Malefactors actively exploit new vulnerability in Windows
Microsoft has released a security update MS15-085 , which closes the dangerous LPE vulnerability CVE-2015-1769 ( Mount Manager Elevation of Privilege Vulnerability ). The vulnerability is present on client and server versions of Windows, starting with Windows Vista and ending with Windows 10. It belongs to the type of Stuxnet-like-vulnerabilities and is triggered when a removable disk is connected to the computer. For operation, in the root of a removable disk must be located in a special way the generated file or files (symbolic links).
A significant number of Windows system files (Windows 8.1+) are subject to upgrade, including the disk mount driver and the OS kernel: Mountmgr.sys, Ntdll.dll, Ntoskrnl.exe. The vulnerability allows attackers to run their code from the media, and with system privileges SYSTEM. Apparently, the update is not assigned the Critical severity level only because the operation can be performed only through physical access to the PC, i.e. using removable media.
')
The original Stuxnet vulnerability, which was closed by MS10-046 , was a type of Remote Code Execution (RCE), because the vulnerable Windows system component (Shell) allowed attackers to execute their code from a wide variety of places, including remote ones. The new vulnerability in MountMgr can only be used in cases of local exploitation, i.e., only through connecting removable media to the system.
The vulnerability is exploited in-the-wild, see technet.microsoft.com/library/security/ms15-aug .
We recommend that Windows users install the appropriate update. This update has already been delivered to users of Windows 10 earlier, as part of KB3081436 ( Cumulative update for Windows 10: August 11, 2015 ).
be secure.
A significant number of Windows system files (Windows 8.1+) are subject to upgrade, including the disk mount driver and the OS kernel: Mountmgr.sys, Ntdll.dll, Ntoskrnl.exe. The vulnerability allows attackers to run their code from the media, and with system privileges SYSTEM. Apparently, the update is not assigned the Critical severity level only because the operation can be performed only through physical access to the PC, i.e. using removable media.
')
The original Stuxnet vulnerability, which was closed by MS10-046 , was a type of Remote Code Execution (RCE), because the vulnerable Windows system component (Shell) allowed attackers to execute their code from a wide variety of places, including remote ones. The new vulnerability in MountMgr can only be used in cases of local exploitation, i.e., only through connecting removable media to the system.
Ansity of privilege vulnerability when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this binary file and execute it .
In order to exploit the vulnerability, it would be a malicious USB device into a target system . The security update addresses this vulnerability.
The vulnerability is exploited in-the-wild, see technet.microsoft.com/library/security/ms15-aug .
We recommend that Windows users install the appropriate update. This update has already been delivered to users of Windows 10 earlier, as part of KB3081436 ( Cumulative update for Windows 10: August 11, 2015 ).
be secure.
Source: https://habr.com/ru/post/264601/
All Articles