The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Windows: privilege escalation via MSI

Synthesis of the vulnerability

A local attacker can create a Trojan Horse for the Windows Installer, in order to escalate his privileges.
Severity of this weakness: 2/4.
Creation date: 15/07/2015.
Références of this bulletin: 3072630, CERTFR-2015-AVI-293, CVE-2015-2371, MS15-074, VIGILANCE-VUL-17364, ZDI-15-339.

Description of the vulnerability

The Windows Installer is called to install software on the system from a MSI file.

When a software was installed, the Windows Installer can execute new scripts it finds on the system. These scripts are run with the privilege of the next user.

A local attacker can therefore create a Trojan Horse for the Windows Installer, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Windows 10, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.

Our Vigil@nce team determined that the severity of this computer vulnerability note is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this security bulletin.

Solutions for this threat

Windows: patch for MSI.
A patch is available in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities.