CVE-2015-2428

Name of the Vulnerable Software and Affected Versions Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT Gold and 8.1

Description The issue arises from the Object Manager in Windows not properly constraining impersonation levels during interaction with object symbolic links that originated in a sandboxed process. This allows local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists when the Object Manager fails to properly validate and enforce impersonation levels, enabling an attacker to bypass impersonation-level security and gain elevated privileges on a targeted system. To exploit this, an attacker must log on to an affected system. While the vulnerability itself does not allow arbitrary code execution, it could be used in conjunction with another vulnerability to achieve this.

Recommendations For Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, consider restricting access to the Object Manager until a patch is available. As a temporary workaround, consider disabling the interaction with object symbolic links that originated in a sandboxed process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.