CVE-2015-2478

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT Gold and 8.1 Windows 10 Gold and 1511

Description The issue is related to insufficient access restrictions in certain Windows functions. It allows a local attacker to gain elevated privileges by making a specially crafted Winsock call to an invalid address. To exploit this, an attacker must first log on to the target system. The vulnerability can be exploited via a crafted application that triggers a Winsock call referencing an invalid address.

Recommendations For Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Winsock functionality until a patch is available. Avoid using the Winsock call with unverified memory addresses in applications until the issue is resolved.