CVE-2015-1769: Microsoft Windows Mount Manager Privilege Escalation Vulnerability
First published: Sat Aug 15 2015(Updated: )
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Vista | =sp2 | |
| =sp1 | ||
| =sp2 | ||
| =r2-sp1 | ||
| =r2-sp1 | ||
| =r2 | ||
| =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx
- http://www.securitytracker.com/id/1033244
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085
- https://nvd.nist.gov/vuln/detail/CVE-2015-1769
Frequently Asked Questions
What is the severity of CVE-2015-1769?
CVE-2015-1769 has a critical severity rating due to its potential to allow unauthorized remote code execution.
How do I fix CVE-2015-1769?
To fix CVE-2015-1769, ensure that your Windows system is updated with the latest security patches provided by Microsoft.
Who is affected by CVE-2015-1769?
CVE-2015-1769 affects users of Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows 10.
What type of attack does CVE-2015-1769 enable?
CVE-2015-1769 enables physically proximate attackers to execute arbitrary code via malicious USB devices.
What is the main vulnerability of CVE-2015-1769?
The main vulnerability of CVE-2015-1769 involves the mishandling of symlinks in the Windows Mount Manager.
- agent/type
- agent/description
- agent/remedy
- agent/title
- agent/severity
- agent/first-publish-date
- agent/weakness
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/event
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft windows
- canonical/microsoft windows 10
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.0
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- version/microsoft windows server 2008 itanium/r2-sp1
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2