Skip to main content

Information Technology
  2. Security
  3. messages
  4. Windows Kernel-Mode Drivers Vulnerability

Windows Kernel-Mode Drivers Vulnerability

VUIT Security Notice: Vulnerability found in Windows Kernel-Mode Drivers

Vanderbilt IT would like to bring the following information to the technical community’s attention, especially those who use the kernel module for Microsoft Windows products. 

A remote code execution vulnerability was identified in the following versions:

  • Windows Vista
  • Windows Server 2008 and Server 2008 R2
  • Windows 7
  • Windows 8 and 8.1
  • Windows Server 2012 and 2012 R2

The security vulnerability can be exploited locally and can potentially allow the attacker to escalate privileges in the operating system. In turn, this could allow the attacker to have the same rights as an administrator.

In addition to referencing Microsoft’s Support page dedicated to this vulnerability, VUIT recommends that you check your update channels often to see if the patch is available.

VUIT Security Operations will continue to monitor this vulnerability closely. The team is waiting for vendors before instituting detection capability for possible exploits of this vulnerability and transitioning into prevention mode.

For more information, please contact VUIT Security Operations at vuit.incident.response@vanderbilt.edu.

Sources and References:
 https://technet.microsoft.com/en-us/library/security/ms15-135.aspx
 https://support.microsoft.com/en-us/kb/3119075
 http://www.networkworld.com/article/3013027/security/patch-tuesday-microsoft-released-12-patches-8-rated-critical-1-for-a-zero-day.html
 https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/12/08/patch-tuesday-december-2015