MS15-004: Vulnerability in Windows components could allow elevation of privilege: January 13, 2015

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials More

Summary


This security update resolves a vulnerability in the TS WebProxy Windows component that could allow elevation of privilege if an attacker convinces a user to run a specially crafted application. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on by using administrative user rights, an attacker could then do the following:
  • Install programs
  • View, change, or delete data
  • Create new accounts that have full user rights
Customers whose accounts are configured to have fewer user rights on the system could be less affected than users who operate by using administrative user rights.

Introduction


Microsoft has released security bulletin MS15-004. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:Support for Microsoft Update

Security solutions for IT professionals:TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:Virus Solution and Security Center

Local support according to your country:International Support
 

Important

  • All updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

More Information


Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 3019978 MS15-004: Description of the security update for Windows: January 13, 2015
  • 3020387 MS15-004: Description of the security update for Windows 7 and Windows Server 2008 R2: January 13, 2015
  • 3020388 MS15-004: Description of the security update for Windows 7 and Windows Server 2008 R2: January 13, 2015
  • 3023299 MS15-004: Description of the security update for Windows Vista: January 13, 2015

File information