Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows vista |
||
microsoft windows 2003 server |
||
microsoft windows server 2008 - |
||
microsoft windows 7 |
Panic, flee, cry – or just update Windows for fsck's sake Psst, hackers. Just go for the known vulnerabilities
A new malware strain tapped into GitHub posts and Slack channels to siphon precious data from infected Windows PCs, it is claimed. Researchers at Trend Micro have dubbed the malware "Slub", a mash-up of the names of the two services the software nasty apparently used to obtain instructions from its masterminds and exfiltrate information from hijacked computers. Trend's virus-hunters said they spotted at the end of last month Slub lurking on a compromised "watering hole," which is a website frequ...
CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft’s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1. The error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protection methods. The exploit was discovered in the wild in August 2015, when it...
Operation RussianDoll smelled like Russian miscreants, say infosec bods
A hacking group probably backed by Russia has been making use of two zero-day exploits to target foreign governments. The so-called "Operation RussianDoll" attackers used zero-day exploits in Adobe Flash and Windows to target a specific foreign government organisation. Security firm FireEye says the pattern of the attacks fits those of the recently exposed APT 28 cyberspies, making the group the most likely culprits for the latest attack. The highly complex attack featuring used two zero-days to...