Microsoft Windows OpenType Fonts CVE-2015-2461 Remote Code Execution Vulnerability
2015-08-11T00:00:00
ID SMNTC-76209 Type symantec Reporter Symantec Security Response Modified 2015-08-11T00:00:00
Description
Description
Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
Technologies Affected
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8 for 32-bit Systems
Microsoft Windows 8 for x64-based Systems
Microsoft Windows 8.1 for 32-bit Systems
Microsoft Windows 8.1 for x64-based Systems
Microsoft Windows RT 8.1
Microsoft Windows RT
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 2
Recommendations
Block external access at the network boundary, unless external parties require service.
If global access isn't needed, block access at the network perimeter to computers hosting the vulnerable operating system.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Do not use client software to access unknown or untrusted hosts from critical systems.
To limit the risk of exploits, never connect to unknown or untrusted services.
Updates are available. Please see the references or vendor advisory for more information.
{"id": "SMNTC-76209", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Windows OpenType Fonts CVE-2015-2461 Remote Code Execution Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.\n\n### Technologies Affected\n\n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows RT \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Vista Service Pack 2 \n * Microsoft Windows Vista x64 Edition Service Pack 2 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, block access at the network perimeter to computers hosting the vulnerable operating system.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Do not use client software to access unknown or untrusted hosts from critical systems.** \nTo limit the risk of exploits, never connect to unknown or untrusted services.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2015-08-11T00:00:00", "modified": "2015-08-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/76209", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2015-2461"], "lastseen": "2018-03-12T00:30:45", "viewCount": 5, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2018-03-12T00:30:45", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-2461"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:5C156D23E1DF4EB0A974BD2BF63193F2"]}, {"type": "exploitdb", "idList": ["EDB-ID:37917"]}, {"type": "zdt", "idList": ["1337DAY-ID-24115"]}, {"type": "seebug", "idList": ["SSV:96249"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805081"]}, {"type": "mskb", "idList": ["KB3078662"]}, {"type": "nessus", "idList": ["SMB_NT_MS15-080.NASL"]}, {"type": "kaspersky", "idList": ["KLA10646"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14626"]}], "modified": "2018-03-12T00:30:45", "rev": 2}, "vulnersScore": 7.1}, "affectedSoftware": [{"version": "2 ", "name": "Microsoft Windows Vista x64 Edition Service Pack", "operator": "eq"}, {"version": "2012 R2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "10 for x64-based Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "8 for 32-bit Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2008 R2 for x64-based Systems SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "8.1 for 32-bit Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "8 for x64-based Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2008 for 32-bit Systems SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2 ", "name": "Microsoft Windows Vista Service Pack", "operator": "eq"}, {"version": "10 for 32-bit Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2012 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "7 for 32-bit Systems SP1 ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2008 for x64-based Systems SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "7 for x64-based Systems SP1 ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "8.1 for x64-based Systems ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2008 for Itanium-based Systems SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "8.1 ", "name": "Microsoft Windows RT", "operator": "eq"}, {"version": "2008 R2 for Itanium-based Systems SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}]}
{"cve": [{"lastseen": "2021-02-02T06:21:23", "description": "ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability,\" a different vulnerability than CVE-2015-2458 and CVE-2015-2459.", "edition": 4, "cvss3": {}, "published": "2015-08-15T00:59:00", "title": "CVE-2015-2461", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2461"], "modified": "2019-05-14T20:23:00", "cpe": ["cpe:/o:microsoft:windows_vista:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2015-2461", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2461", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-04-01T21:35:15", "description": "Exploit for windows platform in category dos / poc", "edition": 2, "published": "2015-08-21T00:00:00", "type": "zdt", "title": "Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-2461"], "modified": "2015-08-21T00:00:00", "id": "1337DAY-ID-24115", "href": "https://0day.today/exploit/description/24115", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=386&can=1\r\n \r\nWe have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as:\r\n \r\n---\r\nDRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)\r\nMemory was referenced after it was freed.\r\nThis cannot be protected by try-except.\r\nWhen possible, the guilty driver's name (Unicode string) is printed on\r\nthe bugcheck screen and saved in KiBugCheckDriver.\r\nArguments:\r\nArg1: fc937cdf, memory referenced\r\nArg2: 00000000, value 0 = read operation, 1 = write operation\r\nArg3: 91d75195, if non-zero, the address which referenced memory.\r\nArg4: 00000000, (reserved)\r\n \r\nDebugging Details:\r\n------------------\r\n \r\n \r\nCould not read faulting driver name\r\n \r\nREAD_ADDRESS: GetPointerFromAddress: unable to read from 827a784c\r\nUnable to read MiSystemVaType memory at 82786f00\r\n fc937cdf \r\n \r\nFAULTING_IP: \r\nATMFD+35195\r\n91d75195 803802 cmp byte ptr [eax],2\r\n \r\nMM_INTERNAL_CODE: 0\r\n \r\nDEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT\r\n \r\nBUGCHECK_STR: 0xD5\r\n \r\nPROCESS_NAME: csrss.exe\r\n \r\nCURRENT_IRQL: 0\r\n \r\nLAST_CONTROL_TRANSFER: from 91d7598d to 91d75195\r\n \r\nSTACK_TEXT: \r\nWARNING: Stack unwind information not available. Following frames may be wrong.\r\n8ba91638 91d7598d 8ba91890 00af0000 8ba91890 ATMFD+0x35195\r\n8ba91730 91d74ee4 8ba91890 00af0000 8ba9174c ATMFD+0x3598d\r\n8ba91834 91d75044 8ba91890 00af0000 8ba91968 ATMFD+0x34ee4\r\n8ba91868 91d4512a 00000000 8ba91890 00af0000 ATMFD+0x35044\r\n8ba91908 91d4718f 00000004 00000001 00000002 ATMFD+0x512a\r\n8ba91988 91d43c8e 00000000 00000000 98435600 ATMFD+0x718f\r\n8ba91a6c 91a67a9a 00000004 fc97efc0 fc95eff8 ATMFD+0x3c8e\r\n8ba91ab4 91a679ec 00000001 fc97efc0 fc95eff8 win32k!PDEVOBJ::LoadFontFile+0x3c\r\n8ba91af4 91a6742d ffa66130 00000019 fc97efc0 win32k!vLoadFontFileView+0x291\r\n8ba91b80 91a5641f 8ba91c58 00000019 00000001 win32k!PUBLIC_PFTOBJ::bLoadFonts+0x209\r\n8ba91bcc 91a57403 8ba91c58 00000019 00000001 win32k!GreAddFontResourceWInternal+0xfb\r\n8ba91d14 8267a896 000d3e78 00000019 00000001 win32k!NtGdiAddFontResourceW+0x142\r\n8ba91d14 779c70f4 000d3e78 00000019 00000001 nt!KiSystemServicePostCall\r\n002efa84 00000000 00000000 00000000 00000000 0x779c70f4\r\n---\r\n \r\nThe bugcheck is caused by an attempt to read memory from an unmapped address. The specific expression being dereferenced by ATMFD.DLL is \"base address of the Name INDEX data + NAME.offset[x] - 1\", however no bounds checking is performed over the value of NAME.offset[x] before using it for pointer arithmetic. To our current knowledge, this condition can only lead to an out-of-bounds read, thus limiting the impact of the bug to remote denial of service, or potentially local kernel memory disclosure. However, we have not fully confirmed that the severity of the bug is not in fact more significant due to some further ATMFD logic we are not aware of.\r\n \r\nThe issue reproduces on Windows 7 and 8.1. It is easiest to reproduce with Special Pools enabled for ATMFD.DLL (leading to an immediate crash when the bug is triggered), but it should also be possible to observe a crash on a default Windows installation in ATMFD.DLL.\r\n \r\nAttached is an archive with three proof of concept font files together with corresponding kernel crash logs.\r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37917.zip\n\n# 0day.today [2018-04-01] #", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/24115"}], "exploitdb": [{"lastseen": "2016-02-04T06:53:20", "description": "Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table. CVE-2015-2461. Dos exploit for windows platform", "published": "2015-08-21T00:00:00", "type": "exploitdb", "title": "Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-2461"], "modified": "2015-08-21T00:00:00", "id": "EDB-ID:37917", "href": "https://www.exploit-db.com/exploits/37917/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=386&can=1\r\n\r\nWe have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as:\r\n\r\n---\r\nDRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)\r\nMemory was referenced after it was freed.\r\nThis cannot be protected by try-except.\r\nWhen possible, the guilty driver's name (Unicode string) is printed on\r\nthe bugcheck screen and saved in KiBugCheckDriver.\r\nArguments:\r\nArg1: fc937cdf, memory referenced\r\nArg2: 00000000, value 0 = read operation, 1 = write operation\r\nArg3: 91d75195, if non-zero, the address which referenced memory.\r\nArg4: 00000000, (reserved)\r\n\r\nDebugging Details:\r\n------------------\r\n\r\n\r\nCould not read faulting driver name\r\n\r\nREAD_ADDRESS: GetPointerFromAddress: unable to read from 827a784c\r\nUnable to read MiSystemVaType memory at 82786f00\r\n fc937cdf \r\n\r\nFAULTING_IP: \r\nATMFD+35195\r\n91d75195 803802 cmp byte ptr [eax],2\r\n\r\nMM_INTERNAL_CODE: 0\r\n\r\nDEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT\r\n\r\nBUGCHECK_STR: 0xD5\r\n\r\nPROCESS_NAME: csrss.exe\r\n\r\nCURRENT_IRQL: 0\r\n\r\nLAST_CONTROL_TRANSFER: from 91d7598d to 91d75195\r\n\r\nSTACK_TEXT: \r\nWARNING: Stack unwind information not available. Following frames may be wrong.\r\n8ba91638 91d7598d 8ba91890 00af0000 8ba91890 ATMFD+0x35195\r\n8ba91730 91d74ee4 8ba91890 00af0000 8ba9174c ATMFD+0x3598d\r\n8ba91834 91d75044 8ba91890 00af0000 8ba91968 ATMFD+0x34ee4\r\n8ba91868 91d4512a 00000000 8ba91890 00af0000 ATMFD+0x35044\r\n8ba91908 91d4718f 00000004 00000001 00000002 ATMFD+0x512a\r\n8ba91988 91d43c8e 00000000 00000000 98435600 ATMFD+0x718f\r\n8ba91a6c 91a67a9a 00000004 fc97efc0 fc95eff8 ATMFD+0x3c8e\r\n8ba91ab4 91a679ec 00000001 fc97efc0 fc95eff8 win32k!PDEVOBJ::LoadFontFile+0x3c\r\n8ba91af4 91a6742d ffa66130 00000019 fc97efc0 win32k!vLoadFontFileView+0x291\r\n8ba91b80 91a5641f 8ba91c58 00000019 00000001 win32k!PUBLIC_PFTOBJ::bLoadFonts+0x209\r\n8ba91bcc 91a57403 8ba91c58 00000019 00000001 win32k!GreAddFontResourceWInternal+0xfb\r\n8ba91d14 8267a896 000d3e78 00000019 00000001 win32k!NtGdiAddFontResourceW+0x142\r\n8ba91d14 779c70f4 000d3e78 00000019 00000001 nt!KiSystemServicePostCall\r\n002efa84 00000000 00000000 00000000 00000000 0x779c70f4\r\n---\r\n\r\nThe bugcheck is caused by an attempt to read memory from an unmapped address. The specific expression being dereferenced by ATMFD.DLL is \"base address of the Name INDEX data + NAME.offset[x] - 1\", however no bounds checking is performed over the value of NAME.offset[x] before using it for pointer arithmetic. To our current knowledge, this condition can only lead to an out-of-bounds read, thus limiting the impact of the bug to remote denial of service, or potentially local kernel memory disclosure. However, we have not fully confirmed that the severity of the bug is not in fact more significant due to some further ATMFD logic we are not aware of.\r\n\r\nThe issue reproduces on Windows 7 and 8.1. It is easiest to reproduce with Special Pools enabled for ATMFD.DLL (leading to an immediate crash when the bug is triggered), but it should also be possible to observe a crash on a default Windows installation in ATMFD.DLL.\r\n\r\nAttached is an archive with three proof of concept font files together with corresponding kernel crash logs.\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37917.zip\r\n\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37917/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:33", "description": "\nMicrosoft Windows Kernel - ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table", "edition": 1, "published": "2017-06-23T00:00:00", "title": "Microsoft Windows Kernel - ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-2461"], "modified": "2017-06-23T00:00:00", "id": "EXPLOITPACK:5C156D23E1DF4EB0A974BD2BF63193F2", "href": "", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1213\n\nWe have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see below:\n\n---\nDRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (d6)\nN bytes of memory was allocated and more than N bytes are being referenced.\nThis cannot be protected by try-except.\nWhen possible, the guilty driver's name (Unicode string) is printed on\nthe bugcheck screen and saved in KiBugCheckDriver.\nArguments:\nArg1: fb69b01e, memory referenced\nArg2: 00000000, value 0 = read operation, 1 = write operation\nArg3: 8f635862, if non-zero, the address which referenced memory.\nArg4: 00000000, (reserved)\n\nDebugging Details:\n------------------\n\n[...]\n\nFAULTING_IP: \nATMFD+35862\n8f635862 803802 cmp byte ptr [eax],2\n\nMM_INTERNAL_CODE: 0\n\nCPU_COUNT: 4\n\nCPU_MHZ: da3\n\nCPU_VENDOR: GenuineIntel\n\nCPU_FAMILY: 6\n\nCPU_MODEL: 3e\n\nCPU_STEPPING: 4\n\nCPU_MICROCODE: 6,3e,4,0 (F,M,S,R) SIG: 19'00000000 (cache) 19'00000000 (init)\n\nDEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT\n\nBUGCHECK_STR: 0xD6\n\nPROCESS_NAME: csrss.exe\n\nCURRENT_IRQL: 2\n\nANALYSIS_SESSION_HOST: WIN7-32-VM\n\nANALYSIS_SESSION_TIME: 03-21-2017 10:49:20.0375\n\nANALYSIS_VERSION: 10.0.10586.567 x86fre\n\nLAST_CONTROL_TRANSFER: from 8f636088 to 8f635862\n\nSTACK_TEXT: \nWARNING: Stack unwind information not available. Following frames may be wrong.\n9625f538 8f636088 9625f790 05f70000 9625f790 ATMFD+0x35862\n9625f630 8f6355b1 9625f790 05f70000 9625f64c ATMFD+0x36088\n9625f734 8f635711 9625f790 05f70000 9625f868 ATMFD+0x355b1\n9625f768 8f6051b0 00000000 9625f790 05f70000 ATMFD+0x35711\n9625f808 8f607279 00000004 00000001 00000002 ATMFD+0x51b0\n9625f888 8f603d14 00000000 00000000 94bb3200 ATMFD+0x7279\n9625f96c 8f6e7b8d 00000004 fbad2fc0 fbadaff8 ATMFD+0x3d14\n9625f9b4 8f6e7adf 00000001 fbad2fc0 fbadaff8 win32k!PDEVOBJ::LoadFontFile+0x3c\n9625f9f4 8f6e74fc ffa6a130 0000002e fbad2fc0 win32k!vLoadFontFileView+0x291\n9625fa80 8f6d6403 9625fb58 0000002e 00000001 win32k!PUBLIC_PFTOBJ::bLoadFonts+0x209\n9625facc 8f6d73d8 9625fb58 0000002e 00000001 win32k!GreAddFontResourceWInternal+0xfb\n9625fc14 8164ddb6 000d9b78 0000002e 00000001 win32k!NtGdiAddFontResourceW+0x142\n9625fc14 77ad6c74 000d9b78 0000002e 00000001 nt!KiSystemServicePostCall\n---\n\nThe bugcheck is caused by an attempt to read memory from an unmapped address. The specific expression being dereferenced by ATMFD.DLL is \"base address of the Name INDEX data + NAME.offset[x] - 1\", however no bounds checking is performed over the value of NAME.offset[x] before using it for pointer arithmetic. To our current knowledge, this condition can only lead to an out-of-bounds read, thus limiting the impact of the bug to remote denial of service, or potentially local kernel memory disclosure. However, we have not fully confirmed that the severity of the bug is not in fact more significant due to some further ATMFD logic we are not aware of.\n\nInterestingly, the crash is almost identical to the one reported in Issue #386 (MSRC-30296) nearly two years ago, which was supposedly fixed as CVE-2015-2461 in the MS15-080 bulletin. The fact that the same bugcheck still reproduces can potentially mean that the patch was insufficient.\n\nOnly a single bitflip applied to a valid font file is sufficient to create an offending testcase (excluding SFNT table checksums). In our case, the byte at offset 0x375 in the original sample must be changed from 0x01 to 0x41. This corresponds to offset 0x71 of the \"CFF \" table. The PoC font can be found attached to this tracker entry.\n\nThe issue reproduces on Windows 7 (other platforms untested). It is easiest to reproduce with Special Pools enabled for ATMFD.DLL, leading to an immediate crash when the bug is triggered. The bugcheck occurs upon opening the font in any default utility such as the Windows Font Viewer -- no special tools are required.\n\n\nProof of Concept:\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42243.zip", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T11:57:18", "description": "We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see below:\r\n```\r\n---\r\nDRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (d6)\r\nN bytes of memory was allocated and more than N bytes are being referenced.\r\nThis cannot be protected by try-except.\r\nWhen possible, the guilty driver's name (Unicode string) is printed on\r\nthe bugcheck screen and saved in KiBugCheckDriver.\r\nArguments:\r\nArg1: fb69b01e, memory referenced\r\nArg2: 00000000, value 0 = read operation, 1 = write operation\r\nArg3: 8f635862, if non-zero, the address which referenced memory.\r\nArg4: 00000000, (reserved)\r\n\r\nDebugging Details:\r\n------------------\r\n\r\n[...]\r\n\r\nFAULTING_IP: \r\nATMFD+35862\r\n8f635862 803802 cmp byte ptr [eax],2\r\n\r\nMM_INTERNAL_CODE: 0\r\n\r\nCPU_COUNT: 4\r\n\r\nCPU_MHZ: da3\r\n\r\nCPU_VENDOR: GenuineIntel\r\n\r\nCPU_FAMILY: 6\r\n\r\nCPU_MODEL: 3e\r\n\r\nCPU_STEPPING: 4\r\n\r\nCPU_MICROCODE: 6,3e,4,0 (F,M,S,R) SIG: 19'00000000 (cache) 19'00000000 (init)\r\n\r\nDEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT\r\n\r\nBUGCHECK_STR: 0xD6\r\n\r\nPROCESS_NAME: csrss.exe\r\n\r\nCURRENT_IRQL: 2\r\n\r\nANALYSIS_SESSION_HOST: WIN7-32-VM\r\n\r\nANALYSIS_SESSION_TIME: 03-21-2017 10:49:20.0375\r\n\r\nANALYSIS_VERSION: 10.0.10586.567 x86fre\r\n\r\nLAST_CONTROL_TRANSFER: from 8f636088 to 8f635862\r\n\r\nSTACK_TEXT: \r\nWARNING: Stack unwind information not available. Following frames may be wrong.\r\n9625f538 8f636088 9625f790 05f70000 9625f790 ATMFD+0x35862\r\n9625f630 8f6355b1 9625f790 05f70000 9625f64c ATMFD+0x36088\r\n9625f734 8f635711 9625f790 05f70000 9625f868 ATMFD+0x355b1\r\n9625f768 8f6051b0 00000000 9625f790 05f70000 ATMFD+0x35711\r\n9625f808 8f607279 00000004 00000001 00000002 ATMFD+0x51b0\r\n9625f888 8f603d14 00000000 00000000 94bb3200 ATMFD+0x7279\r\n9625f96c 8f6e7b8d 00000004 fbad2fc0 fbadaff8 ATMFD+0x3d14\r\n9625f9b4 8f6e7adf 00000001 fbad2fc0 fbadaff8 win32k!PDEVOBJ::LoadFontFile+0x3c\r\n9625f9f4 8f6e74fc ffa6a130 0000002e fbad2fc0 win32k!vLoadFontFileView+0x291\r\n9625fa80 8f6d6403 9625fb58 0000002e 00000001 win32k!PUBLIC_PFTOBJ::bLoadFonts+0x209\r\n9625facc 8f6d73d8 9625fb58 0000002e 00000001 win32k!GreAddFontResourceWInternal+0xfb\r\n9625fc14 8164ddb6 000d9b78 0000002e 00000001 win32k!NtGdiAddFontResourceW+0x142\r\n9625fc14 77ad6c74 000d9b78 0000002e 00000001 nt!KiSystemServicePostCall\r\n---\r\n```\r\nThe bugcheck is caused by an attempt to read memory from an unmapped address. The specific expression being dereferenced by ATMFD.DLL is \"base address of the Name INDEX data + NAME.offset[x] - 1\", however no bounds checking is performed over the value of NAME.offset[x] before using it for pointer arithmetic. To our current knowledge, this condition can only lead to an out-of-bounds read, thus limiting the impact of the bug to remote denial of service, or potentially local kernel memory disclosure. However, we have not fully confirmed that the severity of the bug is not in fact more significant due to some further ATMFD logic we are not aware of.\r\n\r\nInterestingly, the crash is almost identical to the one reported in [Issue #386](https://bugs.chromium.org/p/project-zero/issues/detail?id=386) (MSRC-30296) nearly two years ago, which was supposedly fixed as CVE-2015-2461 in the MS15-080 bulletin. The fact that the same bugcheck still reproduces can potentially mean that the patch was insufficient.\r\n\r\nOnly a single bitflip applied to a valid font file is sufficient to create an offending testcase (excluding SFNT table checksums). In our case, the byte at offset 0x375 in the original sample must be changed from 0x01 to 0x41. This corresponds to offset 0x71 of the \"CFF \" table. The PoC font can be found attached to this tracker entry.\r\n\r\nThe issue reproduces on Windows 7 (other platforms untested). It is easiest to reproduce with Special Pools enabled for ATMFD.DLL, leading to an immediate crash when the bug is triggered. The bugcheck occurs upon opening the font in any default utility such as the Windows Font Viewer -- no special tools are required.\r\n\r\n[poc.otf](https://bugs.chromium.org/p/project-zero/issues/attachment?aid=276076)", "published": "2017-06-27T00:00:00", "type": "seebug", "title": "Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table(CVE-2017-8483)", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-2461", "CVE-2017-8483"], "modified": "2017-06-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96249", "id": "SSV:96249", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-06-10T19:49:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2456", "CVE-2015-2433", "CVE-2015-2455", "CVE-2015-2460", "CVE-2015-2435", "CVE-2015-2465", "CVE-2015-2459", "CVE-2015-2462", "CVE-2015-2461", "CVE-2015-2454", "CVE-2015-2432", "CVE-2015-2464", "CVE-2015-2463", "CVE-2015-2453", "CVE-2015-2458"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-080.", "modified": "2020-06-09T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:1361412562310805081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805081", "type": "openvas", "title": "Microsoft Graphics Component Remote Code Executioon Vulnerabilities (3078662)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Graphics Component Remote Code Executioon Vulnerabilities (3078662)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805081\");\n script_version(\"2020-06-09T05:48:43+0000\");\n script_cve_id(\"CVE-2015-2432\", \"CVE-2015-2458\", \"CVE-2015-2459\", \"CVE-2015-2460\",\n \"CVE-2015-2461\", \"CVE-2015-2462\", \"CVE-2015-2435\", \"CVE-2015-2455\",\n \"CVE-2015-2456\", \"CVE-2015-2463\", \"CVE-2015-2464\", \"CVE-2015-2433\",\n \"CVE-2015-2453\", \"CVE-2015-2454\", \"CVE-2015-2465\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 05:48:43 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-12 11:28:42 +0530 (Wed, 12 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Graphics Component Remote Code Executioon Vulnerabilities (3078662)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-080.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the Windows Adobe Type\n Manager Library improperly handles specially crafted OpenType fonts.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code. Failed exploit attempts will result in\n a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8 x32/x64\n\n - Microsoft Windows 10 x32/x64\n\n - Microsoft Windows Server 2012/R2\n\n - Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows 7 x32/x64 Service Pack 1 and prior\n\n - Microsoft Windows Vista x32/x64 Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior\n\n - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3078662\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-080\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2,\n win2008:3, win2008r2:2, win8:1, win8x64:1, win2012:1,\n win2012R2:1, win8_1:1, win8_1x64:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\nuserVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Atmfd.dll\");\nif(!userVer){\n exit(0);\n}\n\n## Win 8.1 and win2012R2\nif(hotfix_check_sp(winVista:3, win2008:3, win7:2, win7x64:2, win2008r2:2, win8:1,\n win8x64:1, win2012:1, win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:userVer, test_version:\"5.1.2.244\")){\n report = report_fixed_ver(installed_version:userVer, fixed_version:\"5.1.2.244\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:userVer, test_version:\"5.1.2.243\")){\n report = report_fixed_ver(installed_version:userVer, fixed_version:\"5.1.2.243\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:40:04", "bulletinFamily": "microsoft", "cvelist": ["CVE-2015-2456", "CVE-2015-2433", "CVE-2015-2455", "CVE-2015-2460", "CVE-2015-2431", "CVE-2015-2435", "CVE-2015-2465", "CVE-2015-2459", "CVE-2015-2462", "CVE-2015-2461", "CVE-2015-2454", "CVE-2015-2432", "CVE-2015-2464", "CVE-2015-2463", "CVE-2015-2453", "CVE-2015-2458"], "description": "<html><body><p>Resolves vulnerabilities in the Microsoft .NET Framework and Microsoft Silverlight that could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded TrueType or OpenType fonts.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, the Microsoft .NET Framework, Microsoft Lync, and Microsoft Silverlight. These vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded TrueType or OpenType fonts. To learn more about the vulnerability, see <a href=\"https://technet.microsoft.com/library/security/ms15-080\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS15-080</a>.<br/></div><h2></h2><div class=\"kb-moreinformation-section section\"><span class=\"text-base\"><br/>Important</span><ul class=\"sbody-free_list\"><li>All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-3\" target=\"_self\">2919355</a> to be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-4\" target=\"_self\">2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates. </li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</li></ul></div><h2>Additional information about this security update</h2><div class=\"kb-moreinformation-section section\">The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. <br/><br/><h4 class=\"sbody-h4\">Windows</h4><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3078601\" id=\"kb-link-6\">3078601 </a> MS15-080: Description of the security update for Windows: August 11, 2015</li></ul><br/><br/><h4 class=\"sbody-h4\">Microsoft Office</h4><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3054846\" id=\"kb-link-7\">3054846 </a> MS15-080: Description of the security update for Office 2010: August 11, 2015</li><li><a href=\"https://support.microsoft.com/en-us/help/3054890\" id=\"kb-link-8\">3054890 </a> MS15-080: Description of the security update for the 2007 Microsoft Office Suite: August 11, 2015</li></ul><br/><br/><h4 class=\"sbody-h4\">The Microsoft .NET Framework and Microsoft Silverlight</h4><h5 class=\"sbody-h5 text-subtitle\">Microsoft Silverlight 5</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3080333\" id=\"kb-link-9\">3080333 </a> MS15-080: Description of the security update for Silverlight 5: August 11, 2015</li></ul><br/><h5 class=\"sbody-h5 text-subtitle\">The Microsoft .NET Framework 4.6 and 4.6 RC</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3072311\" id=\"kb-link-10\">3072311 </a> MS15-080: Description of the security update for the .NET Framework 4.6 and 4.6 RC on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: August 11, 2015</li></ul><br/><h5 class=\"sbody-h5 text-subtitle\">The Microsoft .NET Framework 4.5/4.5.1/4.5.2</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3072310\" id=\"kb-link-11\">3072310 </a> MS15-080: Description of the security update for the .NET Framework 4.5/4.5.1/4.5.2 on Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2: August 11, 2015</li></ul><h5 class=\"sbody-h5 text-subtitle\">The Microsoft .NET Framework 4</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3072309\" id=\"kb-link-12\">3072309 </a> MS15-080: Description of the security update for the .NET Framework 4 on Windows Vista and Windows Server 2008: August 11, 2015</li></ul><h5 class=\"sbody-h5 text-subtitle\">The Microsoft .NET Framework 3.5.1</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3072305\" id=\"kb-link-13\">3072305 </a> MS15-080: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: August 11, 2015</li></ul><h5 class=\"sbody-h5 text-subtitle\">The Microsoft .NET Framework 3.5</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3072307\" id=\"kb-link-14\">3072307 </a> MS15-080: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 11, 2015</li><li><a href=\"https://support.microsoft.com/en-us/help/3072306\" id=\"kb-link-15\">3072306 </a> MS15-080: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: August 11, 2015</li></ul><h5 class=\"sbody-h5 text-subtitle\">The Microsoft .NET Framework 3.0</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3072303\" id=\"kb-link-16\">3072303 </a> MS15-080: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: August 11, 2015</li></ul><h4 class=\"sbody-h4\">Microsoft Lync and Live Meeting</h4><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3055014\" id=\"kb-link-17\">3055014 </a> MS15-080: Description of the security update for Microsoft Lync 2013: August 11, 2015</li><li><a href=\"https://support.microsoft.com/en-us/help/3075590\" id=\"kb-link-18\">3075590 </a> MS15-080: Description of the security update for Lync 2010 Attendee (administrator-level installation): August 11, 2015</li><li><a href=\"https://support.microsoft.com/en-us/help/3075592\" id=\"kb-link-19\">3075592 </a> MS15-080: Description of the security update for Lync 2010 Attendee (user-level installation): August 11, 2015</li><li><a href=\"https://support.microsoft.com/en-us/help/3075593\" id=\"kb-link-20\">3075593 </a> MS15-080: Description of the security update for Lync 2010: August 11, 2015</li><li><a href=\"https://support.microsoft.com/en-us/help/3075591\" id=\"kb-link-21\">3075591 </a> MS15-080: Description of the security update for Live Meeting Console: August 11, 2015</li><li><a href=\"https://support.microsoft.com/en-us/help/3079743\" id=\"kb-link-22\">3079743 </a> MS15-080: Description of the security update for Live Meeting Add-in: August 11, 2015</li></ul></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows Vista (all editions)</h4><span class=\"text-base\">Reference Table<br/><br/></span>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3078601-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.0 Service Pack 2 when installed on all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3072303-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4 when installed on all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">NDP40-KB3072309-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.5/4.5.1/4.5.2 when installed on all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">NDP45-KB3072310-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.6 RC and 4.6 when installed on all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">NDP46-KB3072311-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3078601-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.0 Service Pack 2 when installed on all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3072303-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4 when installed on all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">NDP40-KB3072309-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.5/4.5.1/4.5.2 when installed on all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">NDP45-KB3072310-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.6 RC and 4.6 when installed on all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">NDP46-KB3072311-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">For Microsoft Windows, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/934307\" id=\"kb-link-24\">934307 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/2844699\" id=\"kb-link-25\">2844699 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">For Windows Vista:<br/>Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.0 Service Pack 2:<br/>Microsoft .NET Framework 3.0-KB3072303_*-msi0.txt<br/>Microsoft .NET Framework 3.0-KB3072303_*.html</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4:<br/>KB3072309_*_*-Microsoft .NET Framework 4 Client Profile-MSP0.txt<br/>KB3072309_*_*.html</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.5/4.5.1/4.5.2:<br/>KB3072310_*_*-Microsoft .NET Framework <span class=\"sbody-italic\">[.NET target version]</span>-MSP0.txt<br/>KB3072310_*_*.html</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.6 RC and 4.6:<br/>KB3072311_*_*-Microsoft .NET Framework <span class=\"sbody-italic\">[.NET target version]</span>-MSP0.txt<br/>KB3072311_*_*.html</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">For Windows Vista:<br/>Yes, you must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">For Windows Vista: <br/>WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>Click<span class=\"text-base\"> Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3078601\" id=\"kb-link-26\">3078601 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072303\" id=\"kb-link-27\">3072303 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072309\" id=\"kb-link-28\">3072309 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072310\" id=\"kb-link-29\">3072310 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072311\" id=\"kb-link-30\">3072311 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">For Windows Vista: <br/>A registry key does not exist to validate the presence of this update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.0 Service Pack 2:<br/>A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update. HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework 3.0 Service Pack 2\\SP2\\KB3072303<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4 when installed on all supported 32-bit editions of Windows Vista:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework 4 Client Profile\\KB3072309<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4 when installed on all supported x64-based editions of Windows Vista:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Updates\\Microsoft .NET Framework 4 Client Profile\\KB3072309<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.5/4.5.1/4.5.2:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework <span class=\"sbody-italic\">[.NET target version]</span>\\KB3072310<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.6 RC and 4.6:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework 4.6\\KB3072311<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3078601-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2:<br/><span class=\"text-base\">Windows6.0-KB3072303-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4 when installed on all supported 32-bit editions of Windows Server 2008 Service Pack 2:<br/><span class=\"text-base\">NDP40-KB3072309-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.5/4.5.1/4.5.2 when installed on all supported 32-bit editions of Windows Server 2008 Service Pack 2:<br/><span class=\"text-base\">NDP45-KB3072310-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.6 RC and 4.6 when installed on all supported 32-bit editions of Windows Server 2008 Service Pack 2:<br/><span class=\"text-base\">NDP46-KB3072311-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3078601-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2:<br/><span class=\"text-base\">Windows6.0-KB3072303-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4 when installed on all supported x64-based editions of Windows Server 2008 Service Pack 2:<br/><span class=\"text-base\">NDP40-KB3072309-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.5/4.5.1/4.5.2 on all supported x64-based editions of Windows Server 2008 Service Pack 2:<br/><span class=\"text-base\">NDP45-KB3072310-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.6 RC and 4.6 on all supported x64-based editions of Windows Server 2008 Service Pack 2:<br/><span class=\"text-base\">NDP46-KB3072311-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3078601-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">For Microsoft Windows, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/934307\" id=\"kb-link-31\">934307 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/2844699\" id=\"kb-link-32\">2844699 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">For Windows Server 2008:<br/>Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.0 Service Pack 2:<br/>Microsoft .NET Framework 3.0-KB3072303_*-msi0.txt<br/>Microsoft .NET Framework 3.0-KB3072303_*.html</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4:<br/>KB3072309_*_*-Microsoft .NET Framework 4 Client Profile-MSP0.txt<br/>KB3072309_*_*.html</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.5/4.5.1/4.5.2:<br/>KB3048077_*_*-Microsoft .NET Framework <span class=\"sbody-italic\">[.NET target version]</span>-MSP0.txt<br/>KB3072310_*_*.html</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.6 RC and 4.6:<br/>KB3072311_*_*-Microsoft .NET Framework <span class=\"sbody-italic\">[.NET target version]</span>-MSP0.txt<br/>KB3072311_*_*.html</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">For Windows Server 2008:<br/>Yes, you must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">For Windows Server 2008: <br/>WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>Click<span class=\"text-base\"> Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3078601\" id=\"kb-link-33\">3078601 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072303\" id=\"kb-link-34\">3072303 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072309\" id=\"kb-link-35\">3072309 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072310\" id=\"kb-link-36\">3072310 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072311\" id=\"kb-link-37\">3072311 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">For Windows Server 2008: <br/>A registry key does not exist to validate the presence of this update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.0 Service Pack 2:<br/>A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework 3.0 Service Pack 2\\SP2\\KB3048068<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4 when installed on all supported 32-bit editions of Windows Server 2008:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework 4 Client Profile\\KB3072309<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4 when installed on all supported x64-based editions of Windows Server 2008:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Updates\\Microsoft .NET Framework 4 Client Profile\\KB3072309<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.5/4.5.1/4.5.2:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework <span class=\"sbody-italic\">[.NET target version]</span>\\KB3072310<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 4.6 RC and 4.6:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework 4.6\\KB3072311<br/>\"ThisVersionInstalled\" = \"Y\"</td></tr></table></div><h4 class=\"sbody-h4\">Windows 7 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3078601-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5.1 on all supported 32-bit editions of Windows 7 Service Pack 1:<br/><span class=\"text-base\">Windows6.1-KB3072305-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3078601-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5.1 on all supported x64-based editions of Windows 7 Service Pack 1:<br/><span class=\"text-base\">Windows6.1-KB3072305-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">For Microsoft Windows, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/934307\" id=\"kb-link-38\">934307 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/2844699\" id=\"kb-link-39\">2844699 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">For Windows 7:<br/>Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5.1:<br/>Not applicable. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">For Windows 7:<br/>Yes, you must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">For Windows 7:<br/>To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System</span> and <span class=\"text-base\">Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3078601\" id=\"kb-link-40\">3078601 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072305\" id=\"kb-link-41\">3072305 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">For Windows 7:<br/>A registry key does not exist to validate the presence of this update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5.1:<br/><br/>A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update. </td></tr></table></div><h4 class=\"sbody-h4\"> Windows Server 2008 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3078601-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5.1 on all supported x64-based editions of Windows Server 2008 R2 Service Pack 1:<br/><span class=\"text-base\">Windows6.1-KB3072305-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3078601-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">For Microsoft Windows, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/934307\" id=\"kb-link-42\">934307 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/2844699\" id=\"kb-link-43\">2844699 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">For Windows Server 2008 R2:<br/>Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5.1:<br/>Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">For Windows Server 2008 R2:<span class=\"text-base\"><br/></span>Yes, you must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">For Windows Server 2008 R2:<span class=\"text-base\"><br/></span>To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall </span>setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System</span> and <span class=\"text-base\">Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3078601\" id=\"kb-link-44\">3078601 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072305\" id=\"kb-link-45\">3072305 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">For Windows Server 2008 R2:<span class=\"text-base\"><br/></span>A registry key does not exist to validate the presence of this update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5.1:<br/>A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update. </td></tr></table></div><h4 class=\"sbody-h4\">Windows 8 and Windows 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3078601-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5 on Windows 8 for 32-bit Systems:<br/><span class=\"text-base\">Windows8-RT-KB3072306-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3078601-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5 on Windows 8 for x64-based Systems:<br/><span class=\"text-base\">Windows8-RT-KB3072306-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3078601-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit Systems:<br/><span class=\"text-base\">Windows8.1-KB3072307-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3078601-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based Systems:<br/><span class=\"text-base\">Windows8.1-KB3072307-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">For Microsoft Windows, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/934307\" id=\"kb-link-46\">934307 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/2844699\" id=\"kb-link-47\">2844699 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">For Windows 8 and Windows 8.1:<span class=\"text-base\"><br/></span>Yes, you must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">For Windows 8 and Windows 8.1:<br/>To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall </span>setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View update history</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3078601\" id=\"kb-link-48\">3078601 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072306\" id=\"kb-link-49\">3072306 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072307\" id=\"kb-link-50\">3072307 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Registry keys do not exist to validate the presence of these updates. </td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 and Windows Server 2012 R2 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3078601-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5 on Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3072306-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3078601-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5 on Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3072307-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">For Microsoft Windows, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/934307\" id=\"kb-link-51\">934307 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/2844699\" id=\"kb-link-52\">2844699 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">For Windows Server 2012 and Windows Server 2012 R2:<span class=\"text-base\"><br/></span>Yes, you must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">For Windows Server 2012 and Windows Server 2012 R2:<span class=\"text-base\"><br/></span>To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View update history</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3078601\" id=\"kb-link-53\">3078601 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072306\" id=\"kb-link-54\">3072306 </a><br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3072307\" id=\"kb-link-55\">3072307 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Registry keys do not exist to validate the presence of these updates. </td></tr></table></div><h4 class=\"sbody-h4\">Windows RT and Windows RT 8.1 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">The 3078601 update is available via <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-56\" target=\"_self\">Windows Update</a> only. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File Information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3078601\" id=\"kb-link-57\">3078601 </a></td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2007 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Microsoft Office 2007:<br/><span class=\"text-base\">ogl2007-kb3054890-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/912203\" id=\"kb-link-58\">912203 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. <br/><br/>To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/887012\" id=\"kb-link-59\">887012 </a>. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3054890\" id=\"kb-link-60\">3054890 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2010 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Microsoft Office 2010 (32-bit editions):<br/><span class=\"text-base\">ogl2010-kb3054846-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported editions of Microsoft Office 2010 (64-bit editions):<br/><span class=\"text-base\">ogl2010-kb3054846-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/912203\" id=\"kb-link-61\">912203 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. <br/><br/>To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/887012\" id=\"kb-link-62\">887012 </a>. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3054846\" id=\"kb-link-63\">3054846 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Live Meeting 2007, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), and Microsoft Lync Basic 2013 (Skype for Business Basic)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Microsoft Live Meeting 2007 Console (3075591):<br/><span class=\"text-base\">LMSetup.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 (32-bit) (3075593):<br/><span class=\"text-base\">lync.msp</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 (64-bit) (3075593):<br/><span class=\"text-base\">lync.msp</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 Attendee (user level install) (3075592):<br/><span class=\"text-base\">AttendeeUser.msp</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 Attendee (admin level install) (3075590):<br/><span class=\"text-base\">AttendeeAdmin.msp</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported editions of Microsoft Lync 2013 (Skype for Business) (32-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (32-bit):<br/><span class=\"text-base\">lync2013-kb3055014-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported editions of Microsoft Lync 2013 (Skype for Business) (64-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (64-bit):<br/><span class=\"text-base\">lync2013-kb3055014-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/912203\" id=\"kb-link-64\">912203 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. <br/><br/>To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/887012\" id=\"kb-link-65\">887012 </a>. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File Information</span></td><td class=\"sbody-td\">For Microsoft Live Meeting 2007 Console:<br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3075591\" id=\"kb-link-66\">3075591 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported editions of Microsoft Lync 2010:<br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3075593\" id=\"kb-link-67\">3075593 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 Attendee (user level install):<br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3075592\" id=\"kb-link-68\">3075592 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 Attendee (admin level install):<br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3075590\" id=\"kb-link-69\">3075590 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic):<br/>See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3039779\" id=\"kb-link-70\">3039779 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry Key Verification</span></td><td class=\"sbody-td\">For Microsoft Live Meeting 2007 Console:<br/>Not applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 (32-bit):<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}<br/>Version = <span class=\"text-base\">7577.4476</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 (64-bit):<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}<br/>Version = <span class=\"text-base\">7577.4476</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 Attendee (admin level install):<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\94E53390F8C13794999249B19E6CFE33\\InstallProperties\\DisplayVersion = <span class=\"text-base\">4.0. 7577.4476</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2010 Attendee (user level install):<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}<br/>Version = <span class=\"text-base\">7577.4476</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):<br/>Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Silverlight 5 for Mac (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Microsoft Silverlight 5 when installed on Mac:<br/><span class=\"text-base\">Silverlight.dmg</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Silverlight 5 Developer Runtime when installed on Mac:<br/><span class=\"text-base\">silverlight_developer.dmg</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">This update does not require a restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Open the Finder, select the system drive, go to the folder <span class=\"text-base\">Internet Plug-ins - Library</span>, and delete the file, <span class=\"text-base\">Silverlight.Plugin</span>. (Note that the update cannot be removed without removing the Silverlight plug-in.)</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3080333\" id=\"kb-link-71\">3080333 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation verification</span></td><td class=\"sbody-td\">See the <span class=\"text-base\">Update FAQ</span> section in this bulletin that addresses the question, \"How do I know which version and build of Microsoft Silverlight is currently installed?\"</td></tr></table></div><h4 class=\"sbody-h4\">Silverlight 5 for Windows (all supported releases)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Microsoft Silverlight 5 when installed on all supported 32-bit releases of Microsoft Windows:<br/><span class=\"text-base\">silverlight.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Silverlight 5 Developer Runtime when installed on all supported 32-bit releases of Microsoft Windows:<br/><span class=\"text-base\">silverlight_developer.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Silverlight 5 when installed on all supported 64-bit releases of Microsoft Windows:<br/><span class=\"text-base\">silverlight_x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Silverlight 5 Developer Runtime when installed on all supported 64-bit releases of Microsoft Windows:<br/><span class=\"text-base\">silverlight_developer_x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See the <a href=\"http://download.microsoft.com/download/c/d/5/cd5aaae3-21f7-47a8-b7d5-39e36baf9ac8/silverlight_deployment_guide.docx\" id=\"kb-link-72\" target=\"_self\">Silverlight Enterprise Deployment Guide</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">This update does not require a restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel. (Note that the update cannot be removed without removing Silverlight.)</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See Microsoft Knowledge Base Article <a href=\"https://support.microsoft.com/en-us/help/3080333\" id=\"kb-link-73\">3080333 </a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">For 32-bit installations of Microsoft Silverlight 5:<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Silverlight \"Version\" = \"5.1.40714.0\"</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For 64-bit installations of Microsoft Silverlight 5: <br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Silverlight \"Version\" = \"5.1.40714.0\"<br/>and<br/>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Silverlight \"Version\" = \"5.1.40714.0\"</td></tr></table></div><br/><h4 class=\"sbody-h4\">Windows 10 (all editions)</h4><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10:<br/><span class=\"text-base\">KB3081436-Win10-RTM-X86-TSL.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5 on all supported 32-bit editions of Windows 10:<br/><span class=\"text-base\">KB3081436-Win10-RTM-X86-TSL.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10:<br/><span class=\"text-base\">KB</span><span class=\"text-base\">3081436</span><span class=\"text-base\">-Win10-RTM-X64-TSL.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework 3.5 on all supported x64-based editions of Windows 10:<br/><span class=\"text-base\">KB</span><span class=\"text-base\">3081436</span><span class=\"text-base\">-Win10-RTM-X64-TSL.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">For Microsoft Windows, see <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-74\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework, see <a href=\"https://support.microsoft.com/help/2844699\" id=\"kb-link-75\" target=\"_self\">Microsoft Knowledge Base Article 2844699</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">For Windows 10:<br/>Yes, you must restart your system after you apply this security update. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">For Windows 10:<br/>To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft .NET Framework:<br/>Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System</span> and <span class=\"text-base\">Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3081436\" id=\"kb-link-76\" target=\"_self\">Microsoft Knowledge Base Article 3081436</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Registry keys do not exist to validate the presence of these updates. </td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3072305-x86.msu</td><td class=\"sbody-td\">6B644311BBB9A149B56BF9627D3C81C49F15D3AD</td><td class=\"sbody-td\">413C9588E717FD6C3F44882CEFA4712C30A7381E74F2ADD17B0053B36F24EA06</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3072306-x64.msu</td><td class=\"sbody-td\">B3AEC59329A262898CAEDD2C89B91910D42FFADC</td><td class=\"sbody-td\">9DA1323300FEBB3597E9752C866E87CECF98376F3EE5D66DE29D1E6011A673C3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP45-KB3072310-x64.exe</td><td class=\"sbody-td\">EFD601C2832974E3DD4C9621E73626B468FECA67</td><td class=\"sbody-td\">A9A9CD473B2059D43B5C40DFD34DAD437E00C5B495B075725AADB639F4F08540</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3072307-x86.msu</td><td class=\"sbody-td\">F97425B4CCDF7A771A1BCDCED6E4EE3AC0342468</td><td class=\"sbody-td\">CBC2A1D3B026C0927BE87D693C7E3A346A418984A66FB365B083408160376115</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP30SP2-KB3072308-x86.exe</td><td class=\"sbody-td\">75A0782CEE3AC5EC0F81CB7427585F09B9593029</td><td class=\"sbody-td\">917EEF8F2560EC45BFCF2459BC2B0B732FC35899F7B7B3C0633730AA4EB13220</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3072305-x64.msu</td><td class=\"sbody-td\">ED204EB0A76EE10B1E2CA4E025F574AB12782F42</td><td class=\"sbody-td\">4B8B90FFF399F086DF4C99028E8C8F6CFCA52065D97311E9319322AF576A4DF4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP46-KB3072311-x64.exe</td><td class=\"sbody-td\">02A63966DCDB747932D74C0621BE7AAB66DA6FF1</td><td class=\"sbody-td\">D5EDE205951DDAAC9F04F60B65A22C1ED3425140694FDA08F39CBF66EBB141CD</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP46-KB3072311-x86.exe</td><td class=\"sbody-td\">5783CEF69FDBC634BDF6868CC6BBE57A7E7F08AE</td><td class=\"sbody-td\">49043D7AAD7E4698A82B96028ABE80A4BEAE028A8642B121ED0CFA85B05633BF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3072303-x86.msu</td><td class=\"sbody-td\">C0855B492B4FBBF39DC63F2F998B7D6331F9D0D8</td><td class=\"sbody-td\">205A148ACE6F66959C166B00C8C8CE4B61669AD2EE42AE3DCD81F44E676C5119</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3072305-x64.msu</td><td class=\"sbody-td\">E1B0DCF4FFCD8101E2D191EFF934B087EF1AF806</td><td class=\"sbody-td\">1495902BD039583A625CE25D712FF677854EC9391DF9712182BAB28C289360F7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3072306-x64.msu</td><td class=\"sbody-td\">E653DF3744CE0E7C3100AD5E69958F22539E8617</td><td class=\"sbody-td\">293E2368F540EF5D39701B33705F7987B8C3F24FDEC8FAEB67FC5B06E8D969B3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3072306-x86.msu</td><td class=\"sbody-td\">E07BD83BDA0808A25EB2DD4085B3A8A91921E97C</td><td class=\"sbody-td\">99F341551387E5C0153B014C2E4D67252A957BA495D14E7C8797F720A5B50465</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3072307-x64.msu</td><td class=\"sbody-td\">75366E877EFECA1558303314FE5C84A2D45A106E</td><td class=\"sbody-td\">0A551B9C79D49467E682A8D150BEF33DE440C64F06EAE7EFAB94C73EE2752795</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3072307-x86.msu</td><td class=\"sbody-td\">72DF02B43379A352EDB050F6566F830D91A01EBD</td><td class=\"sbody-td\">F4309157670453B88E40C768CB611689A1F49B17CBAD723725BC593F6220E741</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP46-KB3072311-x86.exe</td><td class=\"sbody-td\">A057FED86F8C842BE32108537FDB0F3BFD42D147</td><td class=\"sbody-td\">5086F4B72A92C8412FB05F2C226B5CB8EC34D795D9FBE99FFCAEF8D6A57FB84E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows10.0-KB3078990-x64.msu</td><td class=\"sbody-td\">FC8454A10F651CC87D5B74C7893A17077A94E9CA</td><td class=\"sbody-td\">BA0576B04AE7C7B68C2982B53C40EB1CAE9FDA5FF15465A5039368DE697C2971</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3072305-x86.msu</td><td class=\"sbody-td\">8514A610FC87BF01CF239C8472A13F32BB63A894</td><td class=\"sbody-td\">E6163E531C20A5205915D50D544F6FA5AA5582E140BC73FD6CC9DCA26A73AB1B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP30SP2-KB3072308-x64.exe</td><td class=\"sbody-td\">FDC4B992B69369867942709484A6C1BE9D6E5F40</td><td class=\"sbody-td\">18F8D1429D02754A390C6140BB209DA3E8AA364F339454C310219276CF564BF0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP30SP2-KB3072308-x86.exe</td><td class=\"sbody-td\">DF948B25BC71432E5CADE81A55E0840A833B8BDC</td><td class=\"sbody-td\">F267142D9865926E473D454E5417E6F665EF92700607941D680CB855194C5E49</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP45-KB3072310-x86.exe</td><td class=\"sbody-td\">9AE0D32A23B5C7A0ED86E0D87AC64EB63A6A98E2</td><td class=\"sbody-td\">CDEA53F6BC5F17905A449B66B0F46E814A67E06B423F85AE31A90CE7E624302C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP45-KB3072310-x86.exe</td><td class=\"sbody-td\">3CAB0DC5830DA493FFB568116DBC3D299E5C3B18</td><td class=\"sbody-td\">FAC094F4D8C06CE01FDEE9B325B4325701D763690E966F44033A4134FFB9CA68</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows10.0-KB3078990-x86.msu</td><td class=\"sbody-td\">154B8DCE36CF6119A8FDFA33B89956122733A23C</td><td class=\"sbody-td\">D85C40A48EEB6F9FCA8347F95B17CF317AFEE8E53DA7D7DBC7E5B6B7AF60ACE9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3072306-x86.msu</td><td class=\"sbody-td\">C6BA0D67D207B5C35E25A8E1CB413978BF72424D</td><td class=\"sbody-td\">A03D9E6221DE4762D76A79E426841D98990C5CE86AB4A98A4B100AF821A66072</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3072307-x64.msu</td><td class=\"sbody-td\">6A59966AA83175FC6C29695C223DE8A2F2AE7FF9</td><td class=\"sbody-td\">409AAF149E3BC609CFBD26F84C8EAD94EAEFF764BE2C7A0CBE065BCC0FBA5EC6</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP30SP2-KB3072308-x64.exe</td><td class=\"sbody-td\">162AC0620EE0E178859C2ABDC1266E3FCDAE9DE6</td><td class=\"sbody-td\">97F90C17D91E23F4F7638365BDEC0E0B24C5B5398B3D083479BF859A91B73C08</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP40-KB3072309-x86.exe</td><td class=\"sbody-td\">7BDA28D4C145E095924BD8C54E3542B46F36CCDE</td><td class=\"sbody-td\">460EB2F8AA74E8F5E2936F5F361CCD691FAE50462F812E4318F0658644F316E0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3072303-x64.msu</td><td class=\"sbody-td\">6042883A9AB2D94DF29633A865CA23F72F4CC4FA</td><td class=\"sbody-td\">8979D6FDD3F4354101C465E4EB456F1507BD5426B9E3CAC6E05562BE32BA3AEF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP40-KB3072309-x64.exe</td><td class=\"sbody-td\">9466B714A6215E9A4A0428D2FB188EAACCC6C36A</td><td class=\"sbody-td\">E442F0FDD7259A4CA8A2839D1F58FCADC4D1C257F58D6CD22B8EA0B64ACBFE60</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP40-KB3072309-x86.exe</td><td class=\"sbody-td\">E0B42DE69B59E0437B4AD5C8BF9F6D197510A6EF</td><td class=\"sbody-td\">B1002BAB053C42997E5F9631DB9567C3BDB4811A7C48E18C7AAACAB64CF7F46C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP46-KB3072311-x64.exe</td><td class=\"sbody-td\">95936F09E4AB0CEBA8B78E12EC311C2F475B9955</td><td class=\"sbody-td\">2ACAFD52A8421665AF635C7862FF41FA6BF1B922365A2B5BF373CAD3142E86F7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP40-KB3072309-x64.exe</td><td class=\"sbody-td\">346F3DAAD482494DB68BBD8935B0764DC8235174</td><td class=\"sbody-td\">953D044F2D156C15C3A2DBE0F115994F6C6CF34F0F9D85900A3470EC32E9402A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP45-KB3072310-x64.exe</td><td class=\"sbody-td\">4665CD57B9820F440BE31FE187969C2B000F3CFE</td><td class=\"sbody-td\">B5E3FAD72838D5C270F455D5646FB145C55180A06791CE07AE0892394E52EEA5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">lync2013-kb3055014-fullfile-x86-glb.exe</td><td class=\"sbody-td\">F0735CE917F9E51E76367D6553BDA712FE1CEE81</td><td class=\"sbody-td\">1BE5FF8DB1ACCC33D5C38CCEA478A22972ECADF0185134AB4B6A0DBB4D670710</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">lync2013-kb3055014-fullfile-x64-glb.exe</td><td class=\"sbody-td\">4C40C26CC72A98691B93D9F532417D2CF40D8CEC</td><td class=\"sbody-td\">E2BF49BCF17C8B5220C4BC011C362CC19122B8C7AC6A827B09DD144A648D486D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ogl2007-kb3054890-fullfile-x86-glb.exe</td><td class=\"sbody-td\">5AC862F5E20A9928B2D1983BFB1B5A85BA8F3D41</td><td class=\"sbody-td\">BA824DCF6A1AEE213B1921DFEEC55C4D71EC71820FF0BB415E96986FC1E7023D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ogl2010-kb3054846-fullfile-x86-glb.exe</td><td class=\"sbody-td\">9E50ED7900D462495BCDD6319F99BEBCC3AE16A3</td><td class=\"sbody-td\">CF602DDD145FC96D5A4FE5A5087520A07D498B0F96B031BCD08C0BA1BFA2A65A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ogl2010-kb3054846-fullfile-x64-glb.exe</td><td class=\"sbody-td\">95C6E057DF876F418420DA6BF0B870523662A509</td><td class=\"sbody-td\">771B42846D74D29B6373EB48D6C0B47A1D5880B66D09FC8DF46CBB71FE51716F</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-77\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-78\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-79\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-80\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "edition": 2, "modified": "2016-12-30T19:19:18", "id": "KB3078662", "href": "https://support.microsoft.com/en-us/help/3078662/", "published": "2015-08-11T00:00:00", "title": "MS15-080: Vulnerabilities in Microsoft graphics component could allow remote code execution: August 11, 2015", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-03-01T06:18:47", "description": "The remote Windows host is affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist due\n to the Windows Adobe Type Manager Library not properly\n handling specially crafted OpenType fonts. An attacker\n can exploit these, by using a crafted document or web\n page with embedded OpenType fonts, to execute arbitrary\n code in the context of the current user. (CVE-2015-2432,\n CVE-2015-2458, CVE-2015-2459, CVE-2015-2460,\n CVE-2015-2461, CVE-2015-2462)\n\n - Multiple remote code execution vulnerabilities exist in\n various components of Windows, .NET Framework, Office,\n Lync, and Silverlight due to a failure to properly handle\n TrueType fonts. An attacker can exploit these, by using\n a crafted document or web page with embedded TrueType\n fonts, to execute arbitrary code in the context of the\n current user. (CVE-2015-2435, CVE-2015-2455,\n CVE-2015-2456 CVE-2015-2463, CVE-2015-2464)\n\n - A remote code execution vulnerability exists due to\n Microsoft Office not properly handling Office Graphics\n Library (OGL) fonts. An attacker can exploit this, by\n using a crafted document or web page with embedded OGL\n fonts, to execute arbitrary code in the context of the\n user. (CVE-2015-2431)\n\n - A security feature bypass vulnerability exists due to\n a failure by the Windows kernel to properly initialize\n a memory address. An attacker, using a specially crafted\n application, can exploit this issue to bypass Kernel\n Address Space Layout Randomization (KASLR) and retrieve\n the base address of the kernel driver. (CVE-2015-2433)\n\n - An elevation of privilege vulnerability exists due to\n a flaw in the Windows Client/Server Run-time Subsystem\n (CSRSS) when terminating a process when a user logs off.\n An attacker can exploit this vulnerability to run code\n that monitors the actions of users who log on to the\n system, allowing the disclosure of sensitive information\n which could be used to elevate privileges or execute\n code. (CVE-2015-2453)\n\n - A security feature bypass vulnerability exists due to\n the Windows kernel-mode driver not properly validating\n and enforcing impersonation levels. An attacker can\n exploit this to gain elevated privileges on a targeted\n system. (CVE-2015-2454)\n\n - A security feature bypass vulnerability exists due to\n the Windows shell not properly validating and enforcing\n impersonation levels. An attacker can exploit this to\n bypass impersonation-level security and gain elevated\n privileges on a targeted system. (CVE-2015-2465)", "edition": 27, "published": "2015-08-12T00:00:00", "title": "MS15-080 : Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2456", "CVE-2015-2433", "CVE-2015-2455", "CVE-2015-2460", "CVE-2015-2431", "CVE-2015-2435", "CVE-2015-2465", "CVE-2015-2459", "CVE-2015-2462", "CVE-2015-2461", "CVE-2015-2454", "CVE-2015-2432", "CVE-2015-2464", "CVE-2015-2463", "CVE-2015-2453", "CVE-2015-2458"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:microsoft:lync_basic", "cpe:/o:microsoft:windows", "cpe:/a:microsoft:silverlight", "cpe:/a:microsoft:.net_framework", "cpe:/a:microsoft:office", "cpe:/a:microsoft:live_meeting_console", "cpe:/a:microsoft:lync"], "id": "SMB_NT_MS15-080.NASL", "href": "https://www.tenable.com/plugins/nessus/85348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85348);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-2431\",\n \"CVE-2015-2432\",\n \"CVE-2015-2433\",\n \"CVE-2015-2435\",\n \"CVE-2015-2453\",\n \"CVE-2015-2454\",\n \"CVE-2015-2455\",\n \"CVE-2015-2456\",\n \"CVE-2015-2458\",\n \"CVE-2015-2459\",\n \"CVE-2015-2460\",\n \"CVE-2015-2461\",\n \"CVE-2015-2462\",\n \"CVE-2015-2463\",\n \"CVE-2015-2464\",\n \"CVE-2015-2465\"\n );\n script_bugtraq_id(\n 76203,\n 76207,\n 76209,\n 76210,\n 76211,\n 76213,\n 76215,\n 76216,\n 76218,\n 76223,\n 76225,\n 76235,\n 76238,\n 76239,\n 76240,\n 76241\n );\n script_xref(name:\"MSFT\", value:\"MS15-080\");\n script_xref(name:\"MSKB\", value:\"3054846\");\n script_xref(name:\"MSKB\", value:\"3054890\");\n script_xref(name:\"MSKB\", value:\"3055014\");\n script_xref(name:\"MSKB\", value:\"3072303\");\n script_xref(name:\"MSKB\", value:\"3072305\");\n script_xref(name:\"MSKB\", value:\"3072306\");\n script_xref(name:\"MSKB\", value:\"3072307\");\n script_xref(name:\"MSKB\", value:\"3072309\");\n script_xref(name:\"MSKB\", value:\"3072310\");\n script_xref(name:\"MSKB\", value:\"3072311\");\n script_xref(name:\"MSKB\", value:\"3075590\");\n script_xref(name:\"MSKB\", value:\"3075591\");\n script_xref(name:\"MSKB\", value:\"3075592\");\n script_xref(name:\"MSKB\", value:\"3075593\");\n script_xref(name:\"MSKB\", value:\"3078601\");\n script_xref(name:\"MSKB\", value:\"3080333\");\n script_xref(name:\"MSKB\", value:\"3081436\");\n script_xref(name:\"IAVA\", value:\"2015-A-0196\");\n\n script_name(english:\"MS15-080 : Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist due\n to the Windows Adobe Type Manager Library not properly\n handling specially crafted OpenType fonts. An attacker\n can exploit these, by using a crafted document or web\n page with embedded OpenType fonts, to execute arbitrary\n code in the context of the current user. (CVE-2015-2432,\n CVE-2015-2458, CVE-2015-2459, CVE-2015-2460,\n CVE-2015-2461, CVE-2015-2462)\n\n - Multiple remote code execution vulnerabilities exist in\n various components of Windows, .NET Framework, Office,\n Lync, and Silverlight due to a failure to properly handle\n TrueType fonts. An attacker can exploit these, by using\n a crafted document or web page with embedded TrueType\n fonts, to execute arbitrary code in the context of the\n current user. (CVE-2015-2435, CVE-2015-2455,\n CVE-2015-2456 CVE-2015-2463, CVE-2015-2464)\n\n - A remote code execution vulnerability exists due to\n Microsoft Office not properly handling Office Graphics\n Library (OGL) fonts. An attacker can exploit this, by\n using a crafted document or web page with embedded OGL\n fonts, to execute arbitrary code in the context of the\n user. (CVE-2015-2431)\n\n - A security feature bypass vulnerability exists due to\n a failure by the Windows kernel to properly initialize\n a memory address. An attacker, using a specially crafted\n application, can exploit this issue to bypass Kernel\n Address Space Layout Randomization (KASLR) and retrieve\n the base address of the kernel driver. (CVE-2015-2433)\n\n - An elevation of privilege vulnerability exists due to\n a flaw in the Windows Client/Server Run-time Subsystem\n (CSRSS) when terminating a process when a user logs off.\n An attacker can exploit this vulnerability to run code\n that monitors the actions of users who log on to the\n system, allowing the disclosure of sensitive information\n which could be used to elevate privileges or execute\n code. (CVE-2015-2453)\n\n - A security feature bypass vulnerability exists due to\n the Windows kernel-mode driver not properly validating\n and enforcing impersonation levels. An attacker can\n exploit this to gain elevated privileges on a targeted\n system. (CVE-2015-2454)\n\n - A security feature bypass vulnerability exists due to\n the Windows shell not properly validating and enforcing\n impersonation levels. An attacker can exploit this to\n bypass impersonation-level security and gain elevated\n privileges on a targeted system. (CVE-2015-2465)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS15-080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista, 2008, 7,\n2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally,\nMicrosoft has released a set of patches for Office 2007, Office 2010,\nMicrosoft Lync 2010, 2010 Attendee, 2013 SP1, Microsoft Live Meeting\n2007; and .NET Framework 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MS15-078 Microsoft Windows Font Driver Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_framework\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:live_meeting_console\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:lync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:lync_basic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:silverlight\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"microsoft_lync_server_installed.nasl\", \"silverlight_detect.nasl\", \"microsoft_net_framework_installed.nasl\", \"office_installed.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nglobal_var bulletin, vuln, arch;\n\narch = get_kb_item_or_exit('SMB/ARCH');\nvuln = 0;\nbulletin = 'MS15-080';\n\nkbs = make_list(\n '3054846', # Office 2010 SP 2\n '3054890', # Office 2007 SP 3\n '3055014', # Microsoft Lync 2013 SP1\n '3072303', # .NET Framework 3.0 SP2\n '3072305', # .NET Framework 3.5.1\n '3072306', # .NET Framework 3.5 (Windows 8)\n '3072307', # .NET Framework 3.5 (Windows 8.1)\n '3072309', # .NET Framework 4\n '3072310', # .NET Framework 4.5/4.5.1/4.5.2\n '3072311', # .NET Framework 4.6\n '3075590', # Mictosoft Lync 2010 Attendee (admin level install)\n '3075591', # Microsoft Live Meeting 2007\n '3075592', # Microsoft Lync 2010 Attendee (user level install)\n '3075593', # Microsft Lync 2010\n '3078601', # Windows (all but 10)\n '3080333', # Microsoft Silverlight 5\n '3081436' # Windows 10\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\n# Windows Checks\nfunction perform_windows_checks()\n{\n if (\n # Windows 10\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"ntdll.dll\", version:\"10.0.10240.16430\", dir:\"\\system32\", bulletin:bulletin, kb:'3081436') ||\n\n # Windows 8.1 / Windows Server 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"atmfd.dll\", version:\"5.1.2.245\", dir:\"\\system32\", bulletin:bulletin, kb:'3078601') ||\n\n # Windows 8 / Windows Server 2012\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"atmfd.dll\", version:\"5.1.2.245\", dir:\"\\system32\", bulletin:bulletin, kb:'3078601') ||\n\n # Windows 7 and Windows Server 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"atmfd.dll\", version:\"5.1.2.245\", dir:\"\\system32\", bulletin:bulletin, kb:'3078601') ||\n\n # Vista / Windows 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"atmfd.dll\", version:\"5.1.2.245\", dir:\"\\system32\", bulletin:bulletin, kb:'3078601')\n )\n vuln++;\n}\n\n# dotnet checks\nfunction perform_dotnet_checks()\n{\n local_var dotnet_452_installed, dotnet_451_installed, dotnet_45_installed, dotnet_46_installed;\n local_var ver, missing, count, installs, install;\n\n # Determine if .NET 4.5, 4.5.1, or 4.5.2 is installed\n dotnet_452_installed = FALSE;\n dotnet_451_installed = FALSE;\n dotnet_45_installed = FALSE;\n dotnet_46_installed = FALSE;\n\n count = get_install_count(app_name:'Microsoft .NET Framework');\n if (count > 0)\n {\n installs = get_installs(app_name:'Microsoft .NET Framework');\n foreach install(installs[1])\n {\n ver = install[\"version\"];\n if (ver == \"4.5\") dotnet_45_installed = TRUE;\n if (ver == \"4.6\") dotnet_46_installed = TRUE;\n if (ver == \"4.5.1\") dotnet_451_installed = TRUE;\n if (ver == \"4.5.2\") dotnet_452_installed = TRUE;\n }\n }\n\n ########## KB3072303 #############\n # .NET Framework 3.0 SP2 #\n # Windows Vista SP2 #\n # Windows Server 2008 SP2 #\n ##################################\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.4229\", min_version:\"3.0.6920.0\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.8684\", min_version:\"3.0.6920.7000\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"3072303\");\n vuln += missing;\n\n ########### KB3072309 #############\n # .NET Framework 4 #\n # Windows Vista SP2 #\n # Windows Server 2008 SP2 #\n ###################################\n missing = 0;\n # Windows Vista/Server 2008 SP2\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wpfgfx_v0400.dll\", version:\"4.0.30319.1038\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wpfgfx_v0400.dll\", version:\"4.0.30319.2065\", min_version:\"4.0.30319.1200\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"3072309\");\n vuln += missing;\n\n ########### KB3072310 ############\n # .NET Framework 4.5/4.5.1/4.5.2 #\n # Windows Vista SP2 #\n # Windows Server 2008 SP2 #\n ##################################\n missing = 0;\n if (dotnet_45_installed || dotnet_451_installed || dotnet_452_installed)\n {\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wpftxt_v0400.dll\", version:\"4.0.30319.34273\", min_version:\"4.0.30319.30000\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wpftxt_v0400.dll\", version:\"4.0.30319.36314\", min_version:\"4.0.30319.34500\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\n }\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"3072310\");\n vuln += missing;\n\n ############ KB3072311 ###########\n # .NET Framework 4.6 #\n # Windows Vista SP2 #\n # Windows Server 2008 SP2 #\n ##################################\n missing = 0;\n if (dotnet_46_installed)\n {\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wpftxt_v0400.dll\", version:\"4.6.101.0\", min_version:\"4.6.0.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\n if(arch == \"x64\")\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wpftxt_v0400.dll\", version:\"4.6.101.0\", min_version:\"4.6.0.0\", dir:\"\\Microsoft.NET\\Framework64\\v4.0.30319\\WPF\");\n }\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"3072311\");\n vuln += missing;\n\n ############ KB3072307 ############\n # .NET Framework 3.5 #\n # Windows 8.1 #\n # Windows Server 2012 R2 #\n ###################################\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.8008\", min_version:\"3.0.6920.0\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n missing += hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.8684\", min_version:\"3.0.6920.8200\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"3072307\");\n vuln += missing;\n\n ########### KB3072305 #############\n # .NET Framework 3.5.1 #\n # Windows 7 SP1 #\n # Windows Server 2008 R2 SP1 #\n ###################################\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.5469\", min_version:\"3.0.6920.0\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.8684\", min_version:\"3.0.6920.7000\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"3072305\");\n vuln += missing;\n\n ########### KB3072306 ###########\n # .NET Framework 3.5 #\n # Windows 8 #\n # Windows Server 2012 #\n #################################\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.6421\", min_version:\"3.0.6920.0\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n missing += hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.8684\", min_version:\"3.0.6920.7000\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"3072306\");\n vuln += missing;\n\n ############ KB3072307 ############\n # .NET Framework 3.5 #\n # Windows 8.1 #\n # Windows Server 2012 R2 #\n ###################################\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.8008\", min_version:\"3.0.6920.0\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n missing += hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"wpfgfx_v0300.dll\", version:\"3.0.6920.8684\", min_version:\"3.0.6920.8200\", dir:\"\\Microsoft.NET\\Framework\\v3.0\\WPF\");\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"3072307\");\n vuln += missing;\n}\n\n# KB3054890 / KB3054846 (Office Checks)\nfunction perform_office_checks()\n{\n local_var office_versions, office_sp;\n local_var path;\n\n office_versions = hotfix_check_office_version();\n if (office_versions[\"14.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n path = hotfix_append_path(path:hotfix_get_officecommonfilesdir(officever:\"14.0\"), value:\"\\Microsoft Shared\\Office14\");\n if (hotfix_check_fversion(file:\"Ogl.dll\", version:\"14.0.7155.5000\", min_version:\"14.0.0.0\", path:path, bulletin:bulletin, kb:\"3054846\", product:\"Microsoft Office 2010 SP2\") == HCF_OLDER)\n vuln++;\n }\n }\n\n if (office_versions[\"12.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (office_sp == 3)\n {\n path = hotfix_append_path(path:hotfix_get_officecommonfilesdir(officever:\"12.0\"), value:\"\\Microsoft Shared\\Office12\");\n if (hotfix_check_fversion(file:\"Ogl.dll\", version:\"12.0.6725.5000\", min_version:\"12.0.0.0\", path:path, bulletin:bulletin, kb:'3054890', product:\"Microsoft Office 2007 SP2\") == HCF_OLDER)\n vuln++;\n }\n }\n}\n\n# Lync checks\nfunction perform_lync_checks()\n{\n local_var lync_count, lync_installs, lync_install;\n local_var count,install;\n\n lync_count = get_install_count(app_name:\"Microsoft Lync\");\n if (lync_count > 0)\n {\n lync_installs = get_installs(app_name:\"Microsoft Lync\");\n foreach lync_install (lync_installs[1])\n {\n if (\"Live Meeting 2007 Console\" >< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"pubutil.dll\", version:\"8.0.6362.236\", min_version:\"8.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"3075591\", product:\"Live Meeting 2007 Console\") == HCF_OLDER)\n vuln++;\n }\n else if (lync_install[\"version\"] =~ \"^4\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n if (\"Attendee\" >!< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"communicator.exe\", version:\"4.0.7577.4476\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"3075593\", product:\"Microsoft Lync 2010\") == HCF_OLDER)\n vuln++;\n }\n else if (\"Attendee\" >< lync_install[\"Product\"])\n {\n if (\"user level\" >< tolower(lync_install[\"Product\"]))\n {\n if (hotfix_check_fversion(file:\"MeetingJoinAxAOC.DLL\", version:\"4.0.7577.4476\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"3075592\", product:lync_install[\"Product\"]) == HCF_OLDER)\n vuln++;\n }\n else\n {\n if (hotfix_check_fversion(file:\"MeetingJoinAxAOC.DLL\", version:\"4.0.7577.4476\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"3075590\", product:lync_install[\"Product\"]) == HCF_OLDER)\n vuln++;\n }\n }\n }\n else if (lync_install[\"version\"] =~ \"^15\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"Lync.exe\", version:\"15.0.4745.1000\", min_version:\"15.0.4569.1503\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"3055014\", product:\"Microsoft Lync 2013\") == HCF_OLDER)\n vuln++;\n }\n }\n }\n}\n\n# Silverlight Check\nfunction perform_silverlight_checks()\n{\n local_var slver, report, path;\n\n slver = get_kb_item(\"SMB/Silverlight/Version\");\n if (slver && slver =~ \"^5\\.\" && ver_compare(ver:slver, fix:\"5.1.40728.0\",strict:FALSE) == -1)\n {\n path = get_kb_item(\"SMB/Silverlight/Path\");\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + slver +\n '\\n Fixed version : 5.1.40728.0' +\n '\\n';\n hotfix_add_report(report,bulletin:bulletin, kb:\"3080333\");\n vuln += 1;\n }\n}\n\nperform_windows_checks();\nperform_dotnet_checks();\nperform_office_checks();\nperform_silverlight_checks();\nperform_lync_checks();\n\nif(vuln)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:45:03", "bulletinFamily": "info", "cvelist": ["CVE-2015-2456", "CVE-2015-2475", "CVE-2015-2433", "CVE-2015-2441", "CVE-2015-1769", "CVE-2015-2455", "CVE-2015-2429", "CVE-2015-2476", "CVE-2015-2472", "CVE-2015-2471", "CVE-2015-2446", "CVE-2015-2460", "CVE-2015-2442", "CVE-2015-2431", "CVE-2015-2423", "CVE-2015-2435", "CVE-2015-2465", "CVE-2015-2459", "CVE-2015-2434", "CVE-2015-2462", "CVE-2015-2461", "CVE-2015-2440", "CVE-2015-2454", "CVE-2015-2432", "CVE-2015-2473", "CVE-2015-2430", "CVE-2015-2474", "CVE-2015-2449", "CVE-2015-2464", "CVE-2015-2428", "CVE-2015-2463", "CVE-2015-2453", "CVE-2015-2458"], "description": "### *Detect date*:\n08/11/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nWindows Vista Service Pack 2 \nWindows Server 2008 Service Pack 2 \nWindows 7 Service Pack 1 \nWindows Server 2008 R2 \nWindows 8 \nWindows 8.1 \nWindows Server 2012 \nWindows Server 2012 R2 \nWindows RT \nWindows RT 8.1 \nWindows 10 \n.NET framework versions 3.0 SP2, 4, 4.5, 4.5.1, 4.5.2, 4.6 \nOffice 2007 Service Pack 3 \nOffice 2010 Service Pack 2 \nLive Meeting 2007 Console \nLync 2010 \nLync 2013 Service Pack 1 \nSilverlight 5 \nBizTalk Server 2010, 2013, 2013 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-2423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2423>) \n[CVE-2015-2431](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2431>) \n[CVE-2015-2430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2430>) \n[CVE-2015-2456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2456>) \n[CVE-2015-2458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2458>) \n[CVE-2015-2433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2433>) \n[CVE-2015-2432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2432>) \n[CVE-2015-2471](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2471>) \n[CVE-2015-2472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2472>) \n[CVE-2015-2473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2473>) \n[CVE-2015-2474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2474>) \n[CVE-2015-2475](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2475>) \n[CVE-2015-2476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2476>) \n[CVE-2015-1769](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1769>) \n[CVE-2015-2449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2449>) \n[CVE-2015-2455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2455>) \n[CVE-2015-2460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2460>) \n[CVE-2015-2459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2459>) \n[CVE-2015-2462](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2462>) \n[CVE-2015-2461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2461>) \n[CVE-2015-2464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2464>) \n[CVE-2015-2463](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2463>) \n[CVE-2015-2465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2465>) \n[CVE-2015-2454](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2454>) \n[CVE-2015-2453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2453>) \n[CVE-2015-2434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2434>) \n[CVE-2015-2435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2435>) \n[CVE-2015-2428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2428>) \n[CVE-2015-2441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2441>) \n[CVE-2015-2446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2446>) \n[CVE-2015-2429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2429>) \n[CVE-2015-2440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2440>) \n[CVE-2015-2442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2442>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft .NET Framework](<https://threats.kaspersky.com/en/product/Microsoft-.NET-Framework/>)\n\n### *CVE-IDS*:\n[CVE-2015-2423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423>)4.3Warning \n[CVE-2015-2431](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2431>)9.3Critical \n[CVE-2015-2430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2430>)9.3Critical \n[CVE-2015-2456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2456>)9.3Critical \n[CVE-2015-2458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2458>)9.3Critical \n[CVE-2015-2433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2433>)2.1Warning \n[CVE-2015-2432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2432>)9.3Critical \n[CVE-2015-2471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2471>)4.3Warning \n[CVE-2015-2472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2472>)4.3Warning \n[CVE-2015-2473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2473>)9.3Critical \n[CVE-2015-2474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2474>)9.0Critical \n[CVE-2015-2475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2475>)4.3Warning \n[CVE-2015-2476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2476>)2.6Warning \n[CVE-2015-1769](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1769>)7.2High \n[CVE-2015-2449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2449>)4.3Warning \n[CVE-2015-2455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2455>)9.3Critical \n[CVE-2015-2460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2460>)9.3Critical \n[CVE-2015-2459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2459>)9.3Critical \n[CVE-2015-2462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2462>)9.3Critical \n[CVE-2015-2461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2461>)9.3Critical \n[CVE-2015-2464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2464>)9.3Critical \n[CVE-2015-2463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2463>)9.3Critical \n[CVE-2015-2465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2465>)2.1Warning \n[CVE-2015-2454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2454>)2.1Warning \n[CVE-2015-2453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2453>)4.7Warning \n[CVE-2015-2434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2434>)4.3Warning \n[CVE-2015-2435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2435>)9.3Critical \n[CVE-2015-2428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2428>)2.1Warning \n[CVE-2015-2441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441>)9.3Critical \n[CVE-2015-2446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446>)9.3Critical \n[CVE-2015-2429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2429>)9.3Critical \n[CVE-2015-2440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2440>)4.3Warning \n[CVE-2015-2442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3081436](<http://support.microsoft.com/kb/3081436>) \n[3080790](<http://support.microsoft.com/kb/3080790>) \n[3072305](<http://support.microsoft.com/kb/3072305>) \n[3071756](<http://support.microsoft.com/kb/3071756>) \n[3072307](<http://support.microsoft.com/kb/3072307>) \n[3072306](<http://support.microsoft.com/kb/3072306>) \n[3072303](<http://support.microsoft.com/kb/3072303>) \n[3072309](<http://support.microsoft.com/kb/3072309>) \n[3080129](<http://support.microsoft.com/kb/3080129>) \n[3082458](<http://support.microsoft.com/kb/3082458>) \n[3082459](<http://support.microsoft.com/kb/3082459>) \n[3079743](<http://support.microsoft.com/kb/3079743>) \n[3080348](<http://support.microsoft.com/kb/3080348>) \n[3073893](<http://support.microsoft.com/kb/3073893>) \n[3075591](<http://support.microsoft.com/kb/3075591>) \n[3075590](<http://support.microsoft.com/kb/3075590>) \n[3075593](<http://support.microsoft.com/kb/3075593>) \n[3075592](<http://support.microsoft.com/kb/3075592>) \n[3084525](<http://support.microsoft.com/kb/3084525>) \n[3076895](<http://support.microsoft.com/kb/3076895>) \n[3087119](<http://support.microsoft.com/kb/3087119>) \n[3055014](<http://support.microsoft.com/kb/3055014>) \n[2825645](<http://support.microsoft.com/kb/2825645>) \n[3075222](<http://support.microsoft.com/kb/3075222>) \n[3075221](<http://support.microsoft.com/kb/3075221>) \n[3075220](<http://support.microsoft.com/kb/3075220>) \n[3075226](<http://support.microsoft.com/kb/3075226>) \n[3072310](<http://support.microsoft.com/kb/3072310>) \n[3072311](<http://support.microsoft.com/kb/3072311>) \n[3076949](<http://support.microsoft.com/kb/3076949>) \n[3073921](<http://support.microsoft.com/kb/3073921>) \n[3054890](<http://support.microsoft.com/kb/3054890>) \n[3060716](<http://support.microsoft.com/kb/3060716>) \n[3078662](<http://support.microsoft.com/kb/3078662>) \n[3079757](<http://support.microsoft.com/kb/3079757>) \n[3078601](<http://support.microsoft.com/kb/3078601>) \n[3078071](<http://support.microsoft.com/kb/3078071>) \n[3046017](<http://support.microsoft.com/kb/3046017>) \n[3054846](<http://support.microsoft.com/kb/3054846>) \n[3080333](<http://support.microsoft.com/kb/3080333>) \n[3082487](<http://support.microsoft.com/kb/3082487>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2015-08-11T00:00:00", "id": "KLA10646", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10646", "title": "\r KLA10646Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-2456", "CVE-2015-2475", "CVE-2015-2433", "CVE-2015-2441", "CVE-2015-1769", "CVE-2015-2455", "CVE-2015-2445", "CVE-2015-2447", "CVE-2015-2429", "CVE-2015-2476", "CVE-2015-2472", "CVE-2015-2444", "CVE-2015-2471", "CVE-2015-2446", "CVE-2015-2452", "CVE-2015-2448", "CVE-2015-2460", "CVE-2015-2481", "CVE-2015-2442", "CVE-2015-2423", "CVE-2015-2435", "CVE-2015-2465", "CVE-2015-2480", "CVE-2015-2459", "CVE-2015-2434", "CVE-2015-2462", "CVE-2015-2461", "CVE-2015-2426", "CVE-2015-2450", "CVE-2015-2479", "CVE-2015-2440", "CVE-2015-2454", "CVE-2015-2432", "CVE-2015-2473", "CVE-2015-2451", "CVE-2015-2430", "CVE-2015-2474", "CVE-2015-2443", "CVE-2015-2449", "CVE-2015-2464", "CVE-2015-2428", "CVE-2015-2463", "CVE-2015-2453", "CVE-2015-2458"], "description": "OpenType fonts parsing code execution, multiple Internet Explorer and Edge vulnerabilities, code execution and information disclosure in system libraries, code execution via RDP and AMB, privilege escalation, information disclosure via WebDAV.", "edition": 1, "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14626", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14626", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
