{"id": "KB3080348", "bulletinFamily": "microsoft", "title": "MS15-082: Vulnerabilities in RDP could allow remote code execution: August 11, 2015", "description": "<html><body><p>Resolves vulnerabilities in Windows that could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user\u2019s current working directory and then convinces the user to open an RDP file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker\u2019s specially crafted DLL file.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user\u2019s current working directory and then convinces the user to open an RDP file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker\u2019s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs, could view, change, or delete data, or could create new accounts that have full user rights. <br/><br/>This security update addresses the vulnerability by correcting how the Remote Desktop Session Host (RDSH) validates certificates and how RDP loads certain binaries. <br/><br/>To learn more about the update, see <a href=\"https://support.microsoft.com/help/3073094\" id=\"kb-link-2\" target=\"_self\">Microsoft Knowledge Base article 3073094</a>.<br/><br/><br/>To learn more about the vulnerability, see <a href=\"https://technet.microsoft.com/library/security/ms15-082\" id=\"kb-link-3\" target=\"_self\">Microsoft Security Bulletin MS15-082</a>.<br/></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><span class=\"text-base\">Important </span><ul class=\"sbody-free_list\"><li>All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-4\" target=\"_self\">2919355</a> to be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-5\" target=\"_self\">2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates. </li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-6\" target=\"_self\">Add language packs to Windows</a>.</li></ul></div><h2>Additional information about this security update</h2><div class=\"kb-moreinformation-section section\">The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.<br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/help/3075226\" id=\"kb-link-7\" target=\"_self\">3075226</a> MS15-082: Description of the security update for RDP in Windows: August 11, 2015</li><li><a href=\"https://support.microsoft.com/help/3075222\" id=\"kb-link-8\" target=\"_self\">3075222</a> MS15-082: Description of the security update for RDP in Windows: August 11, 2015<br/><br/>Known issues in security update 3075222:<br/><br/><br/><ul class=\"sbody-free_list\"><li> After you install or uninstall this security update, you may have to restart the computer two times. </li></ul></li><li><a href=\"https://support.microsoft.com/help/3075221\" id=\"kb-link-9\" target=\"_self\">3075221</a> MS15-082: Description of the security update for RDP in Windows: August 11, 2015</li><li><a href=\"https://support.microsoft.com/help/3075220\" id=\"kb-link-10\" target=\"_self\">3075220</a> MS15-082: Description of the security update for RDP in Windows: August 11, 2015</li></ul></div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"><a class=\"bookmark\" id=\"obtaintheupdate\"></a><h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see<br/><a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-12\" target=\"_self\">Get security updates automatically</a>. <br/><br/><span class=\"text-base\">Note</span> For Windows RT and Windows RT 8.1, this update is available only through Windows Update. </div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Method 2: Microsoft Download Center</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update. <br/><br/>Click the download link in <a href=\"https://technet.microsoft.com/library/security/ms15-082\" id=\"kb-link-13\" target=\"_self\">Microsoft Security Bulletin MS15-082</a> that corresponds to the version of Windows that you are running.<br/></div><br/></span></div></div></div></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows Vista (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3075220-x86.msu<br/>Windows6.0-KB3075221-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3075220-x64.msu<br/>Windows6.0-KB3075221-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-14\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support the removal of updates. To uninstall an update that was installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span>, and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3045171\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base Article 3045171</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update. </td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3075220-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3075220-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3075220-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-16\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support the removal of updates. To uninstall an update that was installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span>, and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3045171\" id=\"kb-link-17\" target=\"_self\">Microsoft Knowledge Base Article 3045171</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update. </td></tr></table></div><h4 class=\"sbody-h4\">Windows 7 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3075220-x86.msu<br/>Windows6.1-KB3075222-x86.msu<br/>Windows6.1-KB3075226-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3075220-x64.msu<br/>Windows6.1-KB3075222-x64.msu<br/>Windows6.1-KB3075226-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-18\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update that was installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under <span class=\"sbody-userinput\">Windows Update</span>, click <span class=\"text-base\">View installed updates</span>, and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3045171\" id=\"kb-link-19\" target=\"_self\">Microsoft Knowledge Base Article 3045171</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update. </td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3075220-x64.msu<br/>Windows6.1-KB3075222-x64.msu<br/>Windows6.1-KB3075226-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3075220-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-20\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update that was installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under <span class=\"sbody-userinput\">Windows Update</span>, click <span class=\"text-base\">View installed updates</span>, and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3045171\" id=\"kb-link-21\" target=\"_self\">Microsoft Knowledge Base Article 3045171</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update. </td></tr></table></div><h4 class=\"sbody-h4\">Windows 8 and Windows 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3075220-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3075220-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3075220-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3075220-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-22\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update that was installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under <span class=\"sbody-userinput\">See also</span>, click <span class=\"text-base\">Installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3045171\" id=\"kb-link-23\" target=\"_self\">Microsoft Knowledge Base Article 3045171</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update. </td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 and Windows Server 2012 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3075220-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3075220-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-24\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update that was installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under <span class=\"sbody-userinput\">See also</span>, click <span class=\"text-base\">Installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3045171\" id=\"kb-link-25\" target=\"_self\">Microsoft Knowledge Base Article 3045171</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update. </td></tr></table></div><h4 class=\"sbody-h4\">Windows RT and Windows RT 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">These updates are available through <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-26\" target=\"_self\">Windows Update</a> only. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">You must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under <span class=\"sbody-userinput\">See also</span>, click <span class=\"text-base\">Installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File Information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3045171\" id=\"kb-link-27\" target=\"_self\">Microsoft Knowledge Base Article 3045171</a></td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3075220-ia64.msu</td><td class=\"sbody-td\">42DE6591E1F11B7880D592DE99822D9209DA62E1</td><td class=\"sbody-td\">9BE293A14D44D1DF73AE91FDFEE439B4797899B4B1DA12E7737484647E1F62C6</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3075220-x64.msu</td><td class=\"sbody-td\">CDB63E470C817A445929AED7521C7103CC8E801E</td><td class=\"sbody-td\">BE962EFB24BB4853B603EDE6AF0AE94926758BFBA54FDE7F22FEFF3C1429FF7F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3075220-x86.msu</td><td class=\"sbody-td\">76552E0D4166711A4AC5BEC17CD1AA0789A7FD72</td><td class=\"sbody-td\">00465D9266E23EA91D5F20556F4C39F69BF221FB41805E53E3004AB967B1D927</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3075221-x64.msu</td><td class=\"sbody-td\">5E96E9CCAD8B302BCC38A1A69C7B7D7C6941D7EA</td><td class=\"sbody-td\">F29664D5C30DBF769F57E26AB3257974792758F460D7C1F5B23C224CBF5B5F81</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3075221-x86.msu</td><td class=\"sbody-td\">970FF92B910A98E851C24A618D152853B21CABCC</td><td class=\"sbody-td\">30E217FE4FC6907C00CCA928BF4271B15AF3A1A24F65037E0D7ED35666B6D91E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3075220-ia64.msu</td><td class=\"sbody-td\">1A84542FEAA7C7D7E5F2A3618EC1A5F43F43EC44</td><td class=\"sbody-td\">F479E3B6826CCAF58F20DA7BFA9160304C65C675FB06AF1993E8136CEDC76664</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3075220-x64.msu</td><td class=\"sbody-td\">AA1F21337A50E431E65B348C4799B5CA2E9E636F</td><td class=\"sbody-td\">C8D77DE57760D69BACBB5E1FD0D9422D7FF9BFD0178F310160F3A3370F95180D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3075220-x86.msu</td><td class=\"sbody-td\">1E46613AED15B1BBA9FB37F2FDDD391D41FF3E49</td><td class=\"sbody-td\">E118CD6720416C74F72E5EA1BED299FD4EB404FF291743DAD0A03AED599B22D5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3075222-x64.msu</td><td class=\"sbody-td\">A4FBEFE464E6C9D4C3924516379A570F7884E289</td><td class=\"sbody-td\">58FA1785C20463A226C00AFD65EA1B73369E4220EC02A0AA43ABA815D6459EFC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3075222-x86.msu</td><td class=\"sbody-td\">F1EE54E30726E374D6A6673EA197FED8D39C8EF8</td><td class=\"sbody-td\">F03E8E1EF46DD1DF23325EF2D9869F020BD4B4FFAAC41FB066005C9769788D4A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3075226-x64.msu</td><td class=\"sbody-td\">EDCAA1B72946B2894F0A3DEBF08ADB059D5A254B</td><td class=\"sbody-td\">F75AB96003F255EF38DFB40941A9C0751EA9BBADCB0FCF22592E3A4C438E6C9D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3075226-x86.msu</td><td class=\"sbody-td\">4AC94A6FD2B0038520D9BDAB3D98D3779F557F7F</td><td class=\"sbody-td\">1FCDE5BC4864D14A893D6863E9934A583841C48E353DB62928C88F2C2EE80BE6</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3075220-arm.msu</td><td class=\"sbody-td\">80C2CE5711A98451BFBA7DD1D83CF7DF207AD737</td><td class=\"sbody-td\">AC38DC63EE7B16D615002934F810438AC8A456B42AE69F4B80B3B604D05E1CAE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3075220-x64.msu</td><td class=\"sbody-td\">634EC20FBF0CDAF870D77136EB6E2F3AF0D76809</td><td class=\"sbody-td\">0EE6806DED0DFE9A040FB9499F1E915F42480A87ACFC0E85071BDA23FBD29507</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3075220-x86.msu</td><td class=\"sbody-td\">DE71F161F9CFC74CE8E2D2104E23528691F73264</td><td class=\"sbody-td\">37BD5D87BEBD08BD6A98DFF997D80C736C0E529A5F1A44A2F58F67BF96275E3B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3075220-arm.msu</td><td class=\"sbody-td\">9362755EB2067A66FDB9694491328D206D41786C</td><td class=\"sbody-td\">ADC2A8781593BBB266D1D24CA1357E6D0388592C9F9740F187EC12F56B97C625</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3075220-x64.msu</td><td class=\"sbody-td\">2BF751DB2BD4D2A35D2571771C0DB39FB79BD409</td><td class=\"sbody-td\">B7A108ED9156EC99D7436A6FCA10DE84FC0B0168E602E2D5F09E93AF6DBC9F01</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3075220-x86.msu</td><td class=\"sbody-td\">233D6FC97D673F8F14A22BA26B5DFC7A0778875E</td><td class=\"sbody-td\">AC954F83B47DA00DA7C2558A07F4B64BCC3FE94C2921F3E27C3FB667D609C3AB</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-28\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-29\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-30\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-31\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "published": "2015-08-11T00:00:00", "modified": "2015-08-11T17:44:37", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://support.microsoft.com/en-us/help/3080348/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2015-2472", "CVE-2015-2473"], "type": "mskb", "lastseen": "2021-01-01T22:53:10", "edition": 2, "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-2473", "CVE-2015-2472"]}, {"type": "symantec", "idList": ["SMNTC-76224", "SMNTC-76228"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805080"]}, {"type": "nessus", "idList": ["SMB_NT_MS15-082.NASL"]}, {"type": "kaspersky", "idList": ["KLA10646"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14626"]}], "modified": "2021-01-01T22:53:10", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-01-01T22:53:10", "rev": 2}, "vulnersScore": 6.3}, "kb": "KB3080348", "msrc": "MS15-082", "mscve": "", "msfamily": "", "msplatform": "", "msproducts": ["14135", "13230", "14478", "14562", "14113", "13228", "11721", "14210", "15514", "17381", "11728", "11740", "15511", "16735", "16735", "11733", "17508", "11719", "14492", "16710", "16710", "17651", "17654", "16730", "16730", "16803", "16797", "13236", "14496", "14490", "14139", "13233", "14501", "14440", "17360", "14136", "16625", "13234", "16854", "17657", "14503", "17344", "14131", "17542", "11708", "16722"], "supportAreaPaths": ["371fbe0b-cb79-c748-a47a-4dc327bf6944", "b2012b15-7770-3165-b934-5b004ee86f67", "2bcc8288-b2b0-9ff3-3992-cc01f9c21619", "da37feb8-f7a1-3a1e-aad9-261b598ba5b9", "289fe55d-04e8-fd33-f9f3-f7ad74c153bf", "bebec93f-1b5a-fa13-e8dd-551821a6d3f9", "28a9ef75-2920-9f59-4d6c-4e6d6c99cf4c", "6f18bf60-d0f1-8298-413b-89f6e8170528", "670009af-2bc1-fa29-d4a5-99c02e923013", "c5c603fd-204f-4b8a-f0fb-cc95767cb3a7", "32719e08-ef7b-a697-0697-ec02d753dbb5", "e2b2a040-324c-43bf-447c-75aab15e2570", "e2b2a040-324c-43bf-447c-75aab15e2570", "d21af3d6-5cde-c325-4483-c1810c7a5bdd", "c2628421-ad67-7b37-cbb2-c1b1f4d4ffab", "1b3bc777-c681-e378-d422-eb618baa26f9", "dcf6c6d5-a2d1-b94e-220d-99ddd23d6cbb", "333f3bd9-9578-fda0-5919-4b8fa39524c3", "84f238c8-9f55-203c-9eb5-a2efcdf27ab1", "b5011041-7904-59f1-97ca-53b1da5812fb", "f62ed778-6986-d76e-c007-40a28315ffbf", "86630540-cb68-b324-567b-e197838cd28b", "928d79ba-72eb-762f-39be-122173e95922", "fc8a5f33-cbfe-2a72-73ca-e36deb8fcd9e", "244077f3-69a9-7534-f748-4cfd26b20c3b", "c6dbcbed-7ece-befe-c766-c638f2a7b21e", "fd3a2888-0af1-3691-5303-bc85b4302e62", "417fd093-b60f-5bcc-5ffe-121d73da4b0c", "9d95d170-7d1a-675a-ebb1-ab4cd0b095f1", "9dcd1ae8-74ee-a4f0-82ad-4736ad0727f7", "948aa232-06db-7d04-b975-a55f6d10d3a3", "adc0290c-cf74-ece3-6c50-40b4b8ac2454", "dc985417-c423-4987-027d-c19e0d3a44bc", "ceefced2-0d6f-a4bd-50d6-875c871b8250", "ceefced2-0d6f-a4bd-50d6-875c871b8250", "9087adda-9d1d-0ba1-1b0b-ad434f940308", "96bdd47e-5cb0-fbd3-9808-6c4bead5f000", "4af945c2-8a39-6b82-777b-5067ce2c9216", "4af945c2-8a39-6b82-777b-5067ce2c9216", "6f3de84c-ccb0-9b4f-f885-a0071dfc8aa1", "2994eca6-696c-b523-20de-40b02211bb3b", "417baa75-0c45-df0a-8e65-960580d94f42", "0d05b8b1-ed59-2bf9-9d27-07c0db1c697f", "dc52833c-eac7-25b7-b942-b2dfcfbace09", "2b2eeb95-d89c-6614-0db5-88f09133ede6", "6a967721-27d9-bd5f-9029-99ca5f0436dd"], "supportAreaPathNodes": [{"id": "c2628421-ad67-7b37-cbb2-c1b1f4d4ffab", "name": "Windows Server 2008 Datacenter", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "bebec93f-1b5a-fa13-e8dd-551821a6d3f9", "name": "Windows 8.1 Pro", "parent": "b905caa1-d413-c90c-bed3-20aead901092", "tree": [], "type": "productversion"}, {"id": "dc52833c-eac7-25b7-b942-b2dfcfbace09", "name": "Windows Server 2012 R2 Essentials", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "fd3a2888-0af1-3691-5303-bc85b4302e62", "name": "Windows Vista Home Premium", "parent": "981df833-4c7c-ed03-d59a-3c7c3d2e7074", "tree": [], "type": "productversion"}, {"id": "96bdd47e-5cb0-fbd3-9808-6c4bead5f000", "name": "Windows Server 2008 R2 Datacenter", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "0d05b8b1-ed59-2bf9-9d27-07c0db1c697f", "name": "Windows Vista Service Pack 2", "parent": "981df833-4c7c-ed03-d59a-3c7c3d2e7074", "tree": [], "type": "productversion"}, {"id": "84f238c8-9f55-203c-9eb5-a2efcdf27ab1", "name": "Windows 8 Pro", "parent": "31feb23d-f680-e1e0-1f97-ef7b00c80cdf", "tree": [], "type": "productversion"}, {"id": "f62ed778-6986-d76e-c007-40a28315ffbf", "name": "Windows Server 2008 Enterprise", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "6a967721-27d9-bd5f-9029-99ca5f0436dd", "name": "Windows Server 2012 R2 Foundation", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "2b2eeb95-d89c-6614-0db5-88f09133ede6", "name": "Windows Server 2008 Foundation", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "da37feb8-f7a1-3a1e-aad9-261b598ba5b9", "name": "Windows 7 Home Basic", "parent": "f825ca23-c7d1-aab8-4513-64980e1c3007", "tree": [], "type": "productversion"}, {"id": "6f3de84c-ccb0-9b4f-f885-a0071dfc8aa1", "name": "Windows 7 Ultimate", "parent": "f825ca23-c7d1-aab8-4513-64980e1c3007", "tree": [], "type": "productversion"}, {"id": "e2b2a040-324c-43bf-447c-75aab15e2570", "name": "Windows Server 2012 Foundation", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "e2b2a040-324c-43bf-447c-75aab15e2570", "name": "Windows Server 2012 Foundation", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "c5c603fd-204f-4b8a-f0fb-cc95767cb3a7", "name": "Windows Server 2008 for Itanium-Based Systems", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "28a9ef75-2920-9f59-4d6c-4e6d6c99cf4c", "name": "Windows Server 2012 R2 Datacenter", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "1b3bc777-c681-e378-d422-eb618baa26f9", "name": "Windows Server 2012 Essentials", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "670009af-2bc1-fa29-d4a5-99c02e923013", "name": "Windows Server 2008 R2 Standard", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "289fe55d-04e8-fd33-f9f3-f7ad74c153bf", "name": "Windows Server 2012 R2 Standard", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "b2012b15-7770-3165-b934-5b004ee86f67", "name": "Windows 8.1", "parent": "b905caa1-d413-c90c-bed3-20aead901092", "tree": [], "type": "productversion"}, {"id": "ceefced2-0d6f-a4bd-50d6-875c871b8250", "name": "Windows Server 2012 Datacenter", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "ceefced2-0d6f-a4bd-50d6-875c871b8250", "name": "Windows Server 2012 Datacenter", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "4af945c2-8a39-6b82-777b-5067ce2c9216", "name": "Windows Server 2012 Standard", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "4af945c2-8a39-6b82-777b-5067ce2c9216", "name": "Windows Server 2012 Standard", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "dcf6c6d5-a2d1-b94e-220d-99ddd23d6cbb", "name": "Windows 7 Enterprise", "parent": "f825ca23-c7d1-aab8-4513-64980e1c3007", "tree": [], "type": "productversion"}, {"id": "86630540-cb68-b324-567b-e197838cd28b", "name": "Windows RT 8.1", "parent": "13d0da43-f4d6-9f8e-d090-ed3881084c6e", "tree": [], "type": "productversion"}, {"id": "371fbe0b-cb79-c748-a47a-4dc327bf6944", "name": "Windows Vista Business", "parent": "981df833-4c7c-ed03-d59a-3c7c3d2e7074", "tree": [], "type": "productversion"}, {"id": "9d95d170-7d1a-675a-ebb1-ab4cd0b095f1", "name": "Windows Vista Home Basic", "parent": "981df833-4c7c-ed03-d59a-3c7c3d2e7074", "tree": [], "type": "productversion"}, {"id": "928d79ba-72eb-762f-39be-122173e95922", "name": "Windows Vista Starter", "parent": "981df833-4c7c-ed03-d59a-3c7c3d2e7074", "tree": [], "type": "productversion"}, {"id": "b5011041-7904-59f1-97ca-53b1da5812fb", "name": "Windows 7 Starter", "parent": "f825ca23-c7d1-aab8-4513-64980e1c3007", "tree": [], "type": "productversion"}, {"id": "9dcd1ae8-74ee-a4f0-82ad-4736ad0727f7", "name": "Windows Server 2008 Service Pack 2", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "244077f3-69a9-7534-f748-4cfd26b20c3b", "name": "Windows 8 Enterprise", "parent": "31feb23d-f680-e1e0-1f97-ef7b00c80cdf", "tree": [], "type": "productversion"}, {"id": "2994eca6-696c-b523-20de-40b02211bb3b", "name": "Windows Server 2008 R2 Enterprise", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "dc985417-c423-4987-027d-c19e0d3a44bc", "name": "Windows RT", "parent": "13d0da43-f4d6-9f8e-d090-ed3881084c6e", "tree": [], "type": "productversion"}, {"id": "6f18bf60-d0f1-8298-413b-89f6e8170528", "name": "Windows 7 Professional", "parent": "f825ca23-c7d1-aab8-4513-64980e1c3007", "tree": [], "type": "productversion"}, {"id": "333f3bd9-9578-fda0-5919-4b8fa39524c3", "name": "Windows Server 2008 Standard", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "2bcc8288-b2b0-9ff3-3992-cc01f9c21619", "name": "Windows Vista Enterprise", "parent": "981df833-4c7c-ed03-d59a-3c7c3d2e7074", "tree": [], "type": "productversion"}, {"id": "32719e08-ef7b-a697-0697-ec02d753dbb5", "name": "Windows Server 2008 R2 Web Edition", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "948aa232-06db-7d04-b975-a55f6d10d3a3", "name": "Windows 8", "parent": "31feb23d-f680-e1e0-1f97-ef7b00c80cdf", "tree": [], "type": "productversion"}, {"id": "d21af3d6-5cde-c325-4483-c1810c7a5bdd", "name": "Windows Server 2008 R2 Foundation", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "417baa75-0c45-df0a-8e65-960580d94f42", "name": "Windows Server 2008 R2 Service Pack 1", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "c6dbcbed-7ece-befe-c766-c638f2a7b21e", "name": "Windows 7 Home Premium", "parent": "f825ca23-c7d1-aab8-4513-64980e1c3007", "tree": [], "type": "productversion"}, {"id": "417fd093-b60f-5bcc-5ffe-121d73da4b0c", "name": "Windows Vista Ultimate", "parent": "981df833-4c7c-ed03-d59a-3c7c3d2e7074", "tree": [], "type": "productversion"}, {"id": "fc8a5f33-cbfe-2a72-73ca-e36deb8fcd9e", "name": "Windows 8.1 Enterprise", "parent": "b905caa1-d413-c90c-bed3-20aead901092", "tree": [], "type": "productversion"}, {"id": "adc0290c-cf74-ece3-6c50-40b4b8ac2454", "name": "Windows Server 2008 Web Edition", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "9087adda-9d1d-0ba1-1b0b-ad434f940308", "name": "Windows 7 Service Pack 1", "parent": "f825ca23-c7d1-aab8-4513-64980e1c3007", "tree": [], "type": "productversion"}], "primarySupportAreaPath": [{"id": "28a9ef75-2920-9f59-4d6c-4e6d6c99cf4c", "name": "Windows Server 2012 R2 Datacenter", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "name": "Windows Server 2012 R2", "parent": "7ff57180-2b05-67aa-2c03-ab46c7848b89", "tree": [], "type": "productname"}, {"id": "7ff57180-2b05-67aa-2c03-ab46c7848b89", "name": "Windows Servers", "tree": [], "type": "productfamily"}], "superseeds": ["KB3070738", "KB2813345", "KB2813347"], "parentseeds": [], "msimpact": "Spoofing", "msseverity": "Important", "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:21:23", "description": "Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka \"Remote Desktop Session Host Spoofing Vulnerability.\"", "edition": 4, "cvss3": {}, "published": "2015-08-15T00:59:00", "title": "CVE-2015-2472", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2472"], "modified": "2019-05-15T12:39:00", "cpe": ["cpe:/o:microsoft:windows_vista:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2015-2472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2472", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:23", "description": "Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka \"Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability.\"\n<a href=\"http://cwe.mitre.org/data/definitions/426.html\">CWE-426: Untrusted Search Path</a>\n\nPer the Microsoft advisory, \" In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted RDP file that is designed to exploit the vulnerability. An attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message.\"\n\nThis vulnerability has been assigned and Attack Vector of Remote.", "edition": 4, "cvss3": {}, "published": "2015-08-15T00:59:00", "title": "CVE-2015-2473", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2473"], "modified": "2018-10-12T22:09:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2015-2473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2473", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*"]}], "symantec": [{"lastseen": "2018-03-14T22:42:05", "bulletinFamily": "software", "cvelist": ["CVE-2015-2472"], "description": "### Description\n\nMicrosoft Remote Desktop Session Host is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. Attackers can exploit this issue to spoof and impersonate a legitimate user. Other attacks are also possible.\n\n### Technologies Affected\n\n * Microsoft SQL Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft SQL Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows RT \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Vista SP2 \n * Microsoft Windows Vista x64 Edition SP2 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept communications that originate from unknown or untrusted sources.** \nexecute commands to mount SMB shares. Never follow directions from untrusted sources. Modify default configuration files to disable any unwanted behavior\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "SMNTC-76224", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/76224", "type": "symantec", "title": "Microsoft Remote Desktop Session Host CVE-2015-2472 Spoofing Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-13T12:07:33", "bulletinFamily": "software", "cvelist": ["CVE-2015-2473"], "description": "### Description\n\nMicrosoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.\n\n### Technologies Affected\n\n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, block access at the network perimeter to computers hosting the vulnerable operating system.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Do not use client software to access unknown or untrusted hosts from critical systems.** \nTo limit the risk of exploits, never connect to unknown or untrusted services.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "SMNTC-76228", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/76228", "type": "symantec", "title": "Microsoft Remote Desktop Protocol DLL Loading CVE-2015-2473 Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-06-10T19:49:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2472", "CVE-2015-2473"], "description": "This host is missing an important security\n update according to Microsoft Bulletin MS15-082.", "modified": "2020-06-09T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:1361412562310805080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805080", "type": "openvas", "title": "Microsoft Windows RDP Remote Code Execution Vulnerabilities (3080348)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows RDP Remote Code Execution Vulnerabilities (3080348)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805080\");\n script_version(\"2020-06-09T05:48:43+0000\");\n script_cve_id(\"CVE-2015-2472\", \"CVE-2015-2473\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 05:48:43 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-12 10:37:53 +0530 (Wed, 12 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows RDP Remote Code Execution Vulnerabilities (3080348)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS15-082.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A spoofing vulnerability exists when the Remote Desktop Session Host (RDSH)\n improperly validates certificates during authentication.\n\n - A remote code execution vulnerability exists when Microsoft Windows Remote\n Desktop Protocol client improperly handles the loading of certain specially\n crafted DLL files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to take complete control of an affected system. An attacker could then install,\n programs, view, change, or delete data or create new accounts with full user\n rights.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8 x32/x64\n\n - Microsoft Windows Server 2012/R2\n\n - Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows Vista x32/x64 Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior\n\n - Microsoft Windows 7 x32/x64 Service Pack 1 and prior\n\n - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3080348\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-082\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2 , win8_1:1 ,\n win8_1x64:1, win2012R2:1, win8:1, win8x64:1, win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Tsgqec.dll\");\nif(!dllVer){\n exit(0);\n}\n\n## Currently not supporting for Vista and Windows Server 2008 64 bit\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"6.1.7600.17000\", test_version2:\"6.1.7600.17232\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7600.21000\", test_version2:\"6.1.7600.21447\") ||\n version_in_range(version:dllVer, test_version:\"6.0.6002.18000\", test_version2:\"6.0.6002.18004\") ||\n version_in_range(version:dllVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.23746\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"6.3.9600.16000\", test_version2:\"6.3.9600.16414\") ||\n version_in_range(version:dllVer, test_version:\"6.2.9200.16000\", test_version2:\"6.2.9200.16397\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7601.18000\", test_version2:\"6.1.7601.18917\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7601.22000\", test_version2:\"6.1.7601.23120\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win8:1, win8x64:1, win2012:1) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"6.2.9200.16000\", test_version2:\"6.2.9200.16383\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\n## Win 8.1 and win2012R2\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"6.3.9600.16000\", test_version2:\"6.3.9600.17414\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-01T06:15:10", "description": "The remote Windows host is missing a security update. It is, therefore\naffected by the following vulnerabilities :\n\n - A spoofing vulnerability exists due to the Remote\n Desktop Session Host (RDSH) not properly validating\n certificates during authentication. An man-in-the-middle\n attacker can exploit this to impersonate a client\n session by spoofing a TLS/SSL server via a certificate\n that appears valid. (CVE-2015-2472)\n\n - A code execution vulnerability exists due to the Remote\n Desktop Protocol client not properly handling the\n loading of certain specially crafted DLL files. An\n attacker, by placing a malicious DLL in the user's\n current working directory and convincing the user to\n open a crafted RDP file, can exploit this issue to\n execute arbitrary code in the context of the user.\n (CVE-2015-2473)", "edition": 28, "published": "2015-08-11T00:00:00", "title": "MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2472", "CVE-2015-2473"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS15-082.NASL", "href": "https://www.tenable.com/plugins/nessus/85332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85332);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2015-2472\", \"CVE-2015-2473\");\n script_bugtraq_id(76224, 76228);\n script_xref(name:\"MSFT\", value:\"MS15-082\");\n script_xref(name:\"MSKB\", value:\"3075220\");\n script_xref(name:\"MSKB\", value:\"3075221\");\n script_xref(name:\"MSKB\", value:\"3075222\");\n script_xref(name:\"MSKB\", value:\"3075226\");\n script_xref(name:\"IAVA\", value:\"2015-A-0190\");\n\n script_name(english:\"MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348)\");\n script_summary(english:\"Checks the version of rdpcorets.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is, therefore\naffected by the following vulnerabilities :\n\n - A spoofing vulnerability exists due to the Remote\n Desktop Session Host (RDSH) not properly validating\n certificates during authentication. An man-in-the-middle\n attacker can exploit this to impersonate a client\n session by spoofing a TLS/SSL server via a certificate\n that appears valid. (CVE-2015-2472)\n\n - A code execution vulnerability exists due to the Remote\n Desktop Protocol client not properly handling the\n loading of certain specially crafted DLL files. An\n attacker, by placing a malicious DLL in the user's\n current working directory and convincing the user to\n open a crafted RDP file, can exploit this issue to\n execute arbitrary code in the context of the user.\n (CVE-2015-2473)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-082\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista, 2008, 7,\n2008 R2, 8, 8.1, 2012, 2012 R2, RT, and RT 8.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2473\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-082';\n\nkbs = make_list(\n \"3075220\",\n \"3075221\",\n \"3075222\",\n \"3075226\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", file:\"mstscax.dll\", version:\"6.3.9600.17931\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075220\") ||\n hotfix_is_vulnerable(os:\"6.3\", file:\"aaedge.dll\", version:\"6.3.9600.17931\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075220\") ||\n\n # Windows 8 / 2012\n hotfix_is_vulnerable(os:\"6.2\", file:\"mstscax.dll\", version:\"6.2.9200.21544\", min_version:\"6.2.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075220\") ||\n hotfix_is_vulnerable(os:\"6.2\", file:\"mstscax.dll\", version:\"6.2.9200.17434\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075220\") ||\n\n # Windows 7 / 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mstscax.dll\", version:\"6.1.7601.23121\", min_version:\"6.1.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075220\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mstscax.dll\", version:\"6.1.7601.18918\", min_version:\"6.1.7600.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075220\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"aaclient.dll\", version:\"6.2.9200.21545\", min_version:\"6.2.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075222\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"aaclient.dll\", version:\"6.2.9200.17435\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075222\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mstscax.dll\", version:\"6.3.9600.17930\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075226\") ||\n\n # Vista / 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mstscax.dll\", version:\"6.0.6002.23747\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075220\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mstscax.dll\", version:\"6.0.6002.19439\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075220\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"aaclient.dll\", version:\"6.1.7600.17233\", min_version:\"6.1.7600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075221\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"aaclient.dll\", version:\"6.1.7600.21448\", min_version:\"6.1.7600.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3075221\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:45:03", "bulletinFamily": "info", "cvelist": ["CVE-2015-2456", "CVE-2015-2475", "CVE-2015-2433", "CVE-2015-2441", "CVE-2015-1769", "CVE-2015-2455", "CVE-2015-2429", "CVE-2015-2476", "CVE-2015-2472", "CVE-2015-2471", "CVE-2015-2446", "CVE-2015-2460", "CVE-2015-2442", "CVE-2015-2431", "CVE-2015-2423", "CVE-2015-2435", "CVE-2015-2465", "CVE-2015-2459", "CVE-2015-2434", "CVE-2015-2462", "CVE-2015-2461", "CVE-2015-2440", "CVE-2015-2454", "CVE-2015-2432", "CVE-2015-2473", "CVE-2015-2430", "CVE-2015-2474", "CVE-2015-2449", "CVE-2015-2464", "CVE-2015-2428", "CVE-2015-2463", "CVE-2015-2453", "CVE-2015-2458"], "description": "### *Detect date*:\n08/11/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nWindows Vista Service Pack 2 \nWindows Server 2008 Service Pack 2 \nWindows 7 Service Pack 1 \nWindows Server 2008 R2 \nWindows 8 \nWindows 8.1 \nWindows Server 2012 \nWindows Server 2012 R2 \nWindows RT \nWindows RT 8.1 \nWindows 10 \n.NET framework versions 3.0 SP2, 4, 4.5, 4.5.1, 4.5.2, 4.6 \nOffice 2007 Service Pack 3 \nOffice 2010 Service Pack 2 \nLive Meeting 2007 Console \nLync 2010 \nLync 2013 Service Pack 1 \nSilverlight 5 \nBizTalk Server 2010, 2013, 2013 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-2423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2423>) \n[CVE-2015-2431](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2431>) \n[CVE-2015-2430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2430>) \n[CVE-2015-2456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2456>) \n[CVE-2015-2458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2458>) \n[CVE-2015-2433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2433>) \n[CVE-2015-2432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2432>) \n[CVE-2015-2471](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2471>) \n[CVE-2015-2472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2472>) \n[CVE-2015-2473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2473>) \n[CVE-2015-2474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2474>) \n[CVE-2015-2475](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2475>) \n[CVE-2015-2476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2476>) \n[CVE-2015-1769](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1769>) \n[CVE-2015-2449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2449>) \n[CVE-2015-2455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2455>) \n[CVE-2015-2460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2460>) \n[CVE-2015-2459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2459>) \n[CVE-2015-2462](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2462>) \n[CVE-2015-2461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2461>) \n[CVE-2015-2464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2464>) \n[CVE-2015-2463](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2463>) \n[CVE-2015-2465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2465>) \n[CVE-2015-2454](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2454>) \n[CVE-2015-2453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2453>) \n[CVE-2015-2434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2434>) \n[CVE-2015-2435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2435>) \n[CVE-2015-2428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2428>) \n[CVE-2015-2441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2441>) \n[CVE-2015-2446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2446>) \n[CVE-2015-2429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2429>) \n[CVE-2015-2440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2440>) \n[CVE-2015-2442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2442>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft .NET Framework](<https://threats.kaspersky.com/en/product/Microsoft-.NET-Framework/>)\n\n### *CVE-IDS*:\n[CVE-2015-2423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423>)4.3Warning \n[CVE-2015-2431](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2431>)9.3Critical \n[CVE-2015-2430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2430>)9.3Critical \n[CVE-2015-2456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2456>)9.3Critical \n[CVE-2015-2458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2458>)9.3Critical \n[CVE-2015-2433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2433>)2.1Warning \n[CVE-2015-2432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2432>)9.3Critical \n[CVE-2015-2471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2471>)4.3Warning \n[CVE-2015-2472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2472>)4.3Warning \n[CVE-2015-2473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2473>)9.3Critical \n[CVE-2015-2474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2474>)9.0Critical \n[CVE-2015-2475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2475>)4.3Warning \n[CVE-2015-2476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2476>)2.6Warning \n[CVE-2015-1769](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1769>)7.2High \n[CVE-2015-2449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2449>)4.3Warning \n[CVE-2015-2455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2455>)9.3Critical \n[CVE-2015-2460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2460>)9.3Critical \n[CVE-2015-2459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2459>)9.3Critical \n[CVE-2015-2462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2462>)9.3Critical \n[CVE-2015-2461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2461>)9.3Critical \n[CVE-2015-2464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2464>)9.3Critical \n[CVE-2015-2463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2463>)9.3Critical \n[CVE-2015-2465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2465>)2.1Warning \n[CVE-2015-2454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2454>)2.1Warning \n[CVE-2015-2453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2453>)4.7Warning \n[CVE-2015-2434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2434>)4.3Warning \n[CVE-2015-2435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2435>)9.3Critical \n[CVE-2015-2428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2428>)2.1Warning \n[CVE-2015-2441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441>)9.3Critical \n[CVE-2015-2446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446>)9.3Critical \n[CVE-2015-2429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2429>)9.3Critical \n[CVE-2015-2440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2440>)4.3Warning \n[CVE-2015-2442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3081436](<http://support.microsoft.com/kb/3081436>) \n[3080790](<http://support.microsoft.com/kb/3080790>) \n[3072305](<http://support.microsoft.com/kb/3072305>) \n[3071756](<http://support.microsoft.com/kb/3071756>) \n[3072307](<http://support.microsoft.com/kb/3072307>) \n[3072306](<http://support.microsoft.com/kb/3072306>) \n[3072303](<http://support.microsoft.com/kb/3072303>) \n[3072309](<http://support.microsoft.com/kb/3072309>) \n[3080129](<http://support.microsoft.com/kb/3080129>) \n[3082458](<http://support.microsoft.com/kb/3082458>) \n[3082459](<http://support.microsoft.com/kb/3082459>) \n[3079743](<http://support.microsoft.com/kb/3079743>) \n[3080348](<http://support.microsoft.com/kb/3080348>) \n[3073893](<http://support.microsoft.com/kb/3073893>) \n[3075591](<http://support.microsoft.com/kb/3075591>) \n[3075590](<http://support.microsoft.com/kb/3075590>) \n[3075593](<http://support.microsoft.com/kb/3075593>) \n[3075592](<http://support.microsoft.com/kb/3075592>) \n[3084525](<http://support.microsoft.com/kb/3084525>) \n[3076895](<http://support.microsoft.com/kb/3076895>) \n[3087119](<http://support.microsoft.com/kb/3087119>) \n[3055014](<http://support.microsoft.com/kb/3055014>) \n[2825645](<http://support.microsoft.com/kb/2825645>) \n[3075222](<http://support.microsoft.com/kb/3075222>) \n[3075221](<http://support.microsoft.com/kb/3075221>) \n[3075220](<http://support.microsoft.com/kb/3075220>) \n[3075226](<http://support.microsoft.com/kb/3075226>) \n[3072310](<http://support.microsoft.com/kb/3072310>) \n[3072311](<http://support.microsoft.com/kb/3072311>) \n[3076949](<http://support.microsoft.com/kb/3076949>) \n[3073921](<http://support.microsoft.com/kb/3073921>) \n[3054890](<http://support.microsoft.com/kb/3054890>) \n[3060716](<http://support.microsoft.com/kb/3060716>) \n[3078662](<http://support.microsoft.com/kb/3078662>) \n[3079757](<http://support.microsoft.com/kb/3079757>) \n[3078601](<http://support.microsoft.com/kb/3078601>) \n[3078071](<http://support.microsoft.com/kb/3078071>) \n[3046017](<http://support.microsoft.com/kb/3046017>) \n[3054846](<http://support.microsoft.com/kb/3054846>) \n[3080333](<http://support.microsoft.com/kb/3080333>) \n[3082487](<http://support.microsoft.com/kb/3082487>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2015-08-11T00:00:00", "id": "KLA10646", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10646", "title": "\r KLA10646Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-2456", "CVE-2015-2475", "CVE-2015-2433", "CVE-2015-2441", "CVE-2015-1769", "CVE-2015-2455", "CVE-2015-2445", "CVE-2015-2447", "CVE-2015-2429", "CVE-2015-2476", "CVE-2015-2472", "CVE-2015-2444", "CVE-2015-2471", "CVE-2015-2446", "CVE-2015-2452", "CVE-2015-2448", "CVE-2015-2460", "CVE-2015-2481", "CVE-2015-2442", "CVE-2015-2423", "CVE-2015-2435", "CVE-2015-2465", "CVE-2015-2480", "CVE-2015-2459", "CVE-2015-2434", "CVE-2015-2462", "CVE-2015-2461", "CVE-2015-2426", "CVE-2015-2450", "CVE-2015-2479", "CVE-2015-2440", "CVE-2015-2454", "CVE-2015-2432", "CVE-2015-2473", "CVE-2015-2451", "CVE-2015-2430", "CVE-2015-2474", "CVE-2015-2443", "CVE-2015-2449", "CVE-2015-2464", "CVE-2015-2428", "CVE-2015-2463", "CVE-2015-2453", "CVE-2015-2458"], "description": "OpenType fonts parsing code execution, multiple Internet Explorer and Edge vulnerabilities, code execution and information disclosure in system libraries, code execution via RDP and AMB, privilege escalation, information disclosure via WebDAV.", "edition": 1, "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14626", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14626", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}