Cyber Resilience

CVE-2015-1701

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 21 April 2015

Published
21 April 2015
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9043 99.6th percentile
Risk Priority 90 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-1701 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 2003 Server. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2015-1701 resides in the Win32k.sys kernel-mode driver on Microsoft Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2. It is an elevation-of-privilege flaw that can be triggered by a crafted application, as indicated by its CVSS 3.1 base score of 7.8 under an AV:L/AC:L/PR:L vector.

Local users on affected systems can exploit the issue by executing a malicious application, resulting in the ability to gain higher privileges. The vulnerability was observed being exploited in the wild during April 2015.

Microsoft security bulletin MS15-051 supplies patches that address the flaw on the listed platforms, along with associated mitigation steps referenced in the advisory.

The issue is tracked under the common name Win32k Elevation of Privilege Vulnerability and has been discussed in multiple public security trackers and mailing-list disclosures.

EU & UK References

Vulnerability details

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege…

more

Vulnerability."

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 2003 server
all versions, r2
microsoft
windows 7
all versions
microsoft
windows server 2008
all versions
microsoft
windows vista
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the unpatched Win32k.sys flaw by requiring timely installation of the MS15-051 security update that eliminates the elevation-of-privilege vector.

prevent

Limits the privileges assigned to local user accounts, reducing the impact and likelihood of successful exploitation of the kernel driver vulnerability.

preventdetect

Blocks or detects execution of the crafted malicious application used to trigger the Win32k.sys privilege-escalation flaw.

References