Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel.
A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges.
Information
Microsoft Windows Vista x64 Edition Service Pack 2 0
Microsoft Windows Vista Service Pack 2 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows RT 8.1
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 version 1511 for x64-based Systems 0
Microsoft Windows 10 version 1511 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 for 32-bit Systems 0
Exploit
Reports indicate that this issue is being exploited in the wild.
References:
- Microsoft Homepage (Microsoft)
- Zero Day Auction for the Masses (Trustwave)
- Krebsonsecurity : Got $90,000? A Windows 0-Day Could Be Yours (krebsonsecurity)