Lucene search

K
kasperskyKaspersky LabKLA10459
HistoryMar 10, 2015 - 12:00 a.m.

KLA10459 Security bypass vulnerability in Microsoft Windows

2015-03-1000:00:00
Kaspersky Lab
threats.kaspersky.com
18

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.963 High

EPSS

Percentile

99.6%

Improper TLS restriction was found in Microsoft products. By exploiting this vulnerability malicious users bypass security. This vulnerability can be exploited remotely via a specially designed TLS traffic.

Original advisories

MS bulletin

CVE-2015-1637

Related products

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Microsoft-Windows-Server-2003

CVE list

CVE-2015-1637 warning

KB list

3046049

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Windows Server 2003 x86, x64, fot Itanium-based systems Service Pack 2ย Windows vista x84, x64 Service Pack 2Windows Server 2008 x86, x64, for Itanium-based systems Service ย Pack2Windows 7 x86, x64Windows Server 2008 R2 x64, for Itanium-based systems Service Pack 1Windows 8 x86, x64Windows 8.1 x86, x64Windows Server 2012Windows Server 2012 R2Windows RTWindows RT 8.1

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.963 High

EPSS

Percentile

99.6%