Zero-day vulnerability in Windows

Expoited by Duqu 2.0 and used in attack against the Kaspersky Lab to hack their internal networks in early spring 2015.

Advisory: SB2015060901 - Multiple vulnerabilities in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2015-2360

CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-119 - Memory corruption

Description:

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to boundary error. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

Note: the vulnerability was being actively exploited.

External links:

https://technet.microsoft.com/en-us/library/security/ms15-061.aspx
https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-ac...
http://securityaffairs.co/wordpress/37714/cyber-crime/duqu-2-0-hit-kaspersky.html
http://blog.trendmicro.com/trendlabs-security-intelligence/analysis-of-cve-2015-2360-duqu-2-0-zero-d...
https://www.symantec.com/security_response/vulnerability.jsp?bid=75025
http://blog.ensilo.com/ms-patch-tuesday-a-look-into-4-vulnerabilities-in-the-windows-kernel
https://www.virusbulletin.com/conference/vb2015/abstracts/duqu-2-0-win32k-exploit-analysis/
http://usa.kaspersky.com/about-us/press-center/press-releases/2015/duqu-back-kaspersky-lab-reveals-c..
https://blogs.bromium.com/2015/06/16/duqu-2-0-whos-the-lord-of-ring0/