CVE-2015-0001
Description
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local attacker with administrative privileges can bypass Protected Process Light protection via Windows Error Reporting to read arbitrary process memory.
Vulnerability
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 contains a security feature bypass vulnerability. The bug allows a local user to bypass the Protected Process Light (PPL) protection mechanism and read the contents of arbitrary process-memory locations. The vulnerability is due to improper interaction between WER and processes. Affected versions include all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 [1].
Exploitation
An attacker must have local access to the system and administrative privileges. With these privileges, the attacker can leverage the WER component to read the memory of arbitrary processes, including those protected by PPL. The attacker would run a specially crafted application that exploits the vulnerability to access process memory [1].
Impact
Successful exploitation allows the attacker to read the memory of arbitrary processes, bypassing the Protected Process Light protection. This could lead to the disclosure of sensitive information contained in the memory of those processes. The vulnerability does not provide code execution or privilege escalation beyond the administrative privileges already required [1].
Mitigation
Microsoft released security update MS15-006 (KB3004365) in January 2015 to address this vulnerability. The update corrects how WER interacts with processes. Users should apply the update as soon as possible. No workarounds are documented in the available reference [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt:-:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.htmlnvd
- secunia.com/advisories/62134nvd
- www.securityfocus.com/bid/71927nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-006nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/99513nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/99514nvd
News mentions
0No linked articles in our index yet.