CVE-2015-2453

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description An elevation of privilege issue exists in the Client/Server Run-time Subsystem (CSRSS) due to improper process termination when a user logs off. This allows a local attacker to run code that monitors subsequent users' actions, potentially disclosing sensitive information, including logon credentials. The attacker could use this information to further compromise the system, and if an administrative user logs on, the attacker could run arbitrary code in kernel mode, enabling them to install programs, view, change, or delete data, or create new accounts with full system rights.

Recommendations For Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.