⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-05.

CVE-2015-2546 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows Server 2008

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer17 documents9 sources

Severity

8.2HIGHNVD

NVD6.9

EPSS

39.8%

top 2.67%

CISA KEV

KEVRansomware

Added 2022-03-15

Due 2022-04-05

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedSep 9

KEV addedMar 15

KEV dueApr 5

Latest updateFeb 12

CISA Required Action: Apply updates per vendor instructions.

Description

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5c8h-c2cj-96mm: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

GHSA

GHSA-gg7p-gv8f-3f34: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

GHSA

GHSA-45vm-92vp-645q: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

GHSA

GHSA-w4g3-mf84-xf67: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

VulnCheck

Microsoft Win32k Memory Corruption Vulnerability↗2015

▶

📋Vendor Advisories

CISA

Microsoft Win32k Memory Corruption Vulnerability↗2022-03-15

▶

🕵️Threat Intelligence

Tenable

ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help↗2022-03-24

▶

Securelist

A Modern Hypervisor as a Basis for a Sandbox↗2017-09-19

▶

Qualys

Patch Tuesday September 2015 | Qualys↗2015-09-08

▶

Qualys

Patch Tuesday September 2015 | Qualys↗2015-09-08

▶

Krebs

Microsoft Pushes a Dozen Security Updates↗2015-09-08

▶

📄Research Papers

arXiv

Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures↗2025-02-12

▶