Kaspersky LabKLA10474KLA10474 Multiple vulnerabilities in Microsoft products
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.885 High
EPSS
Percentile
98.7%
Multiple critical vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to fain privileges, bypass security restrictions or cause denial of service.
Below is a complete list of vulnerabilities
- A double-free and other unknown vulnerability can be exploited locally via a specially designed applications;
- An unknown vulnerability can be exploited locally via specially designed TrueType font;
- Improper work with impersonation token can be exploited locally via an unknown vectors.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2015-0057 high
CVE-2015-0060 warning
CVE-2015-0058 high
CVE-2015-0059 high
CVE-2015-0010 warning
CVE-2015-0003 high
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Windows Server 2003 x86, x64, Itanium Service Pack 2Windows Vista x86, x64 Service Pack 2Windows Server 2008 x86, x64, Itanium Service Pack 2Windows 7 x86, x64 Service Pack 1Windows 2008 R2 x64, Itanium Service Pack 1Windows 8 x86, x64Windows 8.1 x86, x64Windows Server 2012Windows Server 2012 R2Windows RTWindows RT 8.1
References
support.microsoft.com/kb/3013455
support.microsoft.com/kb/3023562
support.microsoft.com/kb/3036220
support.microsoft.com/kb/3037639
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0003
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0010
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0057
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0058
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0059
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0060
statistics.securelist.com/
technet.microsoft.com/en-us/library/security/ms15-010.aspx
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.885 High
EPSS
Percentile
98.7%