CVE-2015-2366

Name of the Vulnerable Software and Affected Versions Windows 7 SP1 Windows Server 2008 R2 SP1 Windows 8 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT Gold and 8.1

Description The issue is related to the win32k.sys driver in the Windows kernel-mode drivers, which allows local users to gain privileges via a crafted application. This is due to insufficient access restrictions to certain functions. An attacker who successfully exploits this issue could run arbitrary code in kernel mode, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this, an attacker would first have to log on to the system.

Recommendations For Windows 7 SP1, update to a version that includes the fix for this issue. For Windows Server 2008 R2 SP1, apply the recommended patch. For Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, ensure that all security updates are applied to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to sensitive functions and modules to minimize the risk of privilege elevation.