Remote Procedure Call Vulnerability in Microsoft Windows
CVE-2015-2370

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Rt; Windows 8.1; Windows Server 2008
Vendor: CVE Published:; 14 July 2015

Summary

The vulnerability affects the authentication implementation within the RPC subsystem of various Microsoft Windows operating systems. It allows local users to exploit DCE/RPC connection reflection, potentially leading to unauthorized privilege escalation via a specially crafted application. This weakness can be leveraged by malicious actors to gain elevated rights on affected systems, thereby posing a significant security risk.

References

http://www.securitytracker.com/id/1032907

vdb-entryx_refsource_SECTRACK

https://www.exploit-db.com/exploits/37768/

exploitx_refsource_EXPLOIT-DB

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 14, 2015
Vulnerability Reserved
Mar 19, 2015