Kaspersky LabKLA10578KLA10578 Multiple vulnerabilities in Microsoft Font Drivers
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.389 Low
EPSS
Percentile
97.2%
Detect date:
05/12/2015
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.
Affected products:
Windows Server 2003 x86, x64, Itanium Service Pack 2
Windows Vista x86, x64 Service Pack 2
Windows Server 2008 x86, x64, Itanium Service Pack 2
Windows 7 x86, x64 Service Pack 1
Windows Server 2008 R2 x64, Itanium Service Pack 1
Windows 8, 8.1 x86, x64
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Office 2007 Service Pack 3
Office 2010 Service Pack 2
Live Meeting 2007 Console
Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Microsoft Lync 2013 Service Pack 1
Microsoft Lync Basic 2013 Service Pack 1
Microsoft Silverlight 5
Microsoft Silverlight 5 Developer Runtime
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
Microsoft Advisory
CVE-2015-1671
CVE-2015-1670
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-16719.3Critical
CVE-2015-16704.3Warning
Microsoft official advisories:
KB list:
3045171
2881073
2883029
3051466
3056819
3039779
3048068
3048077
3048074
3051468
3048072
3048073
3048070
3048071
3051467
3057110
3051465
3051464
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
References
support.microsoft.com/kb/2881073
support.microsoft.com/kb/2883029
support.microsoft.com/kb/3039779
support.microsoft.com/kb/3045171
support.microsoft.com/kb/3048068
support.microsoft.com/kb/3048070
support.microsoft.com/kb/3048071
support.microsoft.com/kb/3048072
support.microsoft.com/kb/3048073
support.microsoft.com/kb/3048074
support.microsoft.com/kb/3048077
support.microsoft.com/kb/3051464
support.microsoft.com/kb/3051465
support.microsoft.com/kb/3051466
support.microsoft.com/kb/3051467
support.microsoft.com/kb/3051468
support.microsoft.com/kb/3056819
support.microsoft.com/kb/3057110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1671
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1670
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1671
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms15-044
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Lync-2010-Attendee/
threats.kaspersky.com/en/product/Microsoft-Lync/
threats.kaspersky.com/en/product/Microsoft-Office-Live-Meeting-2007/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Silverlight/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.389 Low
EPSS
Percentile
97.2%