CVE-2015-6128

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1

Description The issue is related to the improper handling of library loading, which allows local users to gain privileges via a crafted application. This can lead to remote code execution, enabling an attacker to take complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Windows Vista SP2, consider applying the necessary security updates to resolve the issue. For Windows Server 2008 SP2 and R2 SP1, apply the relevant patches to fix the library loading mishandling. For Windows 7 SP1, update to a version that includes the fix for the library loading vulnerability. As a temporary workaround, consider restricting the use of crafted applications that could exploit the library loading issue until a patch is available.