Oval Definition:oval:org.mitre.oval:def:28699
Revision Date:2015-07-06Version:24
Title:Windows Kernel security feature bypass vulnerability - CVE-2015-1674 (MS15-052)
Description:The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-1674
Platform(s):Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis
  • Win 8/2k12 and vulnerable file version
  • Win 8 / 2k12
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND gdr/ldr
  • Check if the version of cng.sys is less than 6.2.9200.17343
  • OR Check for LDR
  • Check if the version of the Cng.sys is greater than or equal to 6.2.9200.21000
  • AND Check if the version of cng.sys is less than 6.2.9200.21456
  • OR Win 8.1 / 2K12 R2and vulnerable file version
  • Win 8.1 / 2k12 R2
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check if the version of cng.sys is less than 6.3.9600.17785
    • BACK