⚠ Actively exploited
Added to CISA KEV on 2022-05-25. Federal agencies required to patch by 2022-06-15. Required action: Apply updates per vendor instructions..

CVE-2015-2360

CWE-119Buffer OverflowCWE-416Use After Free8 documents7 sources
Severity
8.8HIGH
EPSS
11.6%
top 6.35%
CISA KEV
KEV
Added 2022-05-25
Due 2022-06-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedJun 10
KEV addedMay 25
KEV dueJun 15
CISA Required Action: Apply updates per vendor instructions.

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-259r-5hvg-4f6x: win32k2022-05-14
CVEList
CVE-2015-2360: win32k2015-06-10
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability2015

📋Vendor Advisories

1
CISA
Microsoft Win32k Privilege Escalation Vulnerability2022-05-25

🕵️Threat Intelligence

2
Qualys
Patch Tuesday June 2015 - Update | Qualys2015-06-09
Qualys
Patch Tuesday June 2015 - Update | Qualys2015-06-09

💬Community

1
Bugzilla
CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow2015-06-24
CVE-2015-2360 (HIGH CVSS 8.8) | win32k.sys in the kernel-mode drive | cvebase.io