KLA10714 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service or gain privileges.

Below is a complete list of vulnerabilities

1. Improper requests parsing at Windows Domain Name System (DNS) can be exploited remotely via a specially designed DNS requests to execute arbitrary code;
2. Improper fonts parsing at Uniscribe can be exploited remotely via a specially designed content to execute arbitrary code;
3. Improper input validation can be exploited locally via a specially designed application to execute arbitrary code;
4. Race condition at Windows Pragmatic General Multicast (PGM) protocol can be exploited by logged in attacker via a specially designed application to gain privileges;
5. Improper memory handling at Windows kernel can be exploited by logged in user to gain privileges.
6. Unspecified vulnerabilities in Windows Media Center

Technical details

Vulnerability (1) is relevant for Windows servers configured as DNS servers. Exploitation of this vulnerability can lead to arbitrary code execution in the context of Local System Account.

Vulnerability (3) caused by improper input validation before libraries loading.

Vulnerability (4) related to situation when attacker-induced race condition results in references to memory contents that have already been freed. This vulnerability id relevant only for systems with installed Microsoft Message Queuing and specifically enabled PGM which isn’t default configuration.

Original advisories

CVE-2015-6127

CVE-2015-6131

CVE-2015-6130

CVE-2015-6133

CVE-2015-6132

CVE-2015-6126

CVE-2015-6125

CVE-2015-6175

CVE-2015-6174

CVE-2015-6128

CVE-2015-6171

CVE-2015-6173

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

Microsoft-Windows-Media-Center

CVE list

CVE-2015-6127 warning

CVE-2015-6131 critical

CVE-2015-6130 critical

CVE-2015-6133 high

CVE-2015-6132 high

CVE-2015-6126 high

CVE-2015-6125 critical

CVE-2015-6175 high

CVE-2015-6174 high

CVE-2015-6128 high

CVE-2015-6171 high

CVE-2015-6173 high

KB list

3108347

3109094

3109103

3116130

3108381

3108371

3116162

3100465

3116900

3116869

3119075

3108670

3108669

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Microsoft Windows Vista Service Pack 2Microsoft Windows Server 2008 Service Pack 2Microsoft Windows 7 Service Pack 1Microsoft Windows Server 2008 R2 Service Pack 1Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 10Microsoft Windows 10 version 1511Windows Media Center