CVE-2015-1643

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Windows Server 2003 R2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description The issue is related to the incorrect validation and enforcement of impersonation levels in Microsoft Windows, allowing an attacker to bypass security checks and gain elevated privileges. This could enable an attacker to acquire administrator credentials, install programs, view, change, or delete data, and create new accounts with full administrative rights. To exploit this issue, an attacker would first need to log on to the system.

Recommendations For Microsoft Windows Server 2003 R2, apply the necessary patch to fix the issue. For Microsoft Windows Vista SP2, apply the necessary patch to fix the issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, apply the necessary patch to fix the issue. For Microsoft Windows 7 SP1, apply the necessary patch to fix the issue. For Microsoft Windows 8, apply the necessary patch to fix the issue. For Microsoft Windows 8.1, apply the necessary patch to fix the issue. For Microsoft Windows Server 2012 Gold and R2, apply the necessary patch to fix the issue. For Microsoft Windows RT Gold and 8.1, apply the necessary patch to fix the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.