9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.3 High
AI Score
Confidence
High
0.857 High
EPSS
Percentile
98.6%
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
Technical details
(1) can be exploited by multiple ways for example opening document or website with embedded malicious fonts.
By exploiting (2) malicious can retrieve base address of the kernel driver from affected process or bypass impersonation restrictions. To exploit this vulnerability malicious must log on to system and run specially designed application.
By exploiting (3) malicious can monitor actions of another users loged in to affected system after malicious user loged off or observe data that was accessible to affected users. To exploit this vulnerability attacker must log on to affected system and run a specially designed application which will continue working after malicious logs off.
To exploit (4) malicious user must log on to affected system and run specially designed application.
(5) caused by certificates validation errors during auth. Man-in-the-middle attacker can generate untrusted certificate that matches issuer name and serial number of the trusted certificates.
To exploit (6) attacker must place malicious DLL to target user’s working directory and then lead user to open the specially designed RDP file. Systems without enabled RDP server are out of risk.
(7) caused by improper handling some logging activity by SMB, resulting memory corruption. To exploit this vulnerability malicious must use valid credentials and use specially designed string to leverage SMB server logging error.
(8) caused by Microsoft XML Core Services, exposes memory addresses not intended for disclosure. By exploiting this vulnerability malicious can bypass Address Space Layout Randomization restrictions to obtain sensitive information. To exploit this vulnerability attacker could host malicious website to invoke MSXML via Internet Explorer.
(10) related to Universal Description, Discovery and Integration Services, which improperly validate or sanitize search parameter in FRAME tag.By exploiting this vulnerability via XSS attack malicious could gain auth cookies or unexpectedly redirect affected user.
To exploit (11) attacker must first leverage another vulnerability to cause code execution in IE with EPM. Than malicious can execute Excel, Notepad, PowerPoint or another with unsafe command line parameter. Another part of updates for this vulnerability listed in KLA10645, KLA10648
Vulnerability (12) related to Microsoft XML Core Services and Web Distributed Authoring and Versioning which allows use of SSL 2.0. Man-in-the-middle attacker can force SSL 2.0 session and then decrypt part of transmitted data.
(13) caused by allowance of registry and filesystem changes for some applications from sandbox. Attacker must lead user to open some specially designed file invokes vulnerable sandboxed application.
Vulnerability (15) allow attacker to predict the memory offsets of specific instructions in a given call stack.
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2015-2423 warning
CVE-2015-2431 critical
CVE-2015-2430 critical
CVE-2015-2456 critical
CVE-2015-2458 critical
CVE-2015-2433 warning
CVE-2015-2432 critical
CVE-2015-2471 warning
CVE-2015-2472 warning
CVE-2015-2473 critical
CVE-2015-2474 critical
CVE-2015-2475 warning
CVE-2015-2476 warning
CVE-2015-1769 high
CVE-2015-2449 warning
CVE-2015-2455 critical
CVE-2015-2460 critical
CVE-2015-2459 critical
CVE-2015-2462 critical
CVE-2015-2461 critical
CVE-2015-2464 critical
CVE-2015-2463 critical
CVE-2015-2465 warning
CVE-2015-2454 warning
CVE-2015-2453 warning
CVE-2015-2434 warning
CVE-2015-2435 critical
CVE-2015-2428 warning
CVE-2015-2441 critical
CVE-2015-2446 critical
CVE-2015-2429 critical
CVE-2015-2440 warning
CVE-2015-2442 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/2825645
support.microsoft.com/kb/3046017
support.microsoft.com/kb/3054846
support.microsoft.com/kb/3054890
support.microsoft.com/kb/3055014
support.microsoft.com/kb/3060716
support.microsoft.com/kb/3071756
support.microsoft.com/kb/3072303
support.microsoft.com/kb/3072305
support.microsoft.com/kb/3072306
support.microsoft.com/kb/3072307
support.microsoft.com/kb/3072309
support.microsoft.com/kb/3072310
support.microsoft.com/kb/3072311
support.microsoft.com/kb/3073893
support.microsoft.com/kb/3073921
support.microsoft.com/kb/3075220
support.microsoft.com/kb/3075221
support.microsoft.com/kb/3075222
support.microsoft.com/kb/3075226
support.microsoft.com/kb/3075590
support.microsoft.com/kb/3075591
support.microsoft.com/kb/3075592
support.microsoft.com/kb/3075593
support.microsoft.com/kb/3076895
support.microsoft.com/kb/3076949
support.microsoft.com/kb/3078071
support.microsoft.com/kb/3078601
support.microsoft.com/kb/3078662
support.microsoft.com/kb/3079743
support.microsoft.com/kb/3079757
support.microsoft.com/kb/3080129
support.microsoft.com/kb/3080333
support.microsoft.com/kb/3080348
support.microsoft.com/kb/3080790
support.microsoft.com/kb/3081436
support.microsoft.com/kb/3082458
support.microsoft.com/kb/3082459
support.microsoft.com/kb/3082487
support.microsoft.com/kb/3084525
support.microsoft.com/kb/3087119
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1769
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2423
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2428
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2429
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2430
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2431
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2432
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2433
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2434
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2435
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2440
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2441
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2442
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2446
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2449
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2453
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2454
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2455
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2456
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2458
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2459
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2460
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2461
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2462
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2463
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2464
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2465
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2471
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2472
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2473
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2474
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2475
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2476
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Lync/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Silverlight/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/