MS15-017: Vulnerability in Virtual Machine Manager could allow elevation of privilege: February 10, 2015

ينطبق على: Microsoft System Center 2012 R2 Virtual Machine Manager

Introduction


The update that is described in this article resolves a vulnerability in Microsoft System Center 2012 R2 Virtual Machine Manager that could allow elevation of privilege if an attacker logs on to an affected system.

Summary


Microsoft has released security bulletin MS15-017. Learn more about how to obtain the fixes that are included in this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More Information


Additional information about this update

The following article contains additional information about this update as it relates to individual product versions. The article may contain specific information to the individual updates such as download URLs and installation instructions.
  • 3023195 Description of the security update for Update Rollup 5 for System Center 2012 R2 Virtual Machine Manager

    The following is the security issue that is included in Update Rollup 5. For more information about the non-security issues that are included in Update Rollup 5, see security update 3023195 .
    • A vulnerability exists in Virtual Machine Manager when it incorrectly validates user roles. The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with that credential to exploit the vulnerability.