-025

SECTRACK - 1031899

BID - 72908

Related Patches

MS15-025 Security Update for Windows Server 2003 (KB3033395)

MS15-025 Security Update for Windows Server 2008 (KB3035131)

MS15-025 Security Update for Windows Vista (KB3035131)

MS15-025 Security Update for Windows Vista x64 (KB3035131)

MS15-025 Security Update for Windows Server 2008 x64 (KB3035131)

MS15-025 Security Update for Windows Server 2003 x64 (KB3033395)

MS15-025 Security Update for WEPOS and POSReady 2009 (KB3033395)


Last Updated: 27 May 2016 11:08:02