Microsoft Windows CVE-2014-6322 Remote Privilege Escalation Vulnerability
2014-11-11T00:00:00
ID SMNTC-70978 Type symantec Reporter Symantec Security Response Modified 2014-11-11T00:00:00
Description
Description
Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges.
Technologies Affected
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8 for 32-bit Systems
Microsoft Windows 8 for x64-based Systems
Microsoft Windows 8.1 for 32-bit Systems
Microsoft Windows 8.1 for x64-based Systems
Microsoft Windows RT 8.1
Microsoft Windows RT
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista SP2
Microsoft Windows Vista x64 Edition Service Pack 2
Recommendations
Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
Updates are available. Please see the references or vendor advisory for more information.
{"id": "SMNTC-70978", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Windows CVE-2014-6322 Remote Privilege Escalation Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows RT \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Vista SP2 \n * Microsoft Windows Vista x64 Edition Service Pack 2 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2014-11-11T00:00:00", "modified": "2014-11-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/70978", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2014-6322"], "lastseen": "2018-03-14T22:41:29", "viewCount": 3, "enchantments": {"score": {"value": 8.3, "vector": "NONE", "modified": "2018-03-14T22:41:29", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-6322"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804880"]}, {"type": "mskb", "idList": ["KB3005607"]}, {"type": "nessus", "idList": ["SMB_NT_MS14-071.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:A3BB2FFA95F5B0C5ED7362707F7E5AFE"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:F06DB29D4493CE57606D1D984EFBC079"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14090"]}, {"type": "kaspersky", "idList": ["KLA10601"]}], "modified": "2018-03-14T22:41:29", "rev": 2}, "vulnersScore": 8.3}, "affectedSoftware": [{"version": "2 ", "name": "Microsoft Windows Vista x64 Edition Service Pack", "operator": "eq"}, {"version": "2012 R2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "8 for 32-bit Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2008 R2 for x64-based Systems SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "8.1 for 32-bit Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "8 for x64-based Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2008 for 32-bit Systems SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2012 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "7 for 32-bit Systems SP1 ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2008 for x64-based Systems SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "7 for x64-based Systems SP1 ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "8.1 for x64-based Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2008 for Itanium-based Systems SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "8.1 ", "name": "Microsoft Windows RT", "operator": "eq"}, {"version": "2008 R2 for Itanium-based Systems SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:14:33", "description": "The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka \"Windows Audio Service Vulnerability.\"", "edition": 4, "cvss3": {}, "published": "2014-11-11T22:55:00", "title": "CVE-2014-6322", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6322"], "modified": "2019-05-15T13:22:00", "cpe": ["cpe:/o:microsoft:windows_vista:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2014-6322", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6322", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-06-10T19:52:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6322"], "description": "This host is missing an important security\n update according to Microsoft Bulletin MS14-071.", "modified": "2020-06-09T00:00:00", "published": "2014-11-12T00:00:00", "id": "OPENVAS:1361412562310804880", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804880", "type": "openvas", "title": "Microsoft Window Audio Service Privilege Escalation Vulnerability (3005607)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Window Audio Service Privilege Escalation Vulnerability (3005607)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804880\");\n script_version(\"2020-06-09T08:59:39+0000\");\n script_cve_id(\"CVE-2014-6322\");\n script_bugtraq_id(70978);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 08:59:39 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-11-12 10:30:01 +0530 (Wed, 12 Nov 2014)\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"Microsoft Window Audio Service Privilege Escalation Vulnerability (3005607)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS14-071.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error within the\n Windows Audio Service.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker\n to execute arbitrary scripts with elevated privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Vista x32/x64 Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior\n\n - Microsoft Windows 7 x32/x64 Service Pack 1 and prior\n\n - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior\n\n - Microsoft Windows 8 x32/x64\n\n - Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows Server 2012/R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/3005607\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS14-071\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2,\n win8:1, win8x64:1, win2012:1, win2012R2:1, win8_1:1,\n win8_1x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Audiosrv.dll\");\nif(!dllVer){\n exit(0);\n}\n\n## Currently not supporting for Vista and Windows Server 2008 64 bit\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.19201\") ||\n version_in_range(version:dllVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.23505\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.1.7601.18619\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7601.22000\", test_version2:\"6.1.7601.22825\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_check_sp(win8:1, win8x64:1, win2012:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.2.9200.17134\") ||\n version_in_range(version:dllVer, test_version:\"6.2.9200.21000\", test_version2:\"6.2.9200.21250\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\n## Win 8.1 and win2012R2\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.3.9600.17393\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "mskb": [{"lastseen": "2021-01-01T22:48:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2014-6322"], "description": "<html><body><p>Resolves a vulnerability in Microsoft Windows that could allow elevation of privilege if a user browses to a malicious webpage.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS14-071. To learn more about this security bulletin:<br/><ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-1\" target=\"_self\">https://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"https://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">https://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"https://technet.microsoft.com/library/security/ms14-071\" id=\"kb-link-3\" target=\"_self\">https://technet.microsoft.com/library/security/MS14-071</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates:<br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country:<br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows Vista (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3005607-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3005607-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-8\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the file information section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3005607-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3005607-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3005607-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-9\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the file information section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 7 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3005607-x86.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3005607-x64.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-10\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the file information section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3005607-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3005607-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-11\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the file information section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 8 and Windows 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3005607-x86.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3005607-x64.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3005607-x86.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3005607-x64.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-12\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the file information section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 and Windows Server 2012 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3005607-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3005607-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-13\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the file information section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows RT and Windows RT 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">These updates are available via <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-14\" target=\"_self\">Windows Update</a> only.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File Information</span></td><td class=\"sbody-td\">See the file information section.</td></tr></table></div></div><br/></span></div></div></div></div><h2>FILE INFORMATION</h2><div class=\"kb-summary-section section\">The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.<br/><br/> <br/><br/><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows Vista and Windows Server 2008 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Version</span></th><th class=\"sbody-th\"><span class=\"text-base\">Product</span></th><th class=\"sbody-th\"><span class=\"text-base\">Milestone</span></th><th class=\"sbody-th\"><span class=\"text-base\">Service branch</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">2</span>.<span class=\"text-base\">18</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">2</span>.<span class=\"text-base\">23</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class=\"text-base\">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.<br/><br/><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">05-Jan-2008</td><td class=\"sbody-td\">11:21</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6002.18005</td><td class=\"sbody-td\">88,576</td><td class=\"sbody-td\">11-Apr-2009</td><td class=\"sbody-td\">06:27</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">396,800</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">274,432</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:18</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.18005</td><td class=\"sbody-td\">115,712</td><td class=\"sbody-td\">11-Apr-2009</td><td class=\"sbody-td\">06:28</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">316,928</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">170,496</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">07-May-2014</td><td class=\"sbody-td\">23:41</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">88,576</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:43</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">396,800</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">274,432</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">115,712</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">316,416</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">170,496</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">05-Jan-2008</td><td class=\"sbody-td\">11:22</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6001.18000</td><td class=\"sbody-td\">111,104</td><td class=\"sbody-td\">19-Jan-2008</td><td class=\"sbody-td\">08:00</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">474,624</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:01</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">313,344</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:03</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.18005</td><td class=\"sbody-td\">190,976</td><td class=\"sbody-td\">11-Apr-2009</td><td class=\"sbody-td\">07:11</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">446,976</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:01</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">201,728</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:02</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">07-May-2014</td><td class=\"sbody-td\">23:41</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">111,104</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:10</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">474,624</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:45</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">313,344</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:46</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">190,464</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:45</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">446,464</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:45</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">201,728</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:45</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">07-May-2014</td><td class=\"sbody-td\">23:41</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">88,576</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:49</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">396,800</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">274,432</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:18</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">115,712</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">07-May-2014</td><td class=\"sbody-td\">23:41</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">88,576</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:43</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">396,800</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">274,432</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">115,712</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">03-Jan-2008</td><td class=\"sbody-td\">18:36</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6001.18000</td><td class=\"sbody-td\">282,112</td><td class=\"sbody-td\">19-Jan-2008</td><td class=\"sbody-td\">08:21</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6001.18000</td><td class=\"sbody-td\">586,752</td><td class=\"sbody-td\">19-Jan-2008</td><td class=\"sbody-td\">08:24</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6001.18000</td><td class=\"sbody-td\">339,968</td><td class=\"sbody-td\">19-Jan-2008</td><td class=\"sbody-td\">08:24</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">360,448</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:38</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">859,136</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:38</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">07-May-2014</td><td class=\"sbody-td\">23:42</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">282,112</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:54</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">586,240</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:25</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">339,456</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:25</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">360,448</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:25</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">858,112</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:25</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">07-May-2014</td><td class=\"sbody-td\">23:41</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">88,576</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:49</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">396,800</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">274,432</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:18</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.19201</td><td class=\"sbody-td\">115,712</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiocore.mof</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">4,352</td><td class=\"sbody-td\">07-May-2014</td><td class=\"sbody-td\">23:41</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">88,576</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:43</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">396,800</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">274,432</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.0.6002.23506</td><td class=\"sbody-td\">115,712</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">00:50</td><td class=\"sbody-td\">x86</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows 7 and Windows Server 2008 R2 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM, SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table: <br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Version</span></th><th class=\"sbody-th\"><span class=\"text-base\">Product</span></th><th class=\"sbody-th\"><span class=\"text-base\">Milestone</span></th><th class=\"sbody-th\"><span class=\"text-base\">Service branch</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.760<span class=\"text-base\">1</span>.<span class=\"text-base\">18</span>xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.760<span class=\"text-base\">1</span>.<span class=\"text-base\">22</span>xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class=\"text-base\">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.<br/><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows 7</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.1.7601.17514</td><td class=\"sbody-td\">100,864</td><td class=\"sbody-td\">20-Nov-2010</td><td class=\"sbody-td\">12:16</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">374,784</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">442,880</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">195,584</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">475,136</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">275,968</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">20-Nov-2010</td><td class=\"sbody-td\">04:26</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.1.7601.17514</td><td class=\"sbody-td\">100,864</td><td class=\"sbody-td\">20-Nov-2010</td><td class=\"sbody-td\">12:16</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">374,784</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">442,880</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">195,584</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">475,136</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">275,968</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">20-Nov-2010</td><td class=\"sbody-td\">04:26</td><td class=\"sbody-td\">Not Applicable</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows 7 and Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.1.7601.17514</td><td class=\"sbody-td\">126,464</td><td class=\"sbody-td\">20-Nov-2010</td><td class=\"sbody-td\">13:24</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">440,832</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:11</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">500,224</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:12</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">296,448</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:11</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">680,960</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:11</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">284,672</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:11</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">20-Nov-2010</td><td class=\"sbody-td\">04:25</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.1.7601.17514</td><td class=\"sbody-td\">126,464</td><td class=\"sbody-td\">20-Nov-2010</td><td class=\"sbody-td\">13:24</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">440,832</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:06</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">500,224</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:07</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">296,448</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:06</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">680,960</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:06</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">284,672</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">02:06</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">20-Nov-2010</td><td class=\"sbody-td\">04:25</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">374,784</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">442,880</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">195,584</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_wow64_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:07</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">374,784</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">442,880</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">195,584</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_wow64_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:06</td><td class=\"sbody-td\">Not Applicable</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">323,072</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:16</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">519,168</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">340,480</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">607,744</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">1,385,472</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:17</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:49</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">323,072</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:15</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">519,168</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:15</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">340,480</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:15</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">607,744</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:15</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">1,385,472</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:15</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:52</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">374,784</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">442,880</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.18619</td><td class=\"sbody-td\">195,584</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:44</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_wow64_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:07</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">374,784</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">442,880</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.1.7601.22826</td><td class=\"sbody-td\">195,584</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_wow64_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">23:06</td><td class=\"sbody-td\">Not Applicable</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows 8 and Windows Server 2012 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM,SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Version</span></th><th class=\"sbody-th\"><span class=\"text-base\">Product</span></th><th class=\"sbody-th\"><span class=\"text-base\">Milestone</span></th><th class=\"sbody-th\"><span class=\"text-base\">Service branch</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.2.920 <span class=\"text-base\">0.16</span> xxx</td><td class=\"sbody-td\">Windows 8 and Windows Server 2012</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.2.920 <span class=\"text-base\">0.20</span> xxx</td><td class=\"sbody-td\">Windows 8 and Windows Server 2012</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class=\"text-base\">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.<br/><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows 8</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.2.9200.16578</td><td class=\"sbody-td\">207,576</td><td class=\"sbody-td\">08-Apr-2013</td><td class=\"sbody-td\">23:37</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioendpointbuilder.dll</td><td class=\"sbody-td\">6.2.9200.17131</td><td class=\"sbody-td\">136,704</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:30</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.2.9200.16578</td><td class=\"sbody-td\">426,024</td><td class=\"sbody-td\">08-Apr-2013</td><td class=\"sbody-td\">23:37</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.2.9200.16451</td><td class=\"sbody-td\">463,768</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">05:00</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.2.9200.16578</td><td class=\"sbody-td\">324,368</td><td class=\"sbody-td\">08-Apr-2013</td><td class=\"sbody-td\">23:37</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.2.9200.17134</td><td class=\"sbody-td\">596,480</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:30</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">100,352</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:30</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">05-Nov-2012</td><td class=\"sbody-td\">23:35</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">207,552</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">06:36</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioendpointbuilder.dll</td><td class=\"sbody-td\">6.2.9200.21247</td><td class=\"sbody-td\">136,704</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:32</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">427,568</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">06:36</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">463,768</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">06:36</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">324,344</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">06:36</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.2.9200.21251</td><td class=\"sbody-td\">593,920</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:32</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">100,352</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:32</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">05-Nov-2012</td><td class=\"sbody-td\">23:38</td><td class=\"sbody-td\">Not Applicable</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows 8 and Windows Server 2012</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.2.9200.16579</td><td class=\"sbody-td\">253,544</td><td class=\"sbody-td\">09-Apr-2013</td><td class=\"sbody-td\">05:33</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioendpointbuilder.dll</td><td class=\"sbody-td\">6.2.9200.17131</td><td class=\"sbody-td\">169,472</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:29</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.2.9200.16579</td><td class=\"sbody-td\">489,576</td><td class=\"sbody-td\">09-Apr-2013</td><td class=\"sbody-td\">05:33</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.2.9200.17131</td><td class=\"sbody-td\">522,728</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:21</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.2.9200.16579</td><td class=\"sbody-td\">446,792</td><td class=\"sbody-td\">09-Apr-2013</td><td class=\"sbody-td\">05:33</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.2.9200.17134</td><td class=\"sbody-td\">783,872</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:29</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">267,264</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:29</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">05-Nov-2012</td><td class=\"sbody-td\">23:32</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">253,512</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">07:18</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioendpointbuilder.dll</td><td class=\"sbody-td\">6.2.9200.21247</td><td class=\"sbody-td\">169,472</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:29</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">490,064</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">07:18</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.2.9200.21247</td><td class=\"sbody-td\">522,728</td><td class=\"sbody-td\">03-Oct-2014</td><td class=\"sbody-td\">01:06</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">447,792</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">07:18</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.2.9200.21251</td><td class=\"sbody-td\">783,872</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:29</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">267,264</td><td class=\"sbody-td\">02-Oct-2014</td><td class=\"sbody-td\">22:29</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">05-Nov-2012</td><td class=\"sbody-td\">23:36</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.2.9200.16578</td><td class=\"sbody-td\">426,024</td><td class=\"sbody-td\">08-Apr-2013</td><td class=\"sbody-td\">23:37</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.2.9200.16451</td><td class=\"sbody-td\">463,768</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">05:00</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.2.9200.16578</td><td class=\"sbody-td\">324,368</td><td class=\"sbody-td\">08-Apr-2013</td><td class=\"sbody-td\">23:37</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_wow64_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">05-Nov-2012</td><td class=\"sbody-td\">23:35</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">427,568</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">06:36</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">463,768</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">06:36</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.2.9200.20555</td><td class=\"sbody-td\">324,344</td><td class=\"sbody-td\">06-Nov-2012</td><td class=\"sbody-td\">06:36</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_wow64_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">05-Nov-2012</td><td class=\"sbody-td\">23:38</td><td class=\"sbody-td\">Not Applicable</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Windows 8.1 and Windows Server 2012 R2 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows 8.1</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">213,344</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">03:33</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioendpointbuilder.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">189,952</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">01:36</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">424,544</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">03:33</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">344,536</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">03:34</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">370,424</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">03:34</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">694,272</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">01:31</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">107,376</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">03:33</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">21-Aug-2013</td><td class=\"sbody-td\">23:39</td><td class=\"sbody-td\">Not Applicable</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiodg.exe</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">272,248</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">06:27</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioendpointbuilder.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">226,304</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">01:54</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">482,872</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">06:27</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">394,120</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">06:27</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">500,016</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">06:28</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiosrv.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">911,360</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">01:46</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Encdump.dll</td><td class=\"sbody-td\">5.0.1.1</td><td class=\"sbody-td\">108,432</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">06:27</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">22-Aug-2013</td><td class=\"sbody-td\">06:45</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioeng.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">424,544</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">03:33</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audiokse.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">344,536</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">03:34</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Audioses.dll</td><td class=\"sbody-td\">6.3.9600.17393</td><td class=\"sbody-td\">370,424</td><td class=\"sbody-td\">07-Oct-2014</td><td class=\"sbody-td\">03:34</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Prod_wow64_audio-audiocore.ptxml</td><td class=\"sbody-td\">Not Applicable</td><td class=\"sbody-td\">667</td><td class=\"sbody-td\">21-Aug-2013</td><td class=\"sbody-td\">23:39</td><td class=\"sbody-td\">Not Applicable</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Package Name</th><th class=\"sbody-th\">Package Hash SHA1</th><th class=\"sbody-th\">Package Hash SHA2</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3005607-x86.msu</td><td class=\"sbody-td\">06662462FF85470099EEC386D1B1DECDAD1AEDA6</td><td class=\"sbody-td\">65BF0569934D6A6D973990D4494E6551CB47CF0EB5F12934883C47F77FA82A65</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3005607-x86.msu</td><td class=\"sbody-td\">06662462FF85470099EEC386D1B1DECDAD1AEDA6</td><td class=\"sbody-td\">65BF0569934D6A6D973990D4494E6551CB47CF0EB5F12934883C47F77FA82A65</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3005607-ia64.msu</td><td class=\"sbody-td\">5E8E7B3BDA3A750B0683DBBFD4E3E7AC35FEEA8E</td><td class=\"sbody-td\">A728B5028F1CBAAEBA3B7ABAA54A9C7B8124D615D2BFAF6A12860767CBC1DEDC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3005607-x86.msu</td><td class=\"sbody-td\">73E11F60F02A795502F6A4D468C6F9F4EF591DEF</td><td class=\"sbody-td\">7514DC12CD13EFDE5D33C6ED62A93AFD1025C6BE5B07E569E5C29BCCDF81F38C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3005607-x86.msu</td><td class=\"sbody-td\">73E11F60F02A795502F6A4D468C6F9F4EF591DEF</td><td class=\"sbody-td\">7514DC12CD13EFDE5D33C6ED62A93AFD1025C6BE5B07E569E5C29BCCDF81F38C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3005607-x86.msu</td><td class=\"sbody-td\">97B720AB098ED8C6D2FD114166E23094CF758DD3</td><td class=\"sbody-td\">3B78592E349762C29A6D3AA3B44136B663877B3E38DD1B09540B45CB5C2CC520</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3005607-x86.msu</td><td class=\"sbody-td\">97B720AB098ED8C6D2FD114166E23094CF758DD3</td><td class=\"sbody-td\">3B78592E349762C29A6D3AA3B44136B663877B3E38DD1B09540B45CB5C2CC520</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3005607-ia64.msu</td><td class=\"sbody-td\">5A44C6990E179F57D9965251F40F3B2220C9ED6C</td><td class=\"sbody-td\">1AC041913FCBFC8F5B1547CB1DF305FB092CF0182FE6D643D02D2B7716485E29</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3005607-x86.msu</td><td class=\"sbody-td\">DDB99C9FF8F1F9F64263412A63AEF713875E63BE</td><td class=\"sbody-td\">96B4F6055AD01A46770FECCC0BDBDCB19063B521119105279A777D5DD39624DE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3005607-x86.msu</td><td class=\"sbody-td\">DDB99C9FF8F1F9F64263412A63AEF713875E63BE</td><td class=\"sbody-td\">96B4F6055AD01A46770FECCC0BDBDCB19063B521119105279A777D5DD39624DE</td></tr></table></div></div><br/></span></div></div></div></div></body></html>", "edition": 16, "modified": "2014-11-11T20:38:44", "id": "KB3005607", "href": "https://support.microsoft.com/en-us/help/3005607/", "published": "2014-11-11T00:00:00", "title": "MS14-071: Vulnerability in Windows Audio Service could cause Elevation of Privilege: November 11, 2014", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-04-01T06:16:03", "description": "The remote Windows host is affected by a vulnerability in the Windows\nAudio service component that allows privilege escalation. A remote\nattacker could exploit this vulnerability to elevate privileges but\nnot execute code.", "edition": 28, "published": "2014-11-12T00:00:00", "title": "MS14-071: Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6322"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS14-071.NASL", "href": "https://www.tenable.com/plugins/nessus/79131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79131);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2014-6322\");\n script_bugtraq_id(70978);\n script_xref(name:\"MSFT\", value:\"MS14-071\");\n script_xref(name:\"MSKB\", value:\"3005607\");\n script_xref(name:\"IAVA\", value:\"2014-A-0169\");\n\n script_name(english:\"MS14-071: Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)\");\n script_summary(english:\"Checks the version of audiosrv.dll / audioses.dll / audiokse.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a privilege escalation\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by a vulnerability in the Windows\nAudio service component that allows privilege escalation. A remote\nattacker could exploit this vulnerability to elevate privileges but\nnot execute code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-071\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista, 2008, 7,\n2008 R2, 8, 2012, 8.1, and 2012 R2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS14-071';\nkb = '3005607';\n\nkbs = make_list(kb);\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", sp:0, arch:\"x86\", file:\"audioses.dll\", version:\"6.3.9600.17393\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.3\", sp:0, arch:\"x64\", file:\"audiokse.dll\", version:\"6.3.9600.17393\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 8 / Windows Server 2012\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"audiosrv.dll\", version:\"6.2.9200.21251\", min_version:\"6.2.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"audiosrv.dll\", version:\"6.2.9200.17134\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 7 and Windows Server 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"audiosrv.dll\", version:\"6.1.7601.22826\", min_version:\"6.1.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"audiosrv.dll\", version:\"6.1.7601.18619\", min_version:\"6.1.7600.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Vista / Windows 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"audiosrv.dll\", version:\"6.0.6002.23506\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"audiosrv.dll\", version:\"6.0.6002.19201\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "threatpost": [{"lastseen": "2019-05-30T05:52:15", "bulletinFamily": "info", "cvelist": ["CVE-2014-6322", "CVE-2014-6332", "CVE-2015-5122", "CVE-2016-0189"], "description": "What we can glean from a 2018 roundup of current web-threats is old vulnerabilities die hard. In a report, released by Palo Alto Networks Unit 42, researchers said so far this year cybercriminals are targeting unpatched PCs with ancient CVEs and well-known exploit kits.\n\nHere is a ThreatList from the research firm\u2019s _Current Trends in Web-based Threats_ report, released last month.\n\nIn the first quarter of 2018, Unit 42 found 1583 malicious URLs across 496 different domains. Attackers used at least eight old and public vulnerabilities. The Top 3 CVEs used are:\n\n 1. [CVE-2014-6332](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332>): Vulnerability in [Microsoft Internet Explorer\u2019s VBScript](<https://threatpost.com/eternalblue-exploit-spreading-gh0st-rat-nitol/126052/>)\n 2. [CVE-2016-0189](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189>): Vulnerability in [Microsoft Internet Explorer\u2019s VBScript](<https://threatpost.com/microsoft-patches-jscript-vbscript-flaw-under-attack/117993/>)\n 3. [CVE-2015-5122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122>): Vulnerability in [Adobe Flash Player](<https://threatpost.com/flash-player-update-patches-two-hacking-team-zero-days/113776/>)\n\nUnit 42 also reported of the 1,583 URLs found in malicious emails it examined, 1,284 were exploit kit related.\n\nTop exploit kits are:\n\n * KaiXin\n * Sundown\n * Rig\n * Sinowal\n\n\u201cWe found Sundown and Rig EKs are slowing down not only in the number of vulnerabilities used but also in how often they are upgraded. However, KaiXin EK is still evolving. As we can see (below) KaiXin takes the lead when compared with Sundown and Rig. KaiXin was discovered in 2012 and became more and more active according our observations. The most exploited vulnerabilities in KaiXin are CVE-2016-0189 and CVE-2014-6322. We saw the very old EK Sinowal was also active with one malicious URL,\u201d [researchers wrote](<https://researchcenter.paloaltonetworks.com/2018/06/unit42-the-old-and-new-current-trends-in-web-based-threats/>).\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/25103219/EK_top_2018.png>)\n\n(ThreatList is an occasional overview of InfoSec landscape as represented in at-a-glance lists of relevant data.)\n", "modified": "2018-07-02T18:32:00", "published": "2018-07-02T18:32:00", "id": "THREATPOST:A3BB2FFA95F5B0C5ED7362707F7E5AFE", "href": "https://threatpost.com/threatlist-exploit-kits-still-a-top-web-based-threat/133044/", "type": "threatpost", "title": "ThreatList: Exploit Kits Still a Top Web-based Threat", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "googleprojectzero": [{"lastseen": "2020-12-14T19:25:56", "bulletinFamily": "info", "cvelist": ["CVE-2014-0568", "CVE-2014-6322", "CVE-2015-0055", "CVE-2015-2428", "CVE-2015-2429", "CVE-2015-2430"], "description": "Posted by James Forshaw, abusing symbolic links like it\u2019s 1999. \n\n** \n**\n\nFor the past couple of years I\u2019ve been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I\u2019ve used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create files or registry keys to escape the restrictive execution context. Symbolic links in themselves are not vulnerabilities, instead they\u2019re useful primitives for exploiting different classes of vulnerabilities such as resource planting or time-of-check time-of-use. \n\n** \n**\n\nThis blog post contains details of a few changes Microsoft has made to Windows 10, and now back ported (in [MS15-090](<https://technet.microsoft.com/en-us/library/security/ms15-090.aspx>)) as far back as Windows Vista which changes who can use certain types of symbolic links. There\u2019s not been many mitigations of this type which get back ported to so many older versions of Windows. Therefore I feel this is a good example of a vendor developing mitigations in response to increased attacks using certain techniques which wouldn\u2019t have traditionally been considered before for mitigations.\n\n## Quick Overview of Windows Symbolic Link Support\n\nIf you already know all about Windows Symbolic Link support you can always skip this, or perhaps view my [presentation](<https://vimeo.com/album/3416096/video/133002251>) I made at this year\u2019s Infiltrate conference about abusing them. If not continue on. There are three types of symbolic links you can access from a low privileged user, Object Manager Symbolic Links, Registry Key Symbolic Links and NTFS Mount Points. There\u2019s actually a fourth type, NTFS Symbolic Links, however you can only create this type if you\u2019re an administrator making them of little use for privilege escalation. These symbolic link types have been added over the many years of the NT development as shown below. \n\n** \n**\n\n\n\n** \n**\n\n### Object Manager Symbolic Links\n\nFrom a user perspective Windows supports multiple drives, such as C:. But that\u2019s not really what\u2019s seen under the hood. Behind the facade of the explorer shell and the Win32 API is another filesystem like structure, the object manager namespace. This is used to hold named resources such as devices and events, but crucially it has support for symbolic links. One of the main users of symbolic links is the aforementioned drive letters. If you look at the namespace using a tool such as [WinObj](<https://technet.microsoft.com/en-us/Library/bb896657.aspx>) you can find the drive letter symlinks and see them redirect to the real mounted device. \n\n** \n**\n\n\n\n** \n**\n\nWhile these symbolic links are supposed to be used only for system purposes it\u2019s possible to create them as a low privileged user, as long as you have access to the target area of the object manager namespace. While there\u2019s a few attacks which can be facilitated with them it\u2019s easiest to exploit in file attacks. An simple example is [CVE-2015-0055](<https://code.google.com/p/google-security-research/issues/detail?id=189>) which was an information disclosure issue in the IE EPM sandbox which abused symbolic links to bypass a security check. \n\n### Registry Key Symbolic Links\n\nThe Windows Registry is used to store configuration information for the system and isn\u2019t something which your normal user of Windows needs to worry about. While reasonably well documented it does have some features which the normal Win32 APIs do not document, one of which is unsurprisingly symbolic links between keys. This is used by the system to map in the current system configuration at boot time (the well known, [CurrentControlSet](<https://support.microsoft.com/en-us/kb/100010>)) but it\u2019s not really used outside of that. \n\n** \n**\n\n\n\n** \n**\n\nThe fact that a low privilege process can create these types of symbolic links has been abused before (see [MS10-020](<https://technet.microsoft.com/en-us/library/security/ms10-021.aspx>)) which removed the ability to create symbolic links between a untrusted registry hive such as the current user\u2019s hive and trusted system hive, but it didn\u2019t do anything to block the sandbox case where the symbolic link attacks the same user\u2019s hive at different privilege levels. An example of a vulnerability exploitable using this type of link was [CVE-2014-6322](<https://code.google.com/p/google-security-research/issues/detail?id=99&can=1&q=reporter%3Ame>) which was an issue with the Windows Audio Server which could be exploited from the IE EPM sandbox. \n\n### NTFS Mount Points\n\nThe final type of symbolic link allows a directory on the NTFS file system to be linked to another directory either on the same volume or on a completely different volume. It can\u2019t be used to directly link to a single file (at least without some tricks) but it\u2019s still useful. For example if you can find a privilege process which can be used to drop a file in a specified directory the write can be re-directed to somewhere the attacker controls. \n\n** \n**\n\n\n\n** \n**\n\nThe only requirement on creating the mount point is a writable handle to a directory on the filesystem which is usually easy enough to achieve. This is probably the most used type of symbolic link for vulnerability exploitation, at least being used against Chrome, IE, and Adobe Reader sandboxes before now. An example is [CVE-2014-0568](<https://code.google.com/p/google-security-research/issues/detail?id=94&can=1&q=reporter%3Ame>) which was an issue I found in Adobe Reader which allows you to create an arbitrary file which could be used to escape the sandbox. \n\n## Technical Details of Mitigations\n\nNow let\u2019s go into some technical details of the mitigations, what they do and what they don\u2019t. The root of all the mitigations is a new exported kernel function, RtlIsSandboxToken. This function determines if the current caller is considered to be in a sandbox, which in this case means either running at a integrity level below medium integrity or running within an AppContainer. The check is made by capturing the current subject context and calling SeAccessCheck with a Security Descriptor requiring medium integrity level. This shouldn\u2019t be easily bypassable. \n\n** \n**\n\nAt this point you might assume that all the mitigations will do is call the method when creating a symbolic link and refuse to create them, but due to application compatibility it isn\u2019t that simple. It\u2019s easy to find the interactions by looking at the reference to the function in IDA or similar. I\u2019ll briefly describe how each one is applied and compromises being made.\n\n** \n**\n\n\n\n### Registry Key Symbolic Link Mitigation (CVE-2015-2429)\n\nThe simplest mitigation implementation is for registry keys. Effectively a sandboxed process is not allowed to ever create a registry key symbolic link. This is implemented by calling RtlIsSandboxToken function when creating a new key (you need to specific a special flag when creating a key symbolic link). It\u2019s also called when setting the SymbolicLinkValue value which contains the link target. This second check is necessary to prevent modifying existing symbolic links, although it would be unlikely to be something found on a real system.\n\n### Object Manager Symbolic Link Mitigation (CVE-2015-2428)\n\nIf an application tries to create an object manager symbolic link from a sandbox process it will still seem to work, however if you look at where the check is called you\u2019ll find it doing something interesting. When the symbolic link is created the RtlIsSandboxToken function is called but the kernel doesn\u2019t immediately return an error. Instead it uses it to set a flag inside the symbolic link kernel object which indicates to the object manager a sandboxed process has created this link. \n\n** \n**\n\nThis flag is then used in the ObpParseSymbolicLink function which is called when the object manager is resolving the target of a symbolic link. The RtlIsSandboxToken is called again, if the current caller is not in a sandbox but the creator was in a sandbox then the kernel will return an error and not resolve the symbolic link, effective making the link useless for a sandboxed to unsandboxed elevation.\n\n** \n**\n\nThe behaviour is likely for applications running in AppContainers which might need to create symbolic links, but only other sandbox processes would need to follow the links. It\u2019s quite a pragmatic way of mitigating the issue without breaking application compatibility. However it does bring an additional performance cost, every time a symbolic link is resolved (such as the C: drive) an access check must be performed, presumably this has been measured to have a negligible impact. \n\n### NTFS Mount Point Mitigation (CVE-2015-2430)\n\nThe final mitigation is for NTFS mount points. In early technical previews of Windows 10 (I first spotted the change in 10130) the check was in the NTFS driver itself and explicitly blocked the creation of mount points from a sandboxed process. Again for presumably application compatibility reasons this restriction has been relaxed in the final release and the back ported mitigations. \n\n** \n**\n\nInstead of completely blocking creation the kernel function IopXxxControlFile has been modified so whenever it sees the FSCTL_SET_REPARSE_POINT file system control code being passed to a driver with a mount point reparse tag it tries to verify if the sandboxed caller has write access to the target directory. If access is not granted, or the directory doesn\u2019t exist then setting the mount point fails. This ensures that in the the majority of situations the sandboxed application couldn\u2019t elevate privileges, as it could already write to the directory already. There\u2019s obviously a theoretical issue in that the target could later be deleted and replaced by something important for a higher privileged process but that\u2019s not very likely to occur in a practical, reliable exploit. \n\n## Conclusions\n\nThese targeted mitigations gives a clear indication that bug hunting and disclosing the details of how to exploit certain types of vulnerabilities can lead into mitigation development, even if they\u2019re not traditional memory corruption bugs. While I didn\u2019t have a hand in the actual development of the mitigation It\u2019s likely my research was partially responsible for Microsoft acting to develop them. It\u2019s very interesting that 3 different approaches ended up being taken, reflecting the potential application compatibility issues which might arise.\n\n \n\n\nExcluding any bypasses which might come to light these should make entire classes of resource planting bugs unexploitable from a compromised sandboxed process and would make things like time-of-check time-of-use harder to exploit. Also it shows the level of effort that implementing mitigations without breaking backwards compatibility requires. The fact that these only target sandboxes and not system level escalation is particularly telling in this regard.\n", "modified": "2015-08-25T00:00:00", "published": "2015-08-25T00:00:00", "id": "GOOGLEPROJECTZERO:F06DB29D4493CE57606D1D984EFBC079", "href": "https://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mitigations.html", "type": "googleprojectzero", "title": "\nWindows 10^H^H Symbolic Link Mitigations\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-6337", "CVE-2014-6343", "CVE-2014-4143", "CVE-2014-4077", "CVE-2014-6350", "CVE-2014-6344", "CVE-2014-6332", "CVE-2014-6322", "CVE-2014-6341", "CVE-2014-6348", "CVE-2014-4076", "CVE-2014-6349", "CVE-2014-6351", "CVE-2014-6318", "CVE-2014-6323", "CVE-2014-6339", "CVE-2014-6345", "CVE-2014-6352", "CVE-2014-6342", "CVE-2014-6340", "CVE-2014-6347", "CVE-2014-4149", "CVE-2014-4118", "CVE-2014-6346", "CVE-2014-6317", "CVE-2014-6321", "CVE-2014-6353"], "description": "OLE code execution, Internet Explorer multiple vulnerabilities, Schannel code execution, XML Core Services code execution, TCP/IP privilege escalation, Windows Audio Service privilege escalation, .NET Framework privilege escalation, RDP restrictions bypass, IIS restrictions bypass, IME privilege escalation, kernel-mode drivers DoS.", "edition": 1, "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14090", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14090", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T12:03:35", "bulletinFamily": "info", "cvelist": ["CVE-2014-1814", "CVE-2014-4077", "CVE-2014-6324", "CVE-2014-0254", "CVE-2014-0323", "CVE-2014-1811", "CVE-2014-0266", "CVE-2014-1807", "CVE-2014-6332", "CVE-2014-6322", "CVE-2014-4971", "CVE-2014-0255", "CVE-2014-0296", "CVE-2014-0300", "CVE-2014-0317", "CVE-2014-1767", "CVE-2014-6355", "CVE-2014-4114", "CVE-2014-0316", "CVE-2014-1819", "CVE-2014-4076", "CVE-2014-0318", "CVE-2014-4113", "CVE-2014-6318", "CVE-2014-6532", "CVE-2014-2781", "CVE-2014-0315", "CVE-2014-2780", "CVE-2014-4148", "CVE-2014-1816", "CVE-2014-6352", "CVE-2014-4064", "CVE-2013-5065", "CVE-2014-1824", "CVE-2014-1812", "CVE-2014-0262", "CVE-2014-4115", "CVE-2014-0263", "CVE-2014-4060", "CVE-2014-4118", "CVE-2014-6317", "CVE-2014-0301", "CVE-2014-4074", "CVE-2014-6321", "CVE-2014-0256"], "description": "### *Detect date*:\n11/11/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nWindows XP Service pack 3 \nWindows XP Professional x64 Service Pack 3 \nWindows Server 2003 x86, x64, Itanium Service Pack 2 \nWindows Vista x86, x64 Service Pack 2 \nWindows Server 2008 x86, x64, Itanium Service Pack 2 \nWindows 7 x86, x64 Service Pack 1 \nWindows Server 2008 R2 x64, Itanium Service Pacl 1 \nWindows 8 x86, x64 \nWindows 8.1 x86, x64 \nWindows Server 2012 \nWindows Server 2012 R2 \nWindows RT \nWindows RT 8.1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2014-1816](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1816>) \n[CVE-2014-6532](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6532>) \n[CVE-2014-0266](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0266>) \n[CVE-2014-4076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4076>) \n[CVE-2014-6321](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6321>) \n[CVE-2014-6322](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6322>) \n[CVE-2014-6324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6324>) \n[CVE-2014-1767](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1767>) \n[CVE-2014-4077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4077>) \n[CVE-2014-4074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4074>) \n[CVE-2014-1807](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1807>) \n[CVE-2013-5065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-5065>) \n[CVE-2014-0300](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0300>) \n[CVE-2014-0323](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0323>) \n[CVE-2014-4971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4971>) \n[CVE-2014-0301](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0301>) \n[CVE-2014-0262](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0262>) \n[CVE-2014-0263](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0263>) \n[CVE-2014-4115](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4115>) \n[CVE-2014-4113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4113>) \n[CVE-2014-0315](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0315>) \n[CVE-2014-0316](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0316>) \n[CVE-2014-0317](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0317>) \n[CVE-2014-0255](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0255>) \n[CVE-2014-0318](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0318>) \n[CVE-2014-4118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4118>) \n[CVE-2014-6352](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6352>) \n[CVE-2014-6332](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6332>) \n[CVE-2014-0296](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0296>) \n[CVE-2014-0256](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0256>) \n[CVE-2014-1811](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1811>) \n[CVE-2014-0254](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0254>) \n[CVE-2014-1819](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1819>) \n[CVE-2014-6355](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6355>) \n[CVE-2014-2780](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-2780>) \n[CVE-2014-2781](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-2781>) \n[CVE-2014-1812](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1812>) \n[CVE-2014-4064](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4064>) \n[CVE-2014-6318](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6318>) \n[CVE-2014-1814](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1814>) \n[CVE-2014-4060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4060>) \n[CVE-2014-1824](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1824>) \n[CVE-2014-6317](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6317>) \n[CVE-2014-4114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4114>) \n[CVE-2014-4148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4148>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2014-1816](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1816>)4.3Warning \n[CVE-2014-6532](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532>)9.3Critical \n[CVE-2014-0266](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0266>)7.1High \n[CVE-2014-4076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4076>)7.2High \n[CVE-2014-6321](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6321>)10.0Critical \n[CVE-2014-6322](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6322>)4.3Warning \n[CVE-2014-6324](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6324>)9.0Critical \n[CVE-2014-1767](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1767>)7.2High \n[CVE-2014-4077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4077>)9.3Critical \n[CVE-2014-4074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4074>)6.8High \n[CVE-2014-1807](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1807>)7.2High \n[CVE-2013-5065](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065>)7.2High \n[CVE-2014-0300](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0300>)7.2High \n[CVE-2014-0323](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0323>)6.6High \n[CVE-2014-4971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4971>)7.2High \n[CVE-2014-0301](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0301>)9.3Critical \n[CVE-2014-0262](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0262>)7.2High \n[CVE-2014-0263](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0263>)9.3Critical \n[CVE-2014-4115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4115>)7.2High \n[CVE-2014-4113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4113>)7.2High \n[CVE-2014-0315](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0315>)6.9High \n[CVE-2014-0316](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0316>)7.5Critical \n[CVE-2014-0317](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0317>)5.4High \n[CVE-2014-0255](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0255>)5.0Critical \n[CVE-2014-0318](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0318>)7.2High \n[CVE-2014-4118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4118>)9.3Critical \n[CVE-2014-6352](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352>)9.3Critical \n[CVE-2014-6332](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332>)9.3Critical \n[CVE-2014-0296](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0296>)5.1High \n[CVE-2014-0256](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0256>)5.0Critical \n[CVE-2014-1811](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1811>)5.0Critical \n[CVE-2014-0254](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0254>)7.8Critical \n[CVE-2014-1819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1819>)7.2High \n[CVE-2014-6355](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6355>)5.0Critical \n[CVE-2014-2780](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2780>)6.9High \n[CVE-2014-2781](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2781>)7.6Critical \n[CVE-2014-1812](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1812>)6.8High \n[CVE-2014-4064](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4064>)4.9Warning \n[CVE-2014-6318](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6318>)5.0Critical \n[CVE-2014-1814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1814>)7.2High \n[CVE-2014-4060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4060>)6.8High \n[CVE-2014-1824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1824>)9.3Critical \n[CVE-2014-6317](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6317>)7.1High \n[CVE-2014-4114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4114>)9.3Critical \n[CVE-2014-4148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4148>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[2966631](<http://support.microsoft.com/kb/2966631>) \n[2957482](<http://support.microsoft.com/kb/2957482>) \n[2966061](<http://support.microsoft.com/kb/2966061>) \n[2939576](<http://support.microsoft.com/kb/2939576>) \n[2922229](<http://support.microsoft.com/kb/2922229>) \n[2973201](<http://support.microsoft.com/kb/2973201>) \n[2975689](<http://support.microsoft.com/kb/2975689>) \n[2957189](<http://support.microsoft.com/kb/2957189>) \n[3013126](<http://support.microsoft.com/kb/3013126>) \n[2969259](<http://support.microsoft.com/kb/2969259>) \n[2929961](<http://support.microsoft.com/kb/2929961>) \n[3010788](<http://support.microsoft.com/kb/3010788>) \n[2984615](<http://support.microsoft.com/kb/2984615>) \n[2914368](<http://support.microsoft.com/kb/2914368>) \n[3003743](<http://support.microsoft.com/kb/3003743>) \n[3002885](<http://support.microsoft.com/kb/3002885>) \n[2904659](<http://support.microsoft.com/kb/2904659>) \n[2961858](<http://support.microsoft.com/kb/2961858>) \n[3005607](<http://support.microsoft.com/kb/3005607>) \n[2962490](<http://support.microsoft.com/kb/2962490>) \n[2592687](<http://support.microsoft.com/kb/2592687>) \n[2966034](<http://support.microsoft.com/kb/2966034>) \n[2993958](<http://support.microsoft.com/kb/2993958>) \n[2988948](<http://support.microsoft.com/kb/2988948>) \n[2961072](<http://support.microsoft.com/kb/2961072>) \n[2926765](<http://support.microsoft.com/kb/2926765>) \n[2973932](<http://support.microsoft.com/kb/2973932>) \n[2962123](<http://support.microsoft.com/kb/2962123>) \n[2998579](<http://support.microsoft.com/kb/2998579>) \n[2989935](<http://support.microsoft.com/kb/2989935>) \n[2973906](<http://support.microsoft.com/kb/2973906>) \n[2961899](<http://support.microsoft.com/kb/2961899>) \n[2933826](<http://support.microsoft.com/kb/2933826>) \n[2962478](<http://support.microsoft.com/kb/2962478>) \n[2975685](<http://support.microsoft.com/kb/2975685>) \n[2975684](<http://support.microsoft.com/kb/2975684>) \n[2916036](<http://support.microsoft.com/kb/2916036>) \n[2975681](<http://support.microsoft.com/kb/2975681>) \n[2978742](<http://support.microsoft.com/kb/2978742>) \n[2933528](<http://support.microsoft.com/kb/2933528>) \n[2934418](<http://support.microsoft.com/kb/2934418>) \n[2993254](<http://support.microsoft.com/kb/2993254>) \n[2978668](<http://support.microsoft.com/kb/2978668>) \n[2974286](<http://support.microsoft.com/kb/2974286>) \n[2928120](<http://support.microsoft.com/kb/2928120>) \n[2991963](<http://support.microsoft.com/kb/2991963>) \n[2992611](<http://support.microsoft.com/kb/2992611>) \n[3000869](<http://support.microsoft.com/kb/3000869>) \n[3011443](<http://support.microsoft.com/kb/3011443>) \n[2923392](<http://support.microsoft.com/kb/2923392>) \n[2962488](<http://support.microsoft.com/kb/2962488>) \n[2918614](<http://support.microsoft.com/kb/2918614>) \n[2962485](<http://support.microsoft.com/kb/2962485>) \n[2889913](<http://support.microsoft.com/kb/2889913>) \n[2912390](<http://support.microsoft.com/kb/2912390>) \n[2962486](<http://support.microsoft.com/kb/2962486>) \n[2930275](<http://support.microsoft.com/kb/2930275>) \n[2919355](<http://support.microsoft.com/kb/2919355>) \n[2965788](<http://support.microsoft.com/kb/2965788>) \n[2972280](<http://support.microsoft.com/kb/2972280>) \n[2962073](<http://support.microsoft.com/kb/2962073>) \n[2971850](<http://support.microsoft.com/kb/2971850>) \n[2992719](<http://support.microsoft.com/kb/2992719>) \n[2993651](<http://support.microsoft.com/kb/2993651>) \n[3000061](<http://support.microsoft.com/kb/3000061>) \n[2913602](<http://support.microsoft.com/kb/2913602>) \n[2976897](<http://support.microsoft.com/kb/2976897>) \n[2973408](<http://support.microsoft.com/kb/2973408>) \n[3006226](<http://support.microsoft.com/kb/3006226>) \n[3011780](<http://support.microsoft.com/kb/3011780>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2014-11-11T00:00:00", "id": "KLA10601", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10601", "title": "\r KLA10601Multiple vulnerabilities in Microsoft products ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
