Home / bulletins

MS15-025 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680) - Version: 2.0

Posted on 17 March 2015

Important

Severity Rating: Important
Revision Note: V2.0 (March 16, 2015): To address a packaging issue for customers who are repeatedly reoffered security update 3033395 when installed on systems running supported editions of Windows Server 2003, Microsoft released update 3033395-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3033395 update should install update 3033395-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3033395 update also apply update 3033395-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action. See Microsoft Knowledge Base Article 3033395 for more information.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited the vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts potentially with full user rights.

Link

Other versions

 

TOP