Kaspersky LabKLA10631KLA10631 Multiple vulnerabilities in Microsoft Windows
8.3 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.66 Medium
EPSS
Percentile
97.9%
Detect date:
07/14/2015
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code or obtain sensitive information.
Affected products:
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 R2 Service Pack 2
Windows Vista x86, x64 Service Pack 2
Microsoft Windows 7 x86, x64 Service Pack 1
Microsoft Windows Server 2008 x64 Service Pack 1
Microsoft Windows Server 2008 R2 x64 Service Pack 1
Microsoft Windows 8 x86, x64
Microsoft Windows 8.1 x86, x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2015-2416
CVE-2015-2364
CVE-2015-2371
CVE-2015-2417
CVE-2015-2363
CVE-2015-2373
CVE-2015-2387
CVE-2015-2382
CVE-2015-2361
CVE-2015-2370
CVE-2015-2366
CVE-2015-2367
CVE-2015-2368
CVE-2015-2369
CVE-2015-2362
CVE-2015-2374
CVE-2015-2381
CVE-2015-2365
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-24165.0Warning
CVE-2015-23647.2High
CVE-2015-23716.9High
CVE-2015-24175.0Warning
CVE-2015-23637.2High
CVE-2015-23877.2High
CVE-2015-23822.1Warning
CVE-2015-23617.2High
CVE-2015-23707.2High
CVE-2015-23667.2High
CVE-2015-23672.1Warning
CVE-2015-23686.9High
CVE-2015-23696.9High
CVE-2015-23627.2High
CVE-2015-23743.3Warning
CVE-2015-23812.1Warning
CVE-2015-23657.2High
Microsoft official advisories:
KB list:
3072631
3068457
3046339
3069392
3072630
3067505
3073094
3077657
3067904
3072000
3046359
3061512
3069762
3072633
3067903
3070738
3070102
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/3046339
support.microsoft.com/kb/3046359
support.microsoft.com/kb/3061512
support.microsoft.com/kb/3067505
support.microsoft.com/kb/3067903
support.microsoft.com/kb/3067904
support.microsoft.com/kb/3068457
support.microsoft.com/kb/3069392
support.microsoft.com/kb/3069762
support.microsoft.com/kb/3070102
support.microsoft.com/kb/3070738
support.microsoft.com/kb/3072000
support.microsoft.com/kb/3072630
support.microsoft.com/kb/3072631
support.microsoft.com/kb/3072633
support.microsoft.com/kb/3073094
support.microsoft.com/kb/3077657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2361
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2363
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2366
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2367
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2368
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2369
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2370
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2371
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2416
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2417
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2361
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2362
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2363
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2364
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2365
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2366
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2367
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2368
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2369
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2370
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2371
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2373
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2374
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2381
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2382
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2387
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2416
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2417
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
8.3 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.66 Medium
EPSS
Percentile
97.9%