PatchSiren cyber security CVE debrief
CVE-2015-2387 Microsoft CVE debrief
CVE-2015-2387 is a Microsoft ATM Font Driver privilege escalation vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. Because CISA marks it as known exploited, organizations should treat remediation as urgent and follow vendor update guidance without delay.
- Vendor
- Microsoft
- Product
- ATM Font Driver
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2022-03-03
- Original CVE updated
- 2022-03-03
- Advisory published
- 2022-03-03
- Advisory updated
- 2022-03-03
Who should care
Administrators and patch-management teams responsible for Microsoft software, endpoint hardening, and fleet remediation should prioritize this CVE. Security operations teams should also account for it in vulnerability tracking and exposure reviews because it appears in CISA’s KEV catalog.
Technical summary
The supplied sources identify CVE-2015-2387 as a Microsoft ATM Font Driver privilege escalation issue and record it in CISA’s KEV catalog as known exploited. The corpus does not provide a root cause, affected version list, exploitation path, or proof-of-concept details, so the safest evidence-based summary is limited to its KEV status and remediation requirement: apply updates per vendor instructions.
Defensive priority
High. CISA’s inclusion of this CVE in KEV indicates known exploitation and makes it a patching priority. Use the CISA due date and vendor guidance to drive remediation tracking, validation, and exception handling.
Recommended defensive actions
- Apply Microsoft updates per vendor instructions on all potentially affected systems.
- Verify asset coverage so remediation includes endpoint, server, and any long-tail managed devices in the environment.
- Prioritize this CVE in vulnerability management queues because it is listed in CISA’s Known Exploited Vulnerabilities catalog.
- Review for signs of unusual privilege escalation activity on systems where the vulnerable component may be present.
- If immediate patching is not possible, apply temporary compensating controls and document risk acceptance with a short remediation deadline.
Evidence notes
Evidence is limited to the supplied CISA KEV feed entry and official record links. The source item identifies the vendor as Microsoft, the product as ATM Font Driver, the vulnerability as a privilege escalation issue, and the KEV metadata as known exploited with dateAdded 2022-03-03 and dueDate 2022-03-24. No affected-version, severity, exploit, or ransomware-campaign details were provided in the corpus.
Official resources
-
CVE-2015-2387 CVE record
CVE.org
-
CVE-2015-2387 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
CISA’s KEV catalog lists this CVE as known exploited. The supplied corpus does not identify affected versions, exploit details, or ransomware-campaign use beyond 'Unknown'.