MS15-017: Vulnerability in Virtual Machine Manager could allow elevation of privilege: February 10, 2015

View products that this article applies to.

Introduction

The update that is described in this article resolves a vulnerability in Microsoft System Center 2012 R2 Virtual Machine Manager that could allow elevation of privilege if an attacker logs on to an affected system.

↑ Back to the top

Summary

Microsoft has released security bulletin MS15-017. Learn more about how to obtain the fixes that are included in this security bulletin:

For individual, small business, and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see Get security updates automatically on the Microsoft Safety and Security Center website.
For IT professionals, see Microsoft Security Bulletin MS15-017 on the Security TechCenter website.

↑ Back to the top

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top

More Information

Security update deployment information

Additional information about this update

The following article contains additional information about this update as it relates to individual product versions. The article may contain specific information to the individual updates such as download URLs and installation instructions.

3023195 Description of the security update for Update Rollup 5 for System Center 2012 R2 Virtual Machine Manager

The following is the security issue that is included in Update Rollup 5. For more information about the non-security issues that are included in Update Rollup 5, see security update 3023195 .
- A vulnerability exists in Virtual Machine Manager when it incorrectly validates user roles. The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with that credential to exploit the vulnerability.

↑ Back to the top

File hash information

File name	SHA1 hash	SHA256 hash
kb3023195_vmmserver_amd64.msp	A3C2EB15F3CD614327F0654498290484A766906D	ADE22D06AFC9C0D4740F6F78835648AC711CD5BD9F6A2A2FD446F7D5CE34093C
kb3023914_AdminConsole_amd64.msp	018F65EF001628767C861B4482FBA64C3FCC7E9C	6DFFE7F148EA0CD72958CA31AD665BA8FAF1ED95D852BCE10C109AA99C24AA5C
kb3023914_AdminConsole_i386.msp	2DB0C289D3ED4CAFF0ECF758AEDBD93E051EA3D7	985BBB64854BCBF80024CBDCF66A35161A7DCA8B94522037AA4AECAD1C307B5F

↑ Back to the top

Applies to:

Microsoft System Center 2012 R2 Virtual Machine Manager

↑ Back to the top

Keywords: atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbsecreview, kbsecbulletin, kb, kbsecurity, kbsecvulnerability, kbmustloc

↑ Back to the top

Article Info

Article ID	:	3035898
Revision	:	1
Created on	:	1/7/2017
Published on	:	2/10/2015
Exists online	:	False
Views	:	471

Security update file names	For Microsoft System Center Virtual Machine Manager 2012 R2 UR 5 (VMM Server Update): update kb3023195_vmmserver_amd64.msp
	For Microsoft System Center Virtual Machine Manager 2012 R2 UR5 (Admin Console Update update): KB3023914_AdminConsole_amd64.msp
Installation switches	See installation instructions
Update Log File	KB3023195.log KB3023914.log
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal information	Rollback to a previous update rollup is not supported.
File information	See Microsoft Knowledge Base Article 3023195
Registry key verification	HKLM\Software\Microsoft\Microsoft System Center Virtual Machine Manager Server\Setup\ProductVersion

Microsoft KB Archive Search

MS15-017: Vulnerability in Virtual Machine Manager could allow elevation of privilege: February 10, 2015

Introduction

Summary

How to obtain help and support for this security update

More Information

Microsoft System Center Virtual Machine Manager 2012 R2

Additional information about this update

Applies to: