CVE-2015-1719

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 and R2 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description The issue is related to the kernel-mode drivers in Microsoft Windows, which allow local users to obtain sensitive information from kernel memory via a crafted application. This is due to the improper handling of buffer elements under certain conditions, enabling an attacker to request the contents of specific memory addresses. An attacker who successfully exploits this issue could potentially read data that is not intended to be disclosed, although it would not allow them to execute code or elevate their user rights directly. The exploitation of this issue requires valid logon credentials and the ability to execute programs on the system.

Recommendations For Microsoft Windows Server 2003 SP2 and R2 SP2, update to a version that includes the fix for this issue. For Microsoft Windows Vista SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 7 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 8, update to a version that includes the fix for this issue. For Microsoft Windows 8.1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012 Gold and R2, update to a version that includes the fix for this issue. For Microsoft Windows RT Gold and 8.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive memory areas until a patch is available.