9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.963 High
EPSS
Percentile
99.5%
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service or gain privileges.
Below is a complete list of vulnerabilities
Technical details
Vulnerability (1) is relevant for Windows servers configured as DNS servers. Exploitation of this vulnerability can lead to arbitrary code execution in the context of Local System Account.
Vulnerability (3) caused by improper input validation before libraries loading.
Vulnerability (4) related to situation when attacker-induced race condition results in references to memory contents that have already been freed. This vulnerability id relevant only for systems with installed Microsoft Message Queuing and specifically enabled PGM which isnβt default configuration.
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Microsoft-Windows-Media-Center
CVE-2015-6127 warning
CVE-2015-6131 critical
CVE-2015-6130 critical
CVE-2015-6133 high
CVE-2015-6132 high
CVE-2015-6126 high
CVE-2015-6125 critical
CVE-2015-6175 high
CVE-2015-6174 high
CVE-2015-6128 high
CVE-2015-6171 high
CVE-2015-6173 high
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/3100465
support.microsoft.com/kb/3108347
support.microsoft.com/kb/3108371
support.microsoft.com/kb/3108381
support.microsoft.com/kb/3108669
support.microsoft.com/kb/3108670
support.microsoft.com/kb/3109094
support.microsoft.com/kb/3109103
support.microsoft.com/kb/3116130
support.microsoft.com/kb/3116162
support.microsoft.com/kb/3116869
support.microsoft.com/kb/3116900
support.microsoft.com/kb/3119075
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6125
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6126
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6127
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6128
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6130
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6131
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6132
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6133
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6171
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6173
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6174
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6175
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Media-Center/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.963 High
EPSS
Percentile
99.5%