CVE-2015-0075

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1

Description An issue exists where Windows fails to properly validate and enforce impersonation levels, allowing local users to gain elevated privileges via a crafted application. To exploit this, an attacker would first have to log on to the system.

Recommendations For Microsoft Windows Server 2003 SP2, update to a version that properly constrains impersonation levels. For Microsoft Windows Vista SP2, update to a version that properly validates and enforces impersonation levels. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that correctly handles impersonation level checks. For Microsoft Windows 7 SP1, update to a version that properly enforces user account checks to prevent elevation of privilege.