Microsoft Security Response Center

**What type of privileges could an attacker gain through this vulnerability?** A local, authenticated attacker could gain elevated privileges through a vulnerable file system component.

**Are the any prerequisites to a successful attack?** Yes, only systems with the IPSec service running are vulnerable to this attack.

**According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. **Are there additional attack vectors?** This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation.

**Are the any prerequisites to a successful attack?** Yes, only systems with the IPSec service running are vulnerable to this attack.

**According to the CVSS, the attack vector is Adjacent. What does that mean and how is that different from a Network vector?** This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.

**According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. **Are there additional attack vectors?** This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation.

**According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. **Are there additional attack vectors?** This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation.

**According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. **Are there additional attack vectors?** This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation.

**According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. **Are there additional attack vectors?** This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation.

**According to the score, privileges required is equal to low. In this situation, what does that mean?** An attacker with non-admin credentials can potentially carry out an exploit using this vulnerability. **How can an attacker exploit this vulnerability?** The authenticated attacker could take advantage of a vulnerability in dxgkrnl.sys to execute an arbitrary pointer dereference in kernel mode.