CVE-2015-2454

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description A security feature bypass issue exists due to the kernel-mode driver's failure to properly validate and enforce impersonation levels. This allows local users to gain privileges via a crafted application. An attacker who successfully exploits this issue could bypass impersonation-level security and gain elevated privileges on a targeted system. The issue by itself does not allow arbitrary code execution, but it could be used in conjunction with another issue. To exploit this, an attacker would have to log on to an affected system.

Recommendations For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.