CVE-2015-2360

high-risk

Published 2015-06-10

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Do I need to act?

11.6% chance of exploitation in next 30 days

EPSS score — higher than 88% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (13)

Windows 7

Windows 8.1

Windows Rt 8.1

Windows Server 2003

Windows Server 2008

Windows Server 2012

Windows Vista

Windows 8

Windows Rt

Affected Vendors

Microsoft

References (7)

Third Party Advisory http://www.securityfocus.com/bid/75025

Third Party Advisory http://www.securitytracker.com/id/1032525

Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-06...

Third Party Advisory http://www.securityfocus.com/bid/75025

Third Party Advisory http://www.securitytracker.com/id/1032525

Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-06...

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 18/34 · Moderate

Exposure 17/34 · Moderate