Oval Definition:oval:org.mitre.oval:def:28634
Revision Date:2015-02-23Version:45
Title:Windows Error Reporting security feature bypass vulnerability - CVE-2015-0001 (MS15-006)
Description:The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-0001
Platform(s):Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis
  • Win 8 / 2k12 and vulnerable file version
  • Win 8 / 2k12
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check for vulnerable version
  • Check if the version of wer.dll is less than 6.2.9200.17199
  • OR Check for LDR
  • Check if the version of wer.dll is greater than or equal to 6.2.9200.21000
  • AND Check if the version of wer.dll is less than 6.2.9200.21316
  • OR Win 8.1 / 2k12 R2 and vulnerable file version
  • Win 8.1 / 2k12 R2
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check if the version of wer.dll is less than 6.3.9600.17550
    • BACK