Kaspersky LabKLA10646KLA10646 Multiple vulnerabilities in Microsoft Windows
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.728 High
EPSS
Percentile
98.0%
Detect date:
08/11/2015
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information.
Affected products:
Windows Vista Service Pack 2
Windows Server 2008 Service Pack 2
Windows 7 Service Pack 1
Windows Server 2008 R2
Windows 8
Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Windows 10
.NET framework versions 3.0 SP2, 4, 4.5, 4.5.1, 4.5.2, 4.6
Office 2007 Service Pack 3
Office 2010 Service Pack 2
Live Meeting 2007 Console
Lync 2010
Lync 2013 Service Pack 1
Silverlight 5
BizTalk Server 2010, 2013, 2013 R2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2015-2423
CVE-2015-2431
CVE-2015-2430
CVE-2015-2456
CVE-2015-2458
CVE-2015-2433
CVE-2015-2432
CVE-2015-2471
CVE-2015-2472
CVE-2015-2473
CVE-2015-2474
CVE-2015-2475
CVE-2015-2476
CVE-2015-1769
CVE-2015-2449
CVE-2015-2455
CVE-2015-2460
CVE-2015-2459
CVE-2015-2462
CVE-2015-2461
CVE-2015-2464
CVE-2015-2463
CVE-2015-2465
CVE-2015-2454
CVE-2015-2453
CVE-2015-2434
CVE-2015-2435
CVE-2015-2428
CVE-2015-2441
CVE-2015-2446
CVE-2015-2429
CVE-2015-2440
CVE-2015-2442
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-24234.3Warning
CVE-2015-24319.3Critical
CVE-2015-24309.3Critical
CVE-2015-24569.3Critical
CVE-2015-24589.3Critical
CVE-2015-24332.1Warning
CVE-2015-24329.3Critical
CVE-2015-24714.3Warning
CVE-2015-24724.3Warning
CVE-2015-24739.3Critical
CVE-2015-24749.0Critical
CVE-2015-24754.3Warning
CVE-2015-24762.6Warning
CVE-2015-17697.2High
CVE-2015-24494.3Warning
CVE-2015-24559.3Critical
CVE-2015-24609.3Critical
CVE-2015-24599.3Critical
CVE-2015-24629.3Critical
CVE-2015-24619.3Critical
CVE-2015-24649.3Critical
CVE-2015-24639.3Critical
CVE-2015-24652.1Warning
CVE-2015-24542.1Warning
CVE-2015-24534.7Warning
CVE-2015-24344.3Warning
CVE-2015-24359.3Critical
CVE-2015-24282.1Warning
CVE-2015-24419.3Critical
CVE-2015-24469.3Critical
CVE-2015-24299.3Critical
CVE-2015-24404.3Warning
CVE-2015-24429.3Critical
Microsoft official advisories:
KB list:
3081436
3080790
3072305
3071756
3072307
3072306
3072303
3072309
3080129
3082458
3082459
3079743
3080348
3073893
3075591
3075590
3075593
3075592
3084525
3076895
3087119
3055014
2825645
3075222
3075221
3075220
3075226
3072310
3072311
3076949
3073921
3054890
3060716
3078662
3079757
3078601
3078071
3046017
3054846
3080333
3082487
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/2825645
support.microsoft.com/kb/3046017
support.microsoft.com/kb/3054846
support.microsoft.com/kb/3054890
support.microsoft.com/kb/3055014
support.microsoft.com/kb/3060716
support.microsoft.com/kb/3071756
support.microsoft.com/kb/3072303
support.microsoft.com/kb/3072305
support.microsoft.com/kb/3072306
support.microsoft.com/kb/3072307
support.microsoft.com/kb/3072309
support.microsoft.com/kb/3072310
support.microsoft.com/kb/3072311
support.microsoft.com/kb/3073893
support.microsoft.com/kb/3073921
support.microsoft.com/kb/3075220
support.microsoft.com/kb/3075221
support.microsoft.com/kb/3075222
support.microsoft.com/kb/3075226
support.microsoft.com/kb/3075590
support.microsoft.com/kb/3075591
support.microsoft.com/kb/3075592
support.microsoft.com/kb/3075593
support.microsoft.com/kb/3076895
support.microsoft.com/kb/3076949
support.microsoft.com/kb/3078071
support.microsoft.com/kb/3078601
support.microsoft.com/kb/3078662
support.microsoft.com/kb/3079743
support.microsoft.com/kb/3079757
support.microsoft.com/kb/3080129
support.microsoft.com/kb/3080333
support.microsoft.com/kb/3080348
support.microsoft.com/kb/3080790
support.microsoft.com/kb/3081436
support.microsoft.com/kb/3082458
support.microsoft.com/kb/3082459
support.microsoft.com/kb/3082487
support.microsoft.com/kb/3084525
support.microsoft.com/kb/3087119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2449
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2465
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2472
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2474
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2475
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2476
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1769
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2423
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2428
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2429
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2430
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2431
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2432
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2433
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2434
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2435
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2440
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2441
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2442
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2446
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2449
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2453
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2454
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2455
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2456
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2458
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2459
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2460
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2461
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2462
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2463
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2464
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2465
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2471
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2472
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2473
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2474
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2475
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2476
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Lync/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Silverlight/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.728 High
EPSS
Percentile
98.0%