CVE-2015-1674

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 8 through 8.1 Microsoft Windows Server versions 2012 Gold and R2 Microsoft Windows RT versions Gold and 8.1

Description A security feature bypass issue exists due to the Windows kernel's failure to properly validate a memory address. This allows an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, enabling them to discover the cng.sys base address from a compromised process. To exploit this, an attacker must log on to an affected system.

Recommendations For Microsoft Windows versions 8 through 8.1, update to a version that includes the security fix for this issue. For Microsoft Windows Server versions 2012 Gold and R2, apply the necessary patch or update to resolve the security feature bypass vulnerability. For Microsoft Windows RT versions Gold and 8.1, install the available security update that addresses this vulnerability.