Lucene search

Kaspersky LabKLA10589

HistoryMar 04, 2015 - 12:00 a.m.

KLA10589 Multiple vulnerabilities in Microsoft products

2015-03-0400:00:00

Kaspersky Lab

threats.kaspersky.com

8.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.921 High

EPSS

Percentile

98.9%

JSON

Detect date:

03/04/2015

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, cause denial of service or obtain sensitive information.

Affected products:

Windows Server 2003 x86, x64, Itanium Service Pack 2
Windows Vista x86, x64 Service Pack 2
Windows Server 2008 x86, x64, Itanium Service Pack 2
Windows 7 x86, x64 Service Pack 1
Windows Server 2008 R2 x64, Itanium Service Pack 1
Windows 8 x86, x64
Windows 8.1 x86, x64
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2015-0016
CVE-2015-0062
CVE-2015-0015
CVE-2015-0061
CVE-2015-0004
CVE-2015-0080
CVE-2015-0006
CVE-2015-0005
CVE-2015-0001
CVE-2015-0075
CVE-2015-0073
CVE-2015-0002
CVE-2015-0076
CVE-2015-0084
CVE-2015-0011

Impacts:

OSI

Related products:

Microsoft Windows Vista

CVE-IDS:

CVE-2015-00169.3Critical
CVE-2015-00627.2High
CVE-2015-00157.8High
CVE-2015-00614.3Warning
CVE-2015-00047.2High
CVE-2015-00804.3Warning
CVE-2015-00066.1High
CVE-2015-00054.3Warning
CVE-2015-00011.9Warning
CVE-2015-00757.2High
CVE-2015-00737.2High
CVE-2015-00027.2High
CVE-2015-00764.3Warning
CVE-2015-00842.1Warning
CVE-2015-00114.7Warning

Microsoft official advisories:

KB list:

3019978
3019215
3021674
3038680
3014029
3035132
3023299
3023266
3029944
3020387
3035126
3002657
3025421
3022777
3004365
3031432
3030377
3035131
3020388

Exploitation:

Public exploits exist for this vulnerability.

References

support.microsoft.com/kb/3002657

support.microsoft.com/kb/3004365

support.microsoft.com/kb/3014029

support.microsoft.com/kb/3019215

support.microsoft.com/kb/3019978

support.microsoft.com/kb/3020387

support.microsoft.com/kb/3020388

support.microsoft.com/kb/3021674

support.microsoft.com/kb/3022777

support.microsoft.com/kb/3023266

support.microsoft.com/kb/3023299

support.microsoft.com/kb/3025421

support.microsoft.com/kb/3029944

support.microsoft.com/kb/3030377

support.microsoft.com/kb/3031432

support.microsoft.com/kb/3035126

support.microsoft.com/kb/3035131

support.microsoft.com/kb/3035132

support.microsoft.com/kb/3038680

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0001

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0002

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0004

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0005

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0006

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0011

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0015

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0061

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0062

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0073

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0075

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0076

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0080

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0084

portal.msrc.microsoft.com/en-us/security-guidance

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0001

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0002

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0004

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0005

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0006

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0011

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0015

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0016

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0061

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0062

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0073

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0075

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0076

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0080

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0084

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/class/Exploit/

threats.kaspersky.com/en/product/Microsoft-Windows-7/

threats.kaspersky.com/en/product/Microsoft-Windows-8/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/

threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/

threats.kaspersky.com/en/product/Windows-RT/

8.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.921 High

EPSS

Percentile

98.9%

JSON