CVE-2015-1769

high-risk

Published 2015-08-15

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."

Do I need to act?

31.8% chance of exploitation in next 30 days

EPSS score — higher than 68% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.6/10 Medium

PHYSICAL / LOW complexity

Affected Products (12)

Windows 10

Windows 7

Windows 8.1

Windows Rt 8.1

Windows Server 2008

Windows Server 2012

Windows Vista

Windows 8

Windows Rt

Affected Vendors

Microsoft

References (7)

Vendor Advisory http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-176...

Third Party Advisory http://www.securitytracker.com/id/1033244

Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-08...

Vendor Advisory http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-176...

Third Party Advisory http://www.securitytracker.com/id/1033244

Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-08...

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-...

/ 100

high-risk

Severity 21/34 · High

Exploitability 23/34 · High

Exposure 17/34 · Moderate