{"id": "1337DAY-ID-23897", "lastseen": "2018-04-10T01:51:55", "viewCount": 162, "bulletinFamily": "exploit", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 2, "enchantments": {"score": {"value": 8.3, "vector": "NONE", "modified": "2018-04-10T01:51:55", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-2373"]}, {"type": "symantec", "idList": ["SMNTC-75644"]}, {"type": "nessus", "idList": ["SMB_NT_MS15-067.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805077"]}, {"type": "mskb", "idList": ["KB3073094"]}, {"type": "kaspersky", "idList": ["KLA10631"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14594"]}], "modified": "2018-04-10T01:51:55", "rev": 2}, "vulnersScore": 8.3}, "type": "zdt", "sourceHref": "", "description": "The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk.\r Vulnerability Information\rA remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) (terminal) service handles packets. While the most likely outcome of this vulnerability is denial of the remote desktop (terminal) service (DOS), remote code execution is possible.\r To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by modifying how the terminal service handles packets.\rMicrosoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.\n\nThis is private exploit. You can buy it at https://0day.today", "title": "Windows 7/8 and WS2012 RDP Remote Code Execution Exploit 0day", "cvelist": ["CVE-2015-2373"], "sourceData": "", "published": "2015-07-18T00:00:00", "references": [], "reporter": "0day Today Team", "modified": "2015-07-18T00:00:00", "href": "https://0day.today/exploit/description/23897"}

{"cve": [{"lastseen": "2020-10-03T12:49:49", "description": "The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka \"Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability.\"", "edition": 3, "cvss3": {}, "published": "2015-07-14T21:59:00", "title": "CVE-2015-2373", "type": "cve", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2373"], "modified": "2018-10-12T22:09:00", "cpe": ["cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2015-2373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2373", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-03-13T10:05:41", "bulletinFamily": "software", "cvelist": ["CVE-2015-2373"], "description": "### Description\n\nMicrosoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code in the context of the affected process. This may facilitate a complete system compromise. Failed attacks may cause denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't required. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the potential impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for anomalous or suspicious activity. Monitor logs generated by NIDS and by the server itself for evidence of attacks against the server. \n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2015-07-14T00:00:00", "published": "2015-07-14T00:00:00", "id": "SMNTC-75644", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/75644", "type": "symantec", "title": "Microsoft Remote Desktop Protocol CVE-2015-2373 Remote Code Execution Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-01-08T14:00:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2373"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-067.", "modified": "2019-12-20T00:00:00", "published": "2015-07-15T00:00:00", "id": "OPENVAS:1361412562310805077", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805077", "type": "openvas", "title": "Microsoft Windows Remote Desktop Remote Code Execution Vulnerability (3073094)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Remote Desktop Remote Code Execution Vulnerability (3073094)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805077\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2015-2373\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-15 11:26:05 +0530 (Wed, 15 Jul 2015)\");\n script_name(\"Microsoft Windows Remote Desktop Remote Code Execution Vulnerability (3073094)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-067.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw exists due to error in the Remote Desktop\n Protocol (RDP) that is triggered when handling multiple RDP sessions that fail\n to properly free objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause an exhaustion of memory resources and cause the system to\n stop responding.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8 x32/x64\n\n - Microsoft Windows Server 2012\n\n - Microsoft Windows 7 x32/x64 Service Pack 1 and prior\n\n - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3073094\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3069762\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3067904\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-067\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win8:1, win8x64:1, win2008r2:2, win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\nRdpVer = fetch_file_version(sysPath:sysPath, file_name:\"\\system32\\Rdpcorets.dll\");\nif(!RdpVer){\n exit(0);\n}\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:RdpVer, test_version:\"6.1.7601.18892\") ||\n version_in_range(version:RdpVer, test_version:\"6.1.7601.23000\", test_version2:\"6.1.7601.23094\") ||\n version_in_range(version:RdpVer, test_version:\"6.2.9200.16000\", test_version2:\"6.2.9200.17394\") ||\n version_in_range(version:RdpVer, test_version:\"6.2.9200.21000\", test_version2:\"6.2.9200.21505\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_check_sp(win8:1, win8x64:1, win2012:1) > 0)\n{\n if(version_is_less(version:RdpVer, test_version:\"6.2.9200.17395\") ||\n version_in_range(version:RdpVer, test_version:\"6.2.9200.20000\", test_version2:\"6.2.9200.21505\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:52:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2015-2373"], "description": "<html><body><p>Resolves a vulnerability in Windows that could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system that has the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a vulnerability in Windows that could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system that has the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk. To learn more about this vulnerability, see\u00a0<a href=\"https://technet.microsoft.com/library/security/ms15-067\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS15-067</a>. </div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><span class=\"text-base\">Important </span><ul class=\"sbody-free_list\"><li>All future security and nonsecurity updates for Windows 8.1 and Windows Server 2012 R2 require update\u00a0<a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-3\" target=\"_self\">2919355</a> to be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-4\" target=\"_self\">2919355</a>\u00a0on your Windows 8.1-based or Windows Server 2012 R2-based computer so that you receive future updates.\u00a0</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.<br/></li></ul><a class=\"bookmark\" id=\"fileinfo\"></a></div><h2>More information about this security update</h2><div class=\"kb-moreinformation-section section\"><br/>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.<br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/help/3069762\" id=\"kb-link-6\" target=\"_self\">3069762</a> MS15-067: Description of the security update for Windows RDP: July 14, 2015<br/></li><li><a href=\"https://support.microsoft.com/help/3067904\" id=\"kb-link-7\" target=\"_self\">3067904</a> MS15-067: Description of the security update for Windows RDP: July 14, 2015<br/></li></ul></div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"><a class=\"bookmark\" id=\"obtaintheupdate\"></a><h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <br/><a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-9\" target=\"_self\">Get security updates automatically</a>. <br/><br/></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Method 2: Microsoft Download Center</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.<br/><br/>Click the download link in <a href=\"https://technet.microsoft.com/library/security/ms15-067\" id=\"kb-link-10\" target=\"_self\">Microsoft Security Bulletin MS15-067</a> that corresponds to the version of Windows that you are running. <br/> <br/><br/></div><br/></span></div></div></div></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows 7 (all editions)<br/></h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3067904-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3069762-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3067904-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3069762-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-11\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.<br/><br/>To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-12\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the /Uninstall setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the related article listed in the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">Additional information about this security update</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 8 (all editions)<br/></h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3067904-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3067904-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-13\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.<br/><br/>To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-14\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the related article listed in the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">Additional information about this security update</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 (all editions)<br/></h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3067904-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.<br/><br/>To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-16\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the related article listed in the <a bookmark-id=\"fileinfo\" href=\"#fileinfo\" managed-link=\"\" target=\"\">Additional information about this security update</a> section.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3067904-x64.msu</td><td class=\"sbody-td\">D279DAAD72BCC328D7825D0CA6763A43D77638A6</td><td class=\"sbody-td\">B88C4FE22BFB24DDFE157BE5B071AB76FA426337069DA7D41E05D285AC86B2EE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3067904-x86.msu</td><td class=\"sbody-td\">732B96EBFC5393AD550F15800F410B03D4214DA3</td><td class=\"sbody-td\">8F344604D8DF36676FA8CF4C1CC22E1D724C370118E14EC509263451A52DF835</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3069762-x64.msu</td><td class=\"sbody-td\">9486DB51AF7FCA83A604576379B8D64DB7DB67E4</td><td class=\"sbody-td\">C1ADD987743EE406F1C3774981413E1C5722582C36E741BB9FFEF035AE983A5E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3069762-x86.msu</td><td class=\"sbody-td\">D13D8015B1258A21A9B9E9877C1CDF4D32990A79</td><td class=\"sbody-td\">1781346CE067C33D085389F81BD2C36F8C910022D64075EF4731C7CC43974DA2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3067904-x64.msu</td><td class=\"sbody-td\">62F02734C2CF5CC5C8F5F9A4813D4C98EAC63A63</td><td class=\"sbody-td\">080919BEC2AF65A24EBA4C48F2BCCC855A5AF8C0FAC1670E040B564B8D04BF2E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3067904-x86.msu</td><td class=\"sbody-td\">F4FE9CA6D3CA7433A9B873E72C74CB28761A2084</td><td class=\"sbody-td\">FC28B583959B8AE7BAEAF4A281AE0D4330B994A3F63DE77C5BC5A68281A86C95</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-17\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-18\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-19\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-20\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "edition": 2, "modified": "2015-07-16T21:34:16", "id": "KB3073094", "href": "https://support.microsoft.com/en-us/help/3073094/", "published": "2015-07-14T00:00:00", "title": "MS15-067: Vulnerability in RDP could allow remote code execution: July 14, 2015", "type": "mskb", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:43:43", "description": "The remote Windows host is affected by a remote code execution\nvulnerability due to improper handling of packets by the Remote\nDesktop Protocol (RDP) service. A remote attacker can exploit this,\nby sending a specially crafted sequence of packets to the remote RDP\nserver, to execute arbitrary code.", "edition": 25, "published": "2015-07-14T00:00:00", "title": "MS15-067: Vulnerability in RDP Could Allow Remote Code Execution (3073094)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2373"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS15-067.NASL", "href": "https://www.tenable.com/plugins/nessus/84743", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84743);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2015-2373\");\n script_xref(name:\"MSFT\", value:\"MS15-067\");\n script_xref(name:\"MSKB\", value:\"3073094\");\n script_xref(name:\"MSKB\", value:\"3069762\");\n\n script_name(english:\"MS15-067: Vulnerability in RDP Could Allow Remote Code Execution (3073094)\");\n script_summary(english:\"Checks the version of rdpcorets.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by a remote code execution\nvulnerability due to improper handling of packets by the Remote\nDesktop Protocol (RDP) service. A remote attacker can exploit this,\nby sending a specially crafted sequence of packets to the remote RDP\nserver, to execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-067\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 7, 8, and 2012.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-067';\n\nkbs = make_list(\"3073094\", \"3069762\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n# Windows 2008 R2 is not affected, but Windows 7 is\nif (\"Server 2008 R2\" >< productname || \"Small Business Server 2011\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8 / Windows Server 2012\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"rdpcorets.dll\", version:\"6.2.9200.21506\", min_version:\"6.2.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3067904\") ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"rdpcorets.dll\", version:\"6.2.9200.17395\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3067904\") ||\n\n # Windows 7\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"rdpcorets.dll\", version:\"6.1.7601.23095\", min_version:\"6.1.7601.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3067904\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"rdpcorets.dll\", version:\"6.1.7601.18892\", min_version:\"6.1.7600.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3067904\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"rdpcorets.dll\", version:\"6.2.9200.21506\", min_version:\"6.2.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3069762\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"rdpcorets.dll\", version:\"6.2.9200.17395\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3069762\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:56:24", "bulletinFamily": "info", "cvelist": ["CVE-2015-2367", "CVE-2015-2387", "CVE-2015-2362", "CVE-2015-2365", "CVE-2015-2373", "CVE-2015-2369", "CVE-2015-2366", "CVE-2015-2417", "CVE-2015-2371", "CVE-2015-2361", "CVE-2015-2374", "CVE-2015-2368", "CVE-2015-2416", "CVE-2015-2364", "CVE-2015-2363", "CVE-2015-2382", "CVE-2015-2370", "CVE-2015-2381"], "description": "### *Detect date*:\n07/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Windows Server 2003 Service Pack 2 \nMicrosoft Windows Server 2003 R2 Service Pack 2 \nWindows Vista x86, x64 Service Pack 2 \nMicrosoft Windows 7 x86, x64 Service Pack 1 \nMicrosoft Windows Server 2008 x64 Service Pack 1 \nMicrosoft Windows Server 2008 R2 x64 Service Pack 1 \nMicrosoft Windows 8 x86, x64 \nMicrosoft Windows 8.1 x86, x64 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2 \nMicrosoft Windows RT 8.1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-2416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2416>) \n[CVE-2015-2364](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2364>) \n[CVE-2015-2371](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2371>) \n[CVE-2015-2417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2417>) \n[CVE-2015-2363](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2363>) \n[CVE-2015-2373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2373>) \n[CVE-2015-2387](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2387>) \n[CVE-2015-2382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2382>) \n[CVE-2015-2361](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2361>) \n[CVE-2015-2370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2370>) \n[CVE-2015-2366](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2366>) \n[CVE-2015-2367](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2367>) \n[CVE-2015-2368](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2368>) \n[CVE-2015-2369](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2369>) \n[CVE-2015-2362](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2362>) \n[CVE-2015-2374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2374>) \n[CVE-2015-2381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2381>) \n[CVE-2015-2365](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2365>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2015-2416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2416>)5.0Critical \n[CVE-2015-2364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2364>)7.2High \n[CVE-2015-2371](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2371>)6.9High \n[CVE-2015-2417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2417>)5.0Critical \n[CVE-2015-2363](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2363>)7.2High \n[CVE-2015-2373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373>)10.0Critical \n[CVE-2015-2387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2387>)7.2High \n[CVE-2015-2382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2382>)2.1Warning \n[CVE-2015-2361](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2361>)7.2High \n[CVE-2015-2370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2370>)7.2High \n[CVE-2015-2366](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2366>)7.2High \n[CVE-2015-2367](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2367>)2.1Warning \n[CVE-2015-2368](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2368>)6.9High \n[CVE-2015-2369](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2369>)6.9High \n[CVE-2015-2362](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2362>)7.2High \n[CVE-2015-2374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2374>)3.3Warning \n[CVE-2015-2381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2381>)2.1Warning \n[CVE-2015-2365](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2365>)7.2High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3072631](<http://support.microsoft.com/kb/3072631>) \n[3068457](<http://support.microsoft.com/kb/3068457>) \n[3046339](<http://support.microsoft.com/kb/3046339>) \n[3069392](<http://support.microsoft.com/kb/3069392>) \n[3072630](<http://support.microsoft.com/kb/3072630>) \n[3067505](<http://support.microsoft.com/kb/3067505>) \n[3073094](<http://support.microsoft.com/kb/3073094>) \n[3077657](<http://support.microsoft.com/kb/3077657>) \n[3067904](<http://support.microsoft.com/kb/3067904>) \n[3072000](<http://support.microsoft.com/kb/3072000>) \n[3046359](<http://support.microsoft.com/kb/3046359>) \n[3061512](<http://support.microsoft.com/kb/3061512>) \n[3069762](<http://support.microsoft.com/kb/3069762>) \n[3072633](<http://support.microsoft.com/kb/3072633>) \n[3067903](<http://support.microsoft.com/kb/3067903>) \n[3070738](<http://support.microsoft.com/kb/3070738>) \n[3070102](<http://support.microsoft.com/kb/3070102>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2015-07-14T00:00:00", "id": "KLA10631", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10631", "title": "\r KLA10631Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-1767", "CVE-2015-2401", "CVE-2015-2385", "CVE-2015-2422", "CVE-2015-1738", "CVE-2015-2367", "CVE-2015-2391", "CVE-2015-2387", "CVE-2015-2362", "CVE-2015-2365", "CVE-2015-2414", "CVE-2015-2383", "CVE-2015-2373", "CVE-2015-2408", "CVE-2015-2413", "CVE-2015-2369", "CVE-2015-2366", "CVE-2015-1729", "CVE-2015-2417", "CVE-2015-2371", "CVE-2015-2404", "CVE-2015-2361", "CVE-2015-2403", "CVE-2015-2374", "CVE-2015-2410", "CVE-2015-2402", "CVE-2015-2419", "CVE-2015-2390", "CVE-2015-2397", "CVE-2015-2388", "CVE-2015-2398", "CVE-2015-2368", "CVE-2015-2425", "CVE-2015-2416", "CVE-2015-2364", "CVE-2015-2411", "CVE-2015-2363", "CVE-2015-1733", "CVE-2015-2370", "CVE-2015-2412", "CVE-2015-2372", "CVE-2015-2384", "CVE-2015-2381", "CVE-2015-2406", "CVE-2015-2421", "CVE-2015-2389"], "description": "Internet Explorer and VBScript multiple security vulnerabilities, RDP code execution, Hyper-V code execution, multiple privilege escalations.", "edition": 1, "modified": "2015-07-19T00:00:00", "published": "2015-07-19T00:00:00", "id": "SECURITYVULNS:VULN:14594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14594", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}