Kaspersky LabKLA10468KLA10468 Multiple vulnerabilities in Microsoft products
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.575 Medium
EPSS
Percentile
97.7%
Multiple critical vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information or execute arbitrary code.
Below is a complete list of vulnerabilities
- Improper memory allocation and some other uknown vulnerability can be exploited remotely via specially designed web site or file;
- An unknown vulnerability can be exploited via a specially designed font.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
Microsoft-Windows-Server-2003-Standard-Edition
CVE list
CVE-2015-0074 warning
CVE-2015-0090 critical
CVE-2015-0091 critical
CVE-2015-0092 critical
CVE-2015-0093 critical
CVE-2015-0089 critical
CVE-2015-0087 critical
CVE-2015-0088 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Windows Server 2003 x86, x64, for Itanium-based Systems, Service Pack 2Windows Vista x86, x64 Service Pack 2Windows Server 2008 x86, x64, for Itanium-based Systems Service Pack 2Windows 7 x86, x64 Service Pack 1Windows Server 2008 R2 x64, for Itanium-based Systems Service Pack 1Windows 8 x86, x64Windows 8.1 x86, x64Windows RT, RT 8.1Windows Server 2008 x64 Service Pack 2 (Server Core installation)Windows Server 2008 R2 x64 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)
References
support.microsoft.com/kb/3032323
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0074
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0087
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0088
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0089
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0090
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0091
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0092
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0093
statistics.securelist.com/
technet.microsoft.com/library/security/MS15-021
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003-Standard-Edition/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.575 Medium
EPSS
Percentile
97.7%