Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


MS Windows 0-day - in-the-wild ...

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster



  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 20 April 2015 - 01:16 PM


MS Windows 0-day - in-the-wild ...
- http://www.securityt....com/id/1032155
CVE Reference: https://web.nvd.nist...d=CVE-2015-1701  - 7.2 (HIGH)
Apr 20 2015
Impact: Root access via local system
Vendor Confirmed: Yes  
Description: A vulnerability was reported in Microsoft Windows. A local user can obtain system privileges on the target system. A local user can run a specially crafted program to execute a callback to use data from the system token and execute code with System privileges.
Microsoft Windows 8 and later are reportedly not affected.
This vulnerability is being actively exploited.
The original advisory is available at:
- https://www.fireeye....apt28_useo.html
Apr 18, 2015
"FireEye reported this vulnerability..."

- https://web.nvd.nist...d=CVE-2015-1701  - 7.2 (HIGH)
Last revised: 04/21/2015 - "... as exploited in the wild in April 2015..."

- http://www.theinquir...ash-and-windows
Apr 20 2015 - "... Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows, named CVE-2015-1701, but has -not- yet issued a patch... updating Adobe Flash to the latest version will render the exploit -harmless- because it has seen CVE-2015-1701 in use -only- in conjunction with the Adobe Flash exploit for CVE-2015-3043. The Flash exploit is served from unobfuscated HTML/JS. The launcher page picks one of two Flash files to deliver depending on the target's platform... The APT28 attackers relied heavily on the CVE-2014-0515 Metasploit module to conduct these new exploits..."

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
- https://technet.micr...curity/ms15-051
May 12, 2015
- https://support.micr...n-us/kb/3057191
Last Review: May 13, 2015 - Rev: 2.0

- https://web.nvd.nist...d=CVE-2015-1701
Last revised: 05/13/2015
7.2 (HIGH)

:ph34r: :ph34r:

Edited by AplusWebMaster, 24 May 2015 - 04:22 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...


Register to Remove

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users