CVE-2015-0062

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version, including Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1

Description The issue arises from incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege. This allows local users to gain privileges via a crafted application. An attacker who successfully exploits this could bypass impersonation-level security checks and gain elevated privileges on a targeted system, potentially acquiring administrator credentials to elevate privileges, install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.