cbcvebase.
CVE-2015-1769
published 2015-08-15

CVE-2015-1769: Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…

PriorityP276medium6.6CVSS 3.1
AVPACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
4.34%
90.0th percentile
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftwindows_server_2008
microsoftwindows_server_2012

Detection & IOCsextracted from sources · hover to see the quote

  • Attack vector is physical: a crafted USB device must be connected to the target machine to trigger the Mount Manager symlink mishandling and achieve privilege escalation/code execution
  • Root cause is improper processing of symbolic links by the Windows Mount Manager component; monitor for anomalous symlink creation events triggered at USB device insertion
  • ·Affected platforms span a wide range of Windows versions; detections should be scoped accordingly: Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 Gold/R2, RT Gold/8.1, and Windows 10

CVSS provenance

nvdv3.16.6MEDIUMCVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck6.6MEDIUM
cisa6.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.