Kaspersky Threats

Detect date

?

03/10/2015

Severity

?

Critical

Description

Multiple critical vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information or execute arbitrary code.

Below is a complete list of vulnerabilities

Improper memory allocation and some other uknown vulnerability can be exploited remotely via specially designed web site or file;
An unknown vulnerability can be exploited via a specially designed font.

Affected products

Windows Server 2003 x86, x64, for Itanium-based Systems, Service Pack 2
Windows Vista x86, x64 Service Pack 2
Windows Server 2008 x86, x64, for Itanium-based Systems Service Pack 2
Windows 7 x86, x64 Service Pack 1
Windows Server 2008 R2 x64, for Itanium-based Systems Service Pack 1
Windows 8 x86, x64
Windows 8.1 x86, x64
Windows RT, RT 8.1
Windows Server 2008 x64 Service Pack 2 (Server Core installation)
Windows Server 2008 R2 x64 Service Pack 1 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS advisory
CVE-2015-0074
CVE-2015-0090
CVE-2015-0091
CVE-2015-0092
CVE-2015-0093
CVE-2015-0089
CVE-2015-0087
CVE-2015-0088

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

Detect date ?	03/10/2015
Severity ?	Critical
Description	Multiple critical vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information or execute arbitrary code. Below is a complete list of vulnerabilities Improper memory allocation and some other uknown vulnerability can be exploited remotely via specially designed web site or file; An unknown vulnerability can be exploited via a specially designed font.
Affected products	Windows Server 2003 x86, x64, for Itanium-based Systems, Service Pack 2 Windows Vista x86, x64 Service Pack 2 Windows Server 2008 x86, x64, for Itanium-based Systems Service Pack 2 Windows 7 x86, x64 Service Pack 1 Windows Server 2008 R2 x64, for Itanium-based Systems Service Pack 1 Windows 8 x86, x64 Windows 8.1 x86, x64 Windows RT, RT 8.1 Windows Server 2008 x64 Service Pack 2 (Server Core installation) Windows Server 2008 R2 x64 Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation)
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	MS advisory CVE-2015-0074 CVE-2015-0090 CVE-2015-0091 CVE-2015-0092 CVE-2015-0093 CVE-2015-0089 CVE-2015-0087 CVE-2015-0088
Impacts ?	ACE [?] OSI [?] DoS [?]
Related products	Microsoft Windows Vista Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT
CVE-IDS ?	CVE-2015-00744.3Warning CVE-2015-00909.3Critical CVE-2015-00919.3Critical CVE-2015-00929.3Critical CVE-2015-00939.3Critical CVE-2015-00895.0Critical CVE-2015-00875.0Critical CVE-2015-00889.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3032323
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10468Multiple vulnerabilities in Microsoft products

KLA10468
Multiple vulnerabilities in Microsoft products