MS.Windows.Kernel.SetWindowsHookAW.Security.Bypass
Description
This indicates an attack attempt against an Information Disclosure vulnerability in Microsoft Windows Kernel.
The vulnerability is due to improper validation of a system call when handling a crafted file. A remote attacker can exploit this to disclose memory contents and then bypass ASLR feature on the affected machines via the crafted file.
Affected Products
Windows 8 and Windows 8.1
Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2012 R2 (Server Core installation)
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems
Recommended Actions
Apply the most recent upgrade or patch from the vendor
http://technet.microsoft.com/security/bulletin/MS15-097
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |