MS15-063 Vulnerability in Windows Kernel Could Allow Elevation of Privilege
2015-06-09 This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share. An attacker would then have to wait for a user to run a program that can load a malicious .dll file, resulting in elevation of privilege. However, in all cases an attacker would have no way to force a user to visit such a network share or website.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Windows LoadLibrary EoP Vulnerability
- An elevation of privilege vulnerability exists in Microsoft Windows LoadLibrary when it fails to properly validate user input.
CVE-2015-1758
Bulletin details at Microsoft.com
Related CVE Entries
Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka "Windows LoadLibrary EoP Vulnerability."
Max CVSS
6.9
EPSS Score
0.05%
Published
2015-06-10
Updated
2018-10-12