Kaspersky LabKLA10468KLA10468 Multiple vulnerabilities in Microsoft products
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.575 Medium
EPSS
Percentile
97.7%
Detect date:
03/10/2015
Severity:
Critical
Description:
Multiple critical vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information or execute arbitrary code.
Affected products:
Windows Server 2003 x86, x64, for Itanium-based Systems, Service Pack 2
Windows Vista x86, x64 Service Pack 2
Windows Server 2008 x86, x64, for Itanium-based Systems Service Pack 2
Windows 7 x86, x64 Service Pack 1
Windows Server 2008 R2 x64, for Itanium-based Systems Service Pack 1
Windows 8 x86, x64
Windows 8.1 x86, x64
Windows RT, RT 8.1
Windows Server 2008 x64 Service Pack 2 (Server Core installation)
Windows Server 2008 R2 x64 Service Pack 1 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS advisory
CVE-2015-0074
CVE-2015-0090
CVE-2015-0091
CVE-2015-0092
CVE-2015-0093
CVE-2015-0089
CVE-2015-0087
CVE-2015-0088
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-00744.3Warning
CVE-2015-00909.3Critical
CVE-2015-00919.3Critical
CVE-2015-00929.3Critical
CVE-2015-00939.3Critical
CVE-2015-00895.0Critical
CVE-2015-00875.0Critical
CVE-2015-00889.3Critical
Microsoft official advisories:
KB list:
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
References
support.microsoft.com/kb/3032323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0093
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0074
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0087
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0088
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0089
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0090
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0091
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0092
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0093
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/library/security/MS15-021
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003-Standard-Edition/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.575 Medium
EPSS
Percentile
97.7%