CVE-2015-1769
published 2015-08-15CVE-2015-1769: Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
PriorityP276medium6.6CVSS 3.1
AVPACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
4.34%
90.0th percentile
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector is physical: a crafted USB device must be connected to the target machine to trigger the Mount Manager symlink mishandling and achieve privilege escalation/code execution ↗
- →Root cause is improper processing of symbolic links by the Windows Mount Manager component; monitor for anomalous symlink creation events triggered at USB device insertion ↗
- ·Affected platforms span a wide range of Windows versions; detections should be scoped accordingly: Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 Gold/R2, RT Gold/8.1, and Windows 10 ↗
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck6.6MEDIUM
cisa6.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Windows up to Vista Mount Manager link following (MS15-085 / Nessus ID 85330)
vuldb·2026-04-22·CVSS 6.6
CVE-2015-1769 [MEDIUM] Microsoft Windows up to Vista Mount Manager link following (MS15-085 / Nessus ID 85330)
A vulnerability was found in Microsoft Windows up to Vista. It has been rated as problematic. This affects an unknown part of the component Mount Manager. This manipulation causes link following.
This vulnerability is registered as CVE-2015-1769. The attack needs to be launched locally. Furthermore, an exploit is available.
To fix this issue, it is recommended to deploy a patch.
GHSA
GHSA-fj6j-88c7-c8gx: Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2015-1769 [HIGH] GHSA-fj6j-88c7-c8gx: Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
VulnCheck
Microsoft Windows Mount Manager Privilege Escalation Vulnerability
vulncheck·2015·CVSS 6.6
CVE-2015-1769 [MEDIUM] CWE-264 Microsoft Windows Mount Manager Privilege Escalation Vulnerability
Microsoft Windows Mount Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-15
CISA
Microsoft Windows Mount Manager Privilege Escalation Vulnerability
cisa·2022-05-25·CVSS 6.6
CVE-2015-1769 [MEDIUM] CWE-264 Microsoft Windows Mount Manager Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows Mount Manager Privilege Escalation Vulnerability
Affected: Microsoft Windows
A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-1769
Remediation Due Date: 2022-06-15
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - August 2015
blogs_talos·2015-08-11·CVSS 4.3
[MEDIUM] Microsoft Patch Tuesday - August 2015
Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins released which address 58 CVEs. Four bulletins are rated "Critical" this month and address vulnerabilities in Internet Explorer, Graphics Component, Office, and Edge. The other ten bulletins are rated "Important" and address vulnerabilities within Remote Desktop Protocol (RDP), Server Message Block (SMB), XML Core Services, Mount Manager, System Center Operations Manager, UDDI Services, Command Line, WebDAV, Windows, and the .NET Framework.
### Bulletins Rated CriticalMS15-079, MS15-080, MS15-081, and MS15-091 are rated "Critical".
MS15-079 is this month's Internet Explorer security bulletin. Thirteen CVEs wer
Krebs
Adobe, MS Push Patches, Oracle Drops Drama
blogs_krebs·2015-08-11
Adobe, MS Push Patches, Oracle Drops Drama
Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle‘s chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down.
Adobe’s latest patch for Flash (it has issued more than a dozen this year alone) fixes at least 34 separate security vulnerabilities in Flash and Adobe AIR. Mercifully, Adobe said this time around it is not aware of malicious hackers actively exploiting any of the flaws addressed in this release.
Adobe recommends users of Adobe Flash Player
Talos
Microsoft Patch Tuesday - August 2015
blogs_talos·2015-08-11·CVSS 4.3
[MEDIUM] Microsoft Patch Tuesday - August 2015
## Microsoft Patch Tuesday - August 2015
Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins released which address 58 CVEs. Four bulletins are rated "Critical" this month and address vulnerabilities in Internet Explorer, Graphics Component, Office, and Edge. The other ten bulletins are rated "Important" and address vulnerabilities within Remote Desktop Protocol (RDP), Server Message Block (SMB), XML Core Services, Mount Manager, System Center Operations Manager, UDDI Services, Command Line, WebDAV, Windows, and the .NET Framework.
## Bulletins Rated Critical MS15-079, MS15-080, MS15-081, and MS15-091 are rated "Critical".
MS15-079 is this month's Internet Exp
Krebs
Adobe, MS Push Patches, Oracle Drops Drama – Krebs on Security
blogs_krebs·2015-08-01
Adobe, MS Push Patches, Oracle Drops Drama – Krebs on Security
Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle ‘s chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down.
Adobe’s latest patch for Flash (it has issued more than a dozen this year alone) fixes at least 34 separate security vulnerabilities in Flash and Adobe AIR. Mercifully, Adobe said this time around it is not aware of malicious hackers actively exploiting any of the flaws addressed in this release.
Adobe recommends users of Adobe Flash Playe
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspxhttp://www.securitytracker.com/id/1033244https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspxhttp://www.securitytracker.com/id/1033244https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1769
2015-08-15
Published
2022-05-25
Added to CISA KEV
Exploited in the wild