Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0010Race Condition in Microsoft Windows Server 2008

CWE-310CWE-362Race ConditionCWE-476NULL Pointer DereferenceCWE-416Use After FreeCWE-911Improper Update of Reference CountCWE-617Reachable Assertion16 documents7 sources
Severity
1.9LOWNVD
EPSS
1.7%
top 17.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedFeb 11
Latest updateAug 19

Description

The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a serv

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-m8v6-5m42-3wc3: The CryptProtectMemory function in cng2022-05-14

💥Exploits & PoCs

3
Exploit-DB
BMC BladeLogic 8.3.00.64 - Remote Command Execution2018-01-26
Exploit-DB
Sendio ESP - Information Disclosure2015-05-26
Exploit-DB
Microsoft Windows - Local Privilege Escalation (MS15-010)2015-05-25

📋Vendor Advisories

5
Red Hat
kernel: wifi: rtl818x: Kill URBs before clearing tx status queue2025-08-19
Red Hat
kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=02025-06-18
Red Hat
kernel: udmabuf: change folios array from kmalloc to kvmalloc2024-12-27
Red Hat
kernel: net/mlx5: Fix missing lock on sync reset reload2024-08-17
Red Hat
kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order2024-07-12

🕵️Threat Intelligence

4
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed2015-02-10
Qualys
Patch Tuesday February 2015 | Qualys2015-02-10
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed2015-02-10
Qualys
Patch Tuesday February 2015 | Qualys2015-02-10