Lucene search

K
kasperskyKaspersky LabKLA10646
HistoryAug 11, 2015 - 12:00 a.m.

KLA10646 Multiple vulnerabilities in Microsoft Windows

2015-08-1100:00:00
Kaspersky Lab
threats.kaspersky.com
232

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.728 High

EPSS

Percentile

98.0%

Detect date:

08/11/2015

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information.

Affected products:

Windows Vista Service Pack 2
Windows Server 2008 Service Pack 2
Windows 7 Service Pack 1
Windows Server 2008 R2
Windows 8
Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Windows 10
.NET framework versions 3.0 SP2, 4, 4.5, 4.5.1, 4.5.2, 4.6
Office 2007 Service Pack 3
Office 2010 Service Pack 2
Live Meeting 2007 Console
Lync 2010
Lync 2013 Service Pack 1
Silverlight 5
BizTalk Server 2010, 2013, 2013 R2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2015-2423
CVE-2015-2431
CVE-2015-2430
CVE-2015-2456
CVE-2015-2458
CVE-2015-2433
CVE-2015-2432
CVE-2015-2471
CVE-2015-2472
CVE-2015-2473
CVE-2015-2474
CVE-2015-2475
CVE-2015-2476
CVE-2015-1769
CVE-2015-2449
CVE-2015-2455
CVE-2015-2460
CVE-2015-2459
CVE-2015-2462
CVE-2015-2461
CVE-2015-2464
CVE-2015-2463
CVE-2015-2465
CVE-2015-2454
CVE-2015-2453
CVE-2015-2434
CVE-2015-2435
CVE-2015-2428
CVE-2015-2441
CVE-2015-2446
CVE-2015-2429
CVE-2015-2440
CVE-2015-2442

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2015-24234.3Warning
CVE-2015-24319.3Critical
CVE-2015-24309.3Critical
CVE-2015-24569.3Critical
CVE-2015-24589.3Critical
CVE-2015-24332.1Warning
CVE-2015-24329.3Critical
CVE-2015-24714.3Warning
CVE-2015-24724.3Warning
CVE-2015-24739.3Critical
CVE-2015-24749.0Critical
CVE-2015-24754.3Warning
CVE-2015-24762.6Warning
CVE-2015-17697.2High
CVE-2015-24494.3Warning
CVE-2015-24559.3Critical
CVE-2015-24609.3Critical
CVE-2015-24599.3Critical
CVE-2015-24629.3Critical
CVE-2015-24619.3Critical
CVE-2015-24649.3Critical
CVE-2015-24639.3Critical
CVE-2015-24652.1Warning
CVE-2015-24542.1Warning
CVE-2015-24534.7Warning
CVE-2015-24344.3Warning
CVE-2015-24359.3Critical
CVE-2015-24282.1Warning
CVE-2015-24419.3Critical
CVE-2015-24469.3Critical
CVE-2015-24299.3Critical
CVE-2015-24404.3Warning
CVE-2015-24429.3Critical

Microsoft official advisories:

KB list:

3081436
3080790
3072305
3071756
3072307
3072306
3072303
3072309
3080129
3082458
3082459
3079743
3080348
3073893
3075591
3075590
3075593
3075592
3084525
3076895
3087119
3055014
2825645
3075222
3075221
3075220
3075226
3072310
3072311
3076949
3073921
3054890
3060716
3078662
3079757
3078601
3078071
3046017
3054846
3080333
3082487

Exploitation:

Public exploits exist for this vulnerability.

References

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.728 High

EPSS

Percentile

98.0%