CVE-2015-2534 — Improper Access Control in Microsoft Windows Server 2012

CWE-284 — Improper Access Control4 documents3 sources

Severity

1.9LOWNVD

EPSS

0.6%

top 30.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2012

Timeline

PublishedSep 9

Latest updateMay 14

Description

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability."

CVSS vector

AV:L/AC:M/C:N/I:P/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9hhg-f83v-9crx: Hyper-V in Microsoft Windows 8↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2015↗2015-09-08

▶

Talos

Microsoft Patch Tuesday - September 2015↗2015-09-08

▶