Microsoft Windows FAT32 Disk Partition Driver Local Privilege Escalation Vulnerabilities

Summary

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka ‘Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability.’

Credit:

Details

Vulnerable Systems:
 * Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2

Microsoft Windows FAT32 Disk Partition Driver is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will result in the complete compromise of affected computers.

CVE Information:
CVE-2014-4115

Disclosure Timeline:
Original release date: 10/15/2014
Last revised: 10/31/2014

Categories: Windows