CVE-2015-0010

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description A security feature bypass issue exists in the Cryptography Next Generation (CNG) kernel-mode driver. The CryptProtectMemory function does not check an impersonation token's level when the CRYPTPROTECTMEMORY SAME LOGON option is used. This allows local users to bypass intended decryption restrictions by leveraging a service that has a named-pipe planting vulnerability or uses world-readable shared memory for encrypted data. An attacker could exploit this issue by convincing a user to run a specially crafted application, potentially allowing the attacker to gain access to information beyond the access level of the local user.

Recommendations For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 8, update to a newer version to mitigate the risk. For Microsoft Windows 8.1, update to a newer version to mitigate the risk. For Microsoft Windows Server 2012 Gold and R2, update to a newer version to mitigate the risk. For Microsoft Windows RT Gold and 8.1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to services that use world-readable shared memory for encrypted data until a patch is available. Avoid using the CRYPTPROTECTMEMORY SAME LOGON option in the CryptProtectMemory function until the issue is resolved.