CVE-2015-1701
Published: 21 April 2015
Summary
CVE-2015-1701 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 2003 Server. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2015-1701 resides in the Win32k.sys kernel-mode driver on Microsoft Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2. It is an elevation-of-privilege flaw that can be triggered by a crafted application, as indicated by its CVSS 3.1 base score of 7.8 under an AV:L/AC:L/PR:L vector.
Local users on affected systems can exploit the issue by executing a malicious application, resulting in the ability to gain higher privileges. The vulnerability was observed being exploited in the wild during April 2015.
Microsoft security bulletin MS15-051 supplies patches that address the flaw on the listed platforms, along with associated mitigation steps referenced in the advisory.
The issue is tracked under the common name Win32k Elevation of Privilege Vulnerability and has been discussed in multiple public security trackers and mailing-list disclosures.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-1831
Vulnerability details
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege…
more
Vulnerability."
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the unpatched Win32k.sys flaw by requiring timely installation of the MS15-051 security update that eliminates the elevation-of-privilege vector.
Limits the privileges assigned to local user accounts, reducing the impact and likelihood of successful exploitation of the kernel driver vulnerability.
Blocks or detects execution of the crafted malicious application used to trigger the Win32k.sys privilege-escalation flaw.