Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2524Microsoft Windows Server 2008 vulnerability

CWE-2647 documents4 sources
Severity
7.2HIGHNVD
EPSS
16.6%
top 5.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedSep 9
Latest updateMay 14

Description

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2528.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-7g82-h287-x6gw: Microsoft Windows 8, Windows 82022-05-14
GHSA
GHSA-f58p-gqp9-5mv3: Microsoft Windows 8, Windows 82022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation2015-09-15

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - September 20152015-09-08
Talos
Microsoft Patch Tuesday - September 20152015-09-08