Windows Kernel - Bitmap Handling Use-After-Free MS15-061
2015-09-22T00:00:00
ID EDB-ID:38275 Type exploitdb Reporter Nils Sommer Modified 2015-09-22T00:00:00
Description
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061). CVE-2015-1722. Dos exploit for win32 platform
Source: https://code.google.com/p/google-security-research/issues/detail?id=293
Platform: Win7 32-bit.
trigger.cpp should fire the issue, with two caveats:
- PoC will NOT work if compiled as a debug build.
- PoC will trigger the condition every time but the subsequent corruption might not cause a crash every time. It may be necessary to run the PoC multiple times.
debug.txt is a sample crash log.
Analysis from Nils:
---
Using the series of calls we are able to free the bitmap object, a reference to this object still exists in the trigger process after killing the first notepad process.
At this time we are able to replace the freed object in memory. We are not able to reuse this object through the original handle, however another free is triggered when quitting the trigger process, which will decrement the reference counter on the freed or replaced object, either modifying heap metadata or freeing the object which was allocated in the place of the original bitmap object.
---
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38275.zip
{"id": "EDB-ID:38275", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Windows Kernel - Bitmap Handling Use-After-Free MS15-061", "description": "Windows Kernel - Bitmap Handling Use-After-Free (MS15-061). CVE-2015-1722. Dos exploit for win32 platform", "published": "2015-09-22T00:00:00", "modified": "2015-09-22T00:00:00", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 7.2}, "href": "https://www.exploit-db.com/exploits/38275/", "reporter": "Nils Sommer", "references": [], "cvelist": ["CVE-2015-1722"], "lastseen": "2016-02-04T07:43:10", "viewCount": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-04T07:43:10", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-1722"]}, {"type": "symantec", "idList": ["SMNTC-75005"]}, {"type": "exploitdb", "idList": ["EDB-ID:38265"]}, {"type": "mskb", "idList": ["KB3057839"]}, {"type": "nessus", "idList": ["SMB_NT_MS15-061.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805582"]}, {"type": "kaspersky", "idList": ["KLA10599"]}], "modified": "2016-02-04T07:43:10", "rev": 2}, "vulnersScore": 7.2}, "sourceHref": "https://www.exploit-db.com/download/38275/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=293\r\n\r\nPlatform: Win7 32-bit.\r\ntrigger.cpp should fire the issue, with two caveats:\r\n- PoC will NOT work if compiled as a debug build.\r\n- PoC will trigger the condition every time but the subsequent corruption might not cause a crash every time. It may be necessary to run the PoC multiple times.\r\n\r\ndebug.txt is a sample crash log.\r\n\r\nAnalysis from Nils:\r\n\r\n---\r\nUsing the series of calls we are able to free the bitmap object, a reference to this object still exists in the trigger process after killing the first notepad process.\r\n\r\nAt this time we are able to replace the freed object in memory. We are not able to reuse this object through the original handle, however another free is triggered when quitting the trigger process, which will decrement the reference counter on the freed or replaced object, either modifying heap metadata or freeing the object which was allocated in the place of the original bitmap object.\r\n---\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38275.zip\r\n", "osvdbidlist": ["123068"]}
{"cve": [{"lastseen": "2021-02-02T06:21:22", "description": "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability.\"\nCWE-416: Use After Free", "edition": 4, "cvss3": {}, "published": "2015-06-10T01:59:00", "title": "CVE-2015-1722", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1722"], "modified": "2019-05-13T19:26:00", "cpe": ["cpe:/o:microsoft:windows_vista:-", "cpe:/o:microsoft:windows_server_2003:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2003:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2015-1722", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1722", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-03-12T12:26:12", "bulletinFamily": "software", "cvelist": ["CVE-2015-1722"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges and corrupt kernel memory.\n\n### Technologies Affected\n\n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows RT \n * Microsoft Windows Server 2003 Itanium SP2 \n * Microsoft Windows Server 2003 R2 Service Pack 2 \n * Microsoft Windows Server 2003 R2 x64 Edition Service Pack 2 \n * Microsoft Windows Server 2003 SP2 \n * Microsoft Windows Server 2003 x64 Edition Service Pack 2 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Vista SP2 \n * Microsoft Windows Vista x64 Edition SP2 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2015-06-09T00:00:00", "published": "2015-06-09T00:00:00", "id": "SMNTC-75005", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/75005", "type": "symantec", "title": "Microsoft Windows Kernel Bitmap Handling CVE-2015-1722 Local Privilege Escalation Vulnerability", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-04T07:41:31", "description": "Window Kernel - Bitmap Handling Use-After-Free (MS15-061) #2. CVE-2015-1722. Dos exploit for win32 platform", "published": "2015-09-22T00:00:00", "type": "exploitdb", "title": "Windows Kernel - Bitmap Handling Use-After-Free MS15-061 #2", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-1722"], "modified": "2015-09-22T00:00:00", "id": "EDB-ID:38265", "href": "https://www.exploit-db.com/exploits/38265/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=311\r\n\r\nBitmap object Use-after-Free #2\r\n\r\nThe attached PoC triggers a blue screen due to a use after free vulnerability. The crashes are unreliable, however you can use Special Pool in order to get reliable crashes. The crashes indicate that it is possible to write to arbitrary addresses.\r\n\r\n---\r\nplease find the PoC and brief analysis for the issue attached. The analysis mentions how Special Pool can be used to get very reliable crashes, it should crash without Special Pool after a while as well. \r\n--\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38265.zip\r\n\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/38265/"}], "mskb": [{"lastseen": "2021-01-01T22:38:22", "bulletinFamily": "microsoft", "cvelist": ["CVE-2015-1720", "CVE-2015-1723", "CVE-2015-1722", "CVE-2015-1719", "CVE-2015-1721"], "description": "<html><body><p>Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves vulnerabilities in Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. <br/></div><h2>Introduction</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS15-061. To learn more about this security bulletin:<ul class=\"sbody-free_list\"><li>Home users:<div class=\"indent\"><a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-2\" target=\"_self\">https://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<div class=\"indent\"><a href=\"https://update.microsoft.com/microsoftupdate/\" id=\"kb-link-3\" target=\"_self\">https://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div class=\"indent\"><a href=\"https://technet.microsoft.com/library/security/ms15-061\" id=\"kb-link-4\" target=\"_self\">https://technet.microsoft.com/library/security/MS15-061</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates:<br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-5\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-6\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-7\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country:<br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-8\" target=\"_self\">International Support</a><br/>\u00a0</div><p><span class=\"text-base\">Important </span></p><ul class=\"sbody-free_list\"><li>All updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-3\" target=\"_self\">2919355</a> to be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-4\" target=\"_self\">2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</li></ul><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows Server 2003 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Server 2003:<br/><span class=\"text-base\">WindowsServer2003-KB3057839-x86-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2003:<br/><span class=\"text-base\">WindowsServer2003-KB3057839-x64-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2003:<br/><span class=\"text-base\">WindowsServer2003-KB3057839-ia64-ENU.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-9\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">KB3057839.log</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove</span> Programs item in <span class=\"text-base\">Control Panel</span> or the Spuninst.exe utility that is located in the %Windir%\\$NTUninstallKB3057839$\\Spuninst folder</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">file information</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Windows Server 2003\\SP3\\KB3057839\\Filelist</td></tr></table></div><h4 class=\"sbody-h4\">Windows Vista (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3057839-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3057839-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-10\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update that was installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">file information</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3057839-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3057839-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3057839-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-11\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update that was installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">file information</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 7 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3057839-x86.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3057839-x64.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-12\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update that was installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch, or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">file information</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3057839-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3057839-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-13\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update that was installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch, or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">file information</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 8 and Windows 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3057839-x86.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3057839-x64.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3057839-x86.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3057839-x64.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-14\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update that was installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch, or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">file information</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 and Windows Server 2012 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3057839-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3057839-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update that was installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch, or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">file information</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows RT and Windows RT 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">These updates are available through <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-16\" target=\"_self\">Windows Update</a> only.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then, under <strong class=\"uiterm\">See also</strong>, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File Information</span></td><td class=\"sbody-td\">See the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">file information</a> section.</td></tr></table></div><a class=\"bookmark\" id=\"fileinfo\"></a></div><br/></span></div></div></div></div><h2>File information</h2><div class=\"kb-summary-section section\">The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.<br/><br/><br/><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows Server 2003 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li>The files that apply to a specific milestone (SP<strong class=\"sbody-strong\">n</strong>) and service branch (QFE, GDR) are noted in the \"SP requirement\" and \"Service branch\" columns.</li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.</li><li>In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KB<strong class=\"sbody-strong\">number</strong>.cat) that is signed with a Microsoft digital signature.</li></ul><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.5640</td><td class=\"sbody-td\">4,662,784</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">19:25</td><td class=\"sbody-td\">x64</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.5640</td><td class=\"sbody-td\">1,894,400</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">19:02</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.5640</td><td class=\"sbody-td\">5,688,832</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">19:24</td><td class=\"sbody-td\">IA-64</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows Vista and Windows Server 2008 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Version</span></th><th class=\"sbody-th\"><span class=\"text-base\">Product</span></th><th class=\"sbody-th\"><span class=\"text-base\">Milestone</span></th><th class=\"sbody-th\"><span class=\"text-base\">Service branch</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">2</span>.<span class=\"text-base\">18</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">2</span>.<span class=\"text-base\">23</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class=\"text-base\">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.<br/><br/><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.19399</td><td class=\"sbody-td\">2,066,432</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">14:22</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.23706</td><td class=\"sbody-td\">2,074,624</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">14:19</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.19399</td><td class=\"sbody-td\">2,795,520</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">14:36</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.23706</td><td class=\"sbody-td\">2,798,592</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">14:54</td><td class=\"sbody-td\">x64</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.19399</td><td class=\"sbody-td\">6,707,712</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">14:25</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.23706</td><td class=\"sbody-td\">6,717,440</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">14:24</td><td class=\"sbody-td\">IA-64</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows 7 and Windows Server 2008 R2 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM, SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table: <br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Version</span></th><th class=\"sbody-th\"><span class=\"text-base\">Product</span></th><th class=\"sbody-th\"><span class=\"text-base\">Milestone</span></th><th class=\"sbody-th\"><span class=\"text-base\">Service branch</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.760<span class=\"text-base\">1</span>.<span class=\"text-base\">18</span>xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.760<span class=\"text-base\">1</span>.<span class=\"text-base\">22</span>xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class=\"text-base\">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.<br/><br/><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows 7</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.18869</td><td class=\"sbody-td\">2,384,384</td><td class=\"sbody-td\">25-May-2015</td><td class=\"sbody-td\">17:00</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.23072</td><td class=\"sbody-td\">2,393,088</td><td class=\"sbody-td\">25-May-2015</td><td class=\"sbody-td\">17:04</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows 7 and Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.18869</td><td class=\"sbody-td\">3,206,144</td><td class=\"sbody-td\">25-May-2015</td><td class=\"sbody-td\">17:08</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.23072</td><td class=\"sbody-td\">3,209,728</td><td class=\"sbody-td\">25-May-2015</td><td class=\"sbody-td\">17:09</td><td class=\"sbody-td\">x64</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.18869</td><td class=\"sbody-td\">7,503,872</td><td class=\"sbody-td\">25-May-2015</td><td class=\"sbody-td\">16:33</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.23072</td><td class=\"sbody-td\">7,511,552</td><td class=\"sbody-td\">25-May-2015</td><td class=\"sbody-td\">16:27</td><td class=\"sbody-td\">IA-64</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows 8 and Windows Server 2012 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM,SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Version</span></th><th class=\"sbody-th\"><span class=\"text-base\">Product</span></th><th class=\"sbody-th\"><span class=\"text-base\">Milestone</span></th><th class=\"sbody-th\"><span class=\"text-base\">Service branch</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.2.920 <span class=\"text-base\">0.16</span> xxx</td><td class=\"sbody-td\">Windows 8 and Windows Server 2012</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.2.920 <span class=\"text-base\">0.20</span> xxx</td><td class=\"sbody-td\">Windows 8 and Windows Server 2012</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class=\"text-base\">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.<br/><br/><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows 8</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,172</td><td class=\"sbody-td\">11-Oct-2012</td><td class=\"sbody-td\">00:38</td><td class=\"sbody-td\">Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.2.9200.17385</td><td class=\"sbody-td\">3,396,096</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">18:00</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,172</td><td class=\"sbody-td\">25-Jul-2012</td><td class=\"sbody-td\">20:33</td><td class=\"sbody-td\">Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.2.9200.21496</td><td class=\"sbody-td\">3,383,296</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">17:26</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows 8 and Windows Server 2012</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,172</td><td class=\"sbody-td\">11-Oct-2012</td><td class=\"sbody-td\">00:37</td><td class=\"sbody-td\">Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.2.9200.17385</td><td class=\"sbody-td\">4,067,840</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">18:07</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,172</td><td class=\"sbody-td\">25-Jul-2012</td><td class=\"sbody-td\">20:29</td><td class=\"sbody-td\">Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.2.9200.21496</td><td class=\"sbody-td\">4,063,744</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">17:59</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wow64_win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,172</td><td class=\"sbody-td\">12-Feb-2013</td><td class=\"sbody-td\">00:14</td><td class=\"sbody-td\">Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wow64_win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,172</td><td class=\"sbody-td\">12-Feb-2013</td><td class=\"sbody-td\">00:09</td><td class=\"sbody-td\">Not applicable</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows 8.1 and Windows Server 2012 R2 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM,SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Version</span></th><th class=\"sbody-th\"><span class=\"text-base\">Product</span></th><th class=\"sbody-th\"><span class=\"text-base\">Milestone</span></th><th class=\"sbody-th\"><span class=\"text-base\">Service branch</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.3.920 <span class=\"text-base\">0.16</span> xxx</td><td class=\"sbody-td\">Windows 8.1 and Windows Server 2012 R2</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">GDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class=\"text-base\">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.<br/><br/><br/><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows 8.1</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,213</td><td class=\"sbody-td\">21-Aug-2013</td><td class=\"sbody-td\">23:39</td><td class=\"sbody-td\">Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.3.9600.17837</td><td class=\"sbody-td\">3,532,288</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">16:04</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,213</td><td class=\"sbody-td\">22-Aug-2013</td><td class=\"sbody-td\">06:44</td><td class=\"sbody-td\">Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.3.9600.17837</td><td class=\"sbody-td\">4,177,920</td><td class=\"sbody-td\">21-May-2015</td><td class=\"sbody-td\">16:47</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Wow64_win32k.ptxml</td><td class=\"sbody-td\">Not applicable</td><td class=\"sbody-td\">4,213</td><td class=\"sbody-td\">21-Aug-2013</td><td class=\"sbody-td\">23:39</td><td class=\"sbody-td\">Not applicable</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">Package Name</td><td class=\"sbody-td\">Package Hash SHA1</td><td class=\"sbody-td\">Package Hash SHA2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3057839-ia64.msu</td><td class=\"sbody-td\">5F0A37A533EBF836D3E0F225CD2873EDC6485DC6</td><td class=\"sbody-td\">FEEC2D96A9BA07BA3E58A63EA71A7C52E067768F7E1288C8D5F29F4C0B6D6F56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3057839-x64.msu</td><td class=\"sbody-td\">F7628C75D1B4C3BE84C1891CFCB49AF4D80E71E6</td><td class=\"sbody-td\">2ABFF5D807743370D9B75DE5E3A71441BB04C3871C4D5DD17CAB42E971E61463</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3057839-x64.msu</td><td class=\"sbody-td\">F7628C75D1B4C3BE84C1891CFCB49AF4D80E71E6</td><td class=\"sbody-td\">2ABFF5D807743370D9B75DE5E3A71441BB04C3871C4D5DD17CAB42E971E61463</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3057839-x86.msu</td><td class=\"sbody-td\">622836D068BAEB5F83226F2BC364F368D2877EFC</td><td class=\"sbody-td\">FD27B4C4986815916C59F47E8D92327E264F524E94015AC496C51EA643AFFD32</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3057839-x86.msu</td><td class=\"sbody-td\">622836D068BAEB5F83226F2BC364F368D2877EFC</td><td class=\"sbody-td\">FD27B4C4986815916C59F47E8D92327E264F524E94015AC496C51EA643AFFD32</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3057839-ia64.msu</td><td class=\"sbody-td\">6481D54EFBF167EE32AB6001D8779414598B6E70</td><td class=\"sbody-td\">36F54258EEA4DE3EFC1F7AFD23116FDD8A93CE1A1E54649694648D5A915CD8BA</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3057839-x64.msu</td><td class=\"sbody-td\">9CF660C7F39F07263BF3181ADD4E79D4DA4FF98D</td><td class=\"sbody-td\">A383E07DF4CD9BFE59F4A9CBD6545F20F16B5B0D2A19484EF2CF9E6A8B1A7495</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3057839-x64.msu</td><td class=\"sbody-td\">9CF660C7F39F07263BF3181ADD4E79D4DA4FF98D</td><td class=\"sbody-td\">A383E07DF4CD9BFE59F4A9CBD6545F20F16B5B0D2A19484EF2CF9E6A8B1A7495</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3057839-x86.msu</td><td class=\"sbody-td\">909328BDEAB6E95A215900465AC76A927F14AAEC</td><td class=\"sbody-td\">36CF5ADEEDA9DC91764500B31958268F9B8D6318AFBF66572EE6A542F7892D2A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3057839-arm.msu</td><td class=\"sbody-td\">ED4AF0763743C55787D524CD0FACE19437DF4111</td><td class=\"sbody-td\">922BC837F9EFB714119E0BFAE6279443601D143EB05DA3D883EC2D5BE9BD2948</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3057839-x64.msu</td><td class=\"sbody-td\">8571FC7D0E598A3716EC46371376B56073C7C13F</td><td class=\"sbody-td\">30D286EC059E1EEB0A3BC0EFDC61824C911260C4FF23294EC35DFD893409A0DF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3057839-x64.msu</td><td class=\"sbody-td\">8571FC7D0E598A3716EC46371376B56073C7C13F</td><td class=\"sbody-td\">30D286EC059E1EEB0A3BC0EFDC61824C911260C4FF23294EC35DFD893409A0DF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3057839-x86.msu</td><td class=\"sbody-td\">9EDC70EE1D47083DA5D1EDB77157BCD1A4801B4F</td><td class=\"sbody-td\">34829A66674FC088799ABB62C5B2B35FA3F0BA81B48CCB754809A2ADC25B86C1</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3057839-arm.msu</td><td class=\"sbody-td\">6211473BDAC3BFF18494041B182CEA55839881EE</td><td class=\"sbody-td\">FD5B8B0A4453EA72A72862D2ECCB1135DA0078757D4123CFB7D4B66334BB1017</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3057839-x64.msu</td><td class=\"sbody-td\">F994EDD4A78C2FAA86945162688526F5EBA18016</td><td class=\"sbody-td\">F1DEB5994C8B036DF2E9775A217D50856FE33EFB8DED4BEB9FD4C436D17B7FA2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3057839-x64.msu</td><td class=\"sbody-td\">F994EDD4A78C2FAA86945162688526F5EBA18016</td><td class=\"sbody-td\">F1DEB5994C8B036DF2E9775A217D50856FE33EFB8DED4BEB9FD4C436D17B7FA2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3057839-x86.msu</td><td class=\"sbody-td\">5349BDBE51ACE0AB53162B2E0959764FB48FA595</td><td class=\"sbody-td\">16B94E4F833483415E157256777419E9981411217E92EB53EC2549ED73FACE73</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-ia64-DEU.exe</td><td class=\"sbody-td\">FAAC72C07D567AEC3B97CA892B8BC1BA6C5D68D3</td><td class=\"sbody-td\">C1A3FC227DD9D0E97D31025E484B0106BA3578C0392D1BBD8349843797E2B01A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-ia64-ENU.exe</td><td class=\"sbody-td\">F0C230CC13B50152788F3034604717B3A97CB31A</td><td class=\"sbody-td\">E2756527F27866941A3F3F7A6CEDAC6742268A2A4E9CABCB708F380EA68984BC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-ia64-FRA.exe</td><td class=\"sbody-td\">0F3F80260BCD684056C010F9B6D8928E32C5EEF1</td><td class=\"sbody-td\">FE12C336222A2DD36741B4CC37414E197D9A25A1EC58EC9356DDD909FA668AC8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-ia64-JPN.exe</td><td class=\"sbody-td\">8205DAD511EB05EE6CF42C806DAABB76D44A8451</td><td class=\"sbody-td\">EE0C30F447034EB917477B8961CB6ED652023C772010BB45A41A782A0290F219</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-CHS.exe</td><td class=\"sbody-td\">A59D58A3549A307D8A9DFBA6A05C7AD912A67A1E</td><td class=\"sbody-td\">F3F12F32B5FE5AB61A9B2D5132A60F68DB75997899254AA671AE30405A3CC2DC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-CHT.exe</td><td class=\"sbody-td\">88CB737CB180C6F9A39CF1F1A7115BF84B2A187D</td><td class=\"sbody-td\">C37DA30DBA8805380C27A9EA65B3271DE32C6C2F1F58AB505D884523AEC6F70B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-DEU.exe</td><td class=\"sbody-td\">120F09B928702F0997A79F8E9CF6A792A7C48DB8</td><td class=\"sbody-td\">FF50B36A4DBC9D47E3BA73FFB05104979B9BB8C5DF9DDAD255525F7D47661B30</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-ENU.exe</td><td class=\"sbody-td\">D953396976305791ECE753F4E4CCC9BFCF88D87A</td><td class=\"sbody-td\">A5408B27001C770105D30719A70BBEA7F8D2EF4A380E855EFB3D69731EC3834B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-ESN.exe</td><td class=\"sbody-td\">E762FEC7C28989170EA205C455EE11D58C7621AA</td><td class=\"sbody-td\">09B71A818327FD13C1D3CB3913F8177469545EE0262B1DE95D0AF2D00F2FA8DF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-FRA.exe</td><td class=\"sbody-td\">CEE21DCBF06B55B4EAC752B915B82B238C1D82C0</td><td class=\"sbody-td\">E32445108266BFED671F6C7A10EE99E61F677A046273B64F3DA1FBCA5D0D3D1E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-ITA.exe</td><td class=\"sbody-td\">B65A520F3DE8EDB5B1FC7205A01C9A0CCECA5343</td><td class=\"sbody-td\">3E687D210539277379EBA94D4FEADEEA7610F0B23471D47BC9546A8C0FBA195F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-JPN.exe</td><td class=\"sbody-td\">04B4CB655F58533A08DD643E7F6CB9932824F5D8</td><td class=\"sbody-td\">65D3013E363CC247ECAC113B04B4D40EC66B33F8E58B10A43D3510B57F67F5C9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-KOR.exe</td><td class=\"sbody-td\">CEC9FA25A59A0061D9F81A6DB30A0D1328D4FCF3</td><td class=\"sbody-td\">ABB92CE7D2F2FA7EAE0F4555D40714B3BF0271BC61BDD14C01C2033E646A875C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-PTB.exe</td><td class=\"sbody-td\">574D8284B05E5C40880F83E06DC5A6F8B122E7A8</td><td class=\"sbody-td\">FB06F8CD65B5DDE2CBEBD378ECFD5DC52E1DDB21D5B0DF92611B367E5EEC586A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x64-RUS.exe</td><td class=\"sbody-td\">02273D25AF55AD05D6D3466112AC30B2519E0D98</td><td class=\"sbody-td\">ACFC8FE3A1BBE7B3C4DAB0DB0A34B36E4E9A573F5109C63F4FFF9AE66F449244</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-CHS.exe</td><td class=\"sbody-td\">E0D4DE781DBA0A66B2D245937D57DFC07293EEC4</td><td class=\"sbody-td\">264367AFE49504A566BE1601459C6F2738B7D4865FFFBEF794FC26C0BFF3D79E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-CHT.exe</td><td class=\"sbody-td\">A166FEC0254F28100421FD7E89CD76B00CDAA84A</td><td class=\"sbody-td\">EF9B4BF9706ED53423CF23AC43B20BD9EB3225A21A727454B1BA5DFB06B647C8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-CSY.exe</td><td class=\"sbody-td\">242B45DE69ACC114DCB68E0BBFD371232395B462</td><td class=\"sbody-td\">1B0E51FA3F677CB8BFF731C35B6A28BA318A68ED66910A8B8E1E26BDC2E1B5F3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-DEU.exe</td><td class=\"sbody-td\">1B7E2824A67DBB282E6C55733CDF5555806E94E4</td><td class=\"sbody-td\">A1199501682A855D2011C4CAD1F127278B89F8658E940032EAF6630A7D95A1E0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-ENU.exe</td><td class=\"sbody-td\">E4BEB39708AF553F8E05B8A3BB7951C9AD99E813</td><td class=\"sbody-td\">4BEA9F9F66CE5C207D8FF8138C3BCDABF0ECF9B94BF26578AAE547693DC2C524</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-ESN.exe</td><td class=\"sbody-td\">B4FD66B4A9CB57716926DB8B0C0EC7503F1EF782</td><td class=\"sbody-td\">6407B10D5161F19FD1DF742F510CD9A850570D48EEF3E903F068BE731FBB76DA</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-FRA.exe</td><td class=\"sbody-td\">B18C2E4A81086343210AA959BB6B29018C2ED3A6</td><td class=\"sbody-td\">F964A001EFF279845D86A6903E07CC9EE4C1D91EB37C220CC9E0EB3EF0E000FB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-HUN.exe</td><td class=\"sbody-td\">51DD2139DA4A160BFEE4F66AC09EDEB7EDD1ABBB</td><td class=\"sbody-td\">A1DF074B7D279775141810CE28F9DEE9A34176F50B319977B4B98F3C32BF36AE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-ITA.exe</td><td class=\"sbody-td\">946D0CEC7C1719308744CDDF2EC1179816524D8E</td><td class=\"sbody-td\">E1C94228F6BC7D015990C6615E1BD4AE562BCB66600339290F4DBB2F8A8B9B32</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-JPN.exe</td><td class=\"sbody-td\">BFAEFCC031AF755D2CEBB6099FDC07A1D0786811</td><td class=\"sbody-td\">EDE388D3791682BEE5EE6CE9B53E73C6A9201825D75FD2AD1249688CB0DFFD03</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-KOR.exe</td><td class=\"sbody-td\">F10E66FC21C4A2BDE9AECD71A44C94E95DF8C070</td><td class=\"sbody-td\">6294F87A94ADC91126E5FDE66689CF7451860E5E97E1EAC50623369B38679B67</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-NLD.exe</td><td class=\"sbody-td\">5995E2EAC1B79CEFE75875652179CD00FB6D14D1</td><td class=\"sbody-td\">0D0ECC892C6A9B85DB5DF9A1080A2B7D4B1F622E82F9F1B51E667BDC68C91D44</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-PLK.exe</td><td class=\"sbody-td\">6847589BBA21EB7F34DA742BBF1496D5BCEAF6D5</td><td class=\"sbody-td\">ABA51A596B2B4A03ACF3E74A8FD1EEE8A5743257FC56D336AD6ED4CCAF36F59A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-PTB.exe</td><td class=\"sbody-td\">3406358C0A2434C47A49788ACE910390C963C651</td><td class=\"sbody-td\">A0037A90970657D1AB00A0A0E294FF9541FCA7401EEF6655BCDDC60E9EB04BEC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-PTG.exe</td><td class=\"sbody-td\">ECA22FF916D38453CFDBD0844704032CF0BD4872</td><td class=\"sbody-td\">955C312453681CB664C36BEB0A31A885032BC086249A2279C631B454B3074E1C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-RUS.exe</td><td class=\"sbody-td\">8EF11C23900BFB3ECD4A57412DA94257B6D9D9D4</td><td class=\"sbody-td\">8DD7A6B170166C4D4A15F7B8955BBB4C75A9A9BAC118F56E743598ED357EF056</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-SVE.exe</td><td class=\"sbody-td\">A780F7EA7C1B41065B1D2385E04EA00269D3B75B</td><td class=\"sbody-td\">CC54DCBEA30300CA84D98D238F6605580E5B82868CD1060D76D23DF5DF638615</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">WindowsServer2003-KB3057839-x86-TRK.exe</td><td class=\"sbody-td\">A9679EF61A9BA5E175BA475CAD4FE8F8D0F4BAAD</td><td class=\"sbody-td\">42CCE5C489A48E70A371BA3229A4DF65883EA1247F186D7E4EDEF8CBA0B889F4</td></tr></table></div></div><br/></span></div></div></div></div></body></html>", "edition": 16, "modified": "2017-08-09T23:15:00", "id": "KB3057839", "href": "https://support.microsoft.com/en-us/help/3057839/", "published": "2015-06-09T00:00:00", "title": "MS15-061: Vulnerabilities in kernel-mode drivers could allow elevation of privilege: June 9, 2015", "type": "mskb", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-10T19:51:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1720", "CVE-2015-1726", "CVE-2015-1723", "CVE-2015-1722", "CVE-2015-1719", "CVE-2015-1724", "CVE-2015-1768", "CVE-2015-1721", "CVE-2015-1725", "CVE-2015-1727", "CVE-2015-2360"], "description": "This host is missing an important security\n update according to Microsoft Bulletin MS15-061.", "modified": "2020-06-09T00:00:00", "published": "2015-06-10T00:00:00", "id": "OPENVAS:1361412562310805582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805582", "type": "openvas", "title": "MS Windows Kernel-Mode Driver Privilege Elevation Vulnerabilities (3057839)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MS Windows Kernel-Mode Driver Privilege Elevation Vulnerabilities (3057839)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805582\");\n script_version(\"2020-06-09T05:48:43+0000\");\n script_cve_id(\"CVE-2015-1719\", \"CVE-2015-1720\", \"CVE-2015-1721\", \"CVE-2015-1722\",\n \"CVE-2015-1723\", \"CVE-2015-1724\", \"CVE-2015-1725\", \"CVE-2015-1726\",\n \"CVE-2015-1727\", \"CVE-2015-1768\", \"CVE-2015-2360\");\n script_bugtraq_id(74999, 75000, 74998, 75005, 75009, 75010, 75006, 75012,\n 75008, 75024, 75025);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 05:48:43 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-06-10 08:00:55 +0530 (Wed, 10 Jun 2015)\");\n script_name(\"MS Windows Kernel-Mode Driver Privilege Elevation Vulnerabilities (3057839)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS15-061.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Improper handling of buffer elements by windows kernel-mode driver under\n certain conditions.\n\n - Improper freeing of an object in memory by windows kernel-mode driver.\n\n - Insufficient validation of certain data passed from user mode by the windows\n kernel-mode driver.\n\n - Windows kernel-mode driver when it accesses an object in memory that has\n either not been correctly initialized or deleted.\n\n - Windows kernel-mode driver when it improperly validates user input.\n\n - Windows kernel-mode driver 'Win32k.sys' fails to properly free memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security, gain elevated privileges and execute arbitrary\n code on affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8 x32/x64\n\n - Microsoft Windows Server 2012/R2\n\n - Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows 2003 x32/x64 Service Pack 2 and prior\n\n - Microsoft Windows Vista x32/x64 Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior\n\n - Microsoft Windows 7 x32/x64 Service Pack 1 and prior\n\n - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3057839\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/ms15-061.aspx\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2003:3, win2003x64:3, winVista:3, win7:2, win7x64:2,\n win2008:3, win2008r2:2, win8:1, win8x64:1, win2012:1,\n win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Win32k.sys\");\nif(!dllVer){\n exit(0);\n}\n\nif(hotfix_check_sp(win2003:3, win2003x64:3) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"5.2.3790.5640\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\n## Currently not supporting for Vista and Windows Server 2008 64 bit\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.19399\") ||\n version_in_range(version:dllVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.23705\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.1.7601.18869\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7601.22000\", test_version2:\"6.1.7601.23071\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_check_sp(win8:1, win8x64:1, win2012:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.2.9200.17385\") ||\n version_in_range(version:dllVer, test_version:\"6.2.9200.20000\", test_version2:\"6.2.9200.21495\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\n## Win 8.1 and win2012R2\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.3.9600.17837\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-01T06:15:09", "description": "The remote Windows host is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n buffer elements. A local attacker can exploit this\n vulnerability to request the contents of specific memory\n addresses. (CVE-2015-1719)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to a user-after-free\n error. A remote attacker can exploit this vulnerability\n by convincing a user to run a specially crafted\n application, resulting in the execution of arbitrary\n code in kernel mode. (CVE-2015-1720)\n\n - A elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to a NULL pointer\n dereference flaw. A remote attacker can exploit this\n vulnerability by convincing a user to run a specially\n crafted application, resulting in the execution of\n arbitrary code in kernel mode. (CVE-2015-1721)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due to improper handling\n of objects in memory. A local attacker can exploit these\n vulnerabilities, with a specially crafted application,\n to escalate privileges to full administrative rights.\n (CVE-2015-1722, CVE-2015-1723, CVE-2015-1724,\n CVE-2015-1726)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due to improperly\n validated user-supplied input. A local attacker can\n exploit these vulnerabilities, with a specially crafted\n application, to escalate privileges to full\n administrative rights. (CVE-2015-1725, CVE-2015-1727)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due a failure to properly\n free memory. A local attacker can exploit these\n vulnerabilities, with a specially crafted application,\n to execute arbitrary code in the context of another\n user. (CVE-2015-1725, CVE-2015-1727)", "edition": 28, "published": "2015-06-09T00:00:00", "title": "MS15-061: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1720", "CVE-2015-1726", "CVE-2015-1723", "CVE-2015-1722", "CVE-2015-1719", "CVE-2015-1724", "CVE-2015-1768", "CVE-2015-1721", "CVE-2015-1725", "CVE-2015-1727", "CVE-2015-2360"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS15-061.NASL", "href": "https://www.tenable.com/plugins/nessus/84059", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84059);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-1719\",\n \"CVE-2015-1720\",\n \"CVE-2015-1721\",\n \"CVE-2015-1722\",\n \"CVE-2015-1723\",\n \"CVE-2015-1724\",\n \"CVE-2015-1725\",\n \"CVE-2015-1726\",\n \"CVE-2015-1727\",\n \"CVE-2015-1768\",\n \"CVE-2015-2360\"\n );\n script_bugtraq_id(\n 74998,\n 74999,\n 75000,\n 75005,\n 75006,\n 75008,\n 75009,\n 75010,\n 75012,\n 75024,\n 75025\n );\n script_xref(name:\"MSFT\", value:\"MS15-061\");\n script_xref(name:\"MSKB\", value:\"3057839\");\n\n script_name(english:\"MS15-061: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)\");\n script_summary(english:\"Checks the file version of Win32k.sys.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n buffer elements. A local attacker can exploit this\n vulnerability to request the contents of specific memory\n addresses. (CVE-2015-1719)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to a user-after-free\n error. A remote attacker can exploit this vulnerability\n by convincing a user to run a specially crafted\n application, resulting in the execution of arbitrary\n code in kernel mode. (CVE-2015-1720)\n\n - A elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to a NULL pointer\n dereference flaw. A remote attacker can exploit this\n vulnerability by convincing a user to run a specially\n crafted application, resulting in the execution of\n arbitrary code in kernel mode. (CVE-2015-1721)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due to improper handling\n of objects in memory. A local attacker can exploit these\n vulnerabilities, with a specially crafted application,\n to escalate privileges to full administrative rights.\n (CVE-2015-1722, CVE-2015-1723, CVE-2015-1724,\n CVE-2015-1726)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due to improperly\n validated user-supplied input. A local attacker can\n exploit these vulnerabilities, with a specially crafted\n application, to escalate privileges to full\n administrative rights. (CVE-2015-1725, CVE-2015-1727)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due a failure to properly\n free memory. A local attacker can exploit these\n vulnerabilities, with a specially crafted application,\n to execute arbitrary code in the context of another\n user. (CVE-2015-1725, CVE-2015-1727)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2003, Vista, 2008,\n7, 2008 R2, 8, 2012, 8.1, and 2012 R2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2360\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-061';\nkb = '3057839';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n# Some of the 2k3 checks could flag XP 64, which is unsupported\nif (\"Windows XP\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"Win32k.sys\", version:\"6.3.9600.17837\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 8 / Windows Server 2012\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"Win32k.sys\", version:\"6.2.9200.21496\", min_version:\"6.2.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"Win32k.sys\", version:\"6.2.9200.17385\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 7 / Server 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.23072\", min_version:\"6.1.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.18869\", min_version:\"6.1.7600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Vista / Windows Server 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.23706\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.19399\", min_version:\"6.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows Server 2003\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Win32k.sys\", version:\"5.2.3790.5640\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:46:33", "bulletinFamily": "info", "cvelist": ["CVE-2015-1720", "CVE-2015-1726", "CVE-2015-1723", "CVE-2015-1757", "CVE-2015-1722", "CVE-2015-1719", "CVE-2015-1724", "CVE-2015-1768", "CVE-2015-1721", "CVE-2015-1725", "CVE-2015-1727", "CVE-2015-2360", "CVE-2015-1756", "CVE-2015-1758"], "description": "### *Detect date*:\n06/09/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nWindows Server 2003 x86, x64, Itanium Service Pack 2 \nWindows Server 2003 R2 x86, x64 Service Pack 2 \nWindows Vista x86, x64 Service Pack 2 \nWindows Server 2008 x86, x64, Itanium Service Pack 2 \nWindows 7 x86, x64 Service Pack 1 \nWindows Server 2008 R2 x64, Itanium Service Pack 1 \nWindows 8 x86, x64 \nWindows 8.1 x86, x64 \nWindows Server 2012 \nWindows Server 2012 R2 \nWindows RT \nWindows RT 8.1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[Microsoft advisory](<https://technet.microsoft.com/en-us/library/security/ms15-060>) \n[Microsoft advisory](<https://technet.microsoft.com/en-us/library/security/ms15-061>) \n[Microsoft advisory](<https://technet.microsoft.com/en-us/library/security/ms15-062>) \n[Microsoft advisory](<https://technet.microsoft.com/en-us/library/security/ms15-063>) \n[CVE-2015-1725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1725>) \n[CVE-2015-1724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1724>) \n[CVE-2015-1727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1727>) \n[CVE-2015-1726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1726>) \n[CVE-2015-1723](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1723>) \n[CVE-2015-1722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1722>) \n[CVE-2015-2360](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2360>) \n[CVE-2015-1768](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1768>) \n[CVE-2015-1721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1721>) \n[CVE-2015-1720](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1720>) \n[CVE-2015-1758](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1758>) \n[CVE-2015-1757](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1757>) \n[CVE-2015-1756](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1756>) \n[CVE-2015-1719](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1719>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2015-1725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1725>)7.2High \n[CVE-2015-1724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1724>)7.2High \n[CVE-2015-1727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1727>)7.2High \n[CVE-2015-1726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1726>)7.2High \n[CVE-2015-1723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1723>)7.2High \n[CVE-2015-1722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1722>)7.2High \n[CVE-2015-2360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2360>)7.2High \n[CVE-2015-1768](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1768>)7.2High \n[CVE-2015-1721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1721>)7.2High \n[CVE-2015-1720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1720>)7.2High \n[CVE-2015-1758](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1758>)6.9High \n[CVE-2015-1757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1757>)4.3Warning \n[CVE-2015-1756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1756>)9.3Critical \n[CVE-2015-1719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1719>)2.1Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3062577](<http://support.microsoft.com/kb/3062577>) \n[3059317](<http://support.microsoft.com/kb/3059317>) \n[3057839](<http://support.microsoft.com/kb/3057839>) \n[3063858](<http://support.microsoft.com/kb/3063858>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2015-06-09T00:00:00", "id": "KLA10599", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10599", "title": "\r KLA10599Multiple vulnerabilities in Microsoft Products ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
