MS15-135 Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege
2015-12-08 This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Windows Kernel Memory Elevation of Privilege Vulnerability
- Multiple elevation of privilege vulnerabilities exist due to the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2015-6171 - Windows Kernel Memory Elevation of Privilege Vulnerability
- Multiple elevation of privilege vulnerabilities exist due to the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2015-6173 - Windows Kernel Memory Elevation of Privilege Vulnerability
- Multiple elevation of privilege vulnerabilities exist due to the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2015-6174 - Windows Kernel Memory Elevation of Privilege Vulnerability
- Multiple elevation of privilege vulnerabilities exist due to the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2015-6175
Bulletin details at Microsoft.com
Related CVE Entries
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6173 and CVE-2015-6174.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-09
Updated
2019-05-15
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6174.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-09
Updated
2019-05-15
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6173.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-09
Updated
2019-05-15
CVE-2015-6175
Known exploited
The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-09
Updated
2018-10-30
CISA KEV Added
2022-05-25