Beschreibung
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- Improper information disclosing at Edge can be exploited remotely to obtain sensitive information;
- Improper HTML restrictions at Edge can be exploited remotely to bypass XSS filter;
- Improper memory objects handling at Windows Shell can be exploited remotely via a specially designed toolbar object to execute arbitrary code;
- Improper memory object handling at Microsoft Tablet Input Band can be exploited remotely via a specially designed website to execute arbitrary code;
- Improper memory objects handling at windows kernel can be exploited locally via a specially designed application execute arbitrary code;
- Improper policy enforcement at Windows Trusted Boot can be exploited locally via a specially designed Boot Configuration Data to bypass security restrictions;
- Improper validation at mount points creation can be exploited remotely via a specially designed application to gain privileges.
Technical details
Vulnerability (4) could also be exploited remotely via malicious web site.
(6) could lead to bypass of Trusted Boot integrity validation for BitLocker and Device encryption security features.
Ursprüngliche Informationshinweise
- CVE-2015-2548
- CVE-2015-2553
- CVE-2015-6057
- CVE-2015-2515
- CVE-2015-2554
- CVE-2015-2550
- CVE-2015-2552
- CVE-2015-6058
CVE Liste
- CVE-2015-2549 critical
- CVE-2015-2548 critical
- CVE-2015-2553 critical
- CVE-2015-6057 critical
- CVE-2015-2515 critical
- CVE-2015-2554 critical
- CVE-2015-2550 critical
- CVE-2015-2552 critical
- CVE-2015-6058 critical
KB Liste
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!