Kaspersky LabKLA10542KLA10542 Multiple vulnerabilities in Microsoft Kernel-Mode Driver
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
16.1%
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, cause denial of service and obtain sensitive information.
Below is a complete list of vulnerabilities
- Improper address information restrictions, improper token validation and improper functions intialization can be exploited locally via a specially designed application;
- Unknown vulnerability can be exploited locally via a specially designed application.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2015-0077 warning
CVE-2015-0078 high
CVE-2015-0095 high
CVE-2015-0094 warning
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Windows Server 2003 x86, x64, Itamium-based Service Pack 2Windows Vista x86, x64 Service Pack 2Windows Server 2008 x86, x64, Itanium-based Service Pack 2Windows 7 x86, x64 Service Pack 1Windows Server 2008 R2 x64, Itanium-based Service Pack 1Windows 8, 8.1 x86, x64Windows RT, RT 8.1
References
support.microsoft.com/kb/3034344
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0077
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0078
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0094
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0095
statistics.securelist.com/
technet.microsoft.com/en-us/library/security/ms15-023.aspx
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
16.1%