Kaspersky Threats

Description

Multiple serious vulnerabilities have been found in Microsoft Windows and related products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

Improper memory objects access at Edge can be exploited remotely via a specially designed web site or user web content to execute arbitrary code;
Improper accounts handling at Active Directory can be exploited remotely via machine accounts manipulating to cause denial of service;
Improper fonts handling at Adobe Type Manager can be exploited remotely via a specially designed OpenType font to cause denial of service;
Improper memory objects handling at Adobe Type Manager can be exploited remotely via a specially designed application to execute arbitrary code;
Improper fonts handling at Windows, Office and Lync components can be exploited remotely via a specially designed OpenType font to execute arbitrary code;
Improper memory objects handling at kernel-mode driver can be exploited via a specially designed application to gain privileges;
Lack of integrity levels validation and enforcement at kernel-mode driver can be exploited via a specially designed application to gain privileges;
Improper memory address initialization can be exploited locally via a compromised process to bypass security restrictions;
An unknown vulnerabilities at Windows Journal can be exploited remotely via a specially designed journal file to execute arbitrary code or cause denial of service;
Improper impersonation levels validation and enforcement at Task Management and can be exploited via a specially designed application to gain privileges;
Improper file interaction verification at Task Scheduler can be exploited via a specially designed application to gain privileges;
Improper access control list configuration appliance at Hyper-V can be exploited remotely via a specially designed application to bypass security restrictions;
Lack of *.mcl (Media Center Link) files handling restrictions in Windows Media Center can be exploited remotely via a specially designed mcl file to execute arbitrary code.

Technical details

(2) can be exploited via creating multiple machine accounts.

Denial of service caused by exploitation of (9) can lead to data loss.

Exploitation of vulnerability (12) can cause allowance of unintended network traffic. Customers with disabled Hyper-V role are not affected to this vulnerability.

To exploit vulnerabilities (2, 4, 6, 7, 10, 11) attacker must be logged in and specially for vulnerability (2) have sufficient permissions to create accounts.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

CVE list

CVE-2015-2494
critical
CVE-2015-2542
critical
CVE-2015-2486
critical
CVE-2015-2485
critical
CVE-2015-2546
high
CVE-2015-2535
warning
CVE-2015-2534
warning
CVE-2015-2530
critical
CVE-2015-2529
warning
CVE-2015-2528
high
CVE-2015-2527
high
CVE-2015-2525
high
CVE-2015-2524
high
CVE-2015-2509
critical
CVE-2015-2517
high
CVE-2015-2516
warning
CVE-2015-2514
critical
CVE-2015-2513
critical
CVE-2015-2512
high
CVE-2015-2511
high
CVE-2015-2510
critical
CVE-2015-2519
critical
CVE-2015-2518
high
CVE-2015-2506
critical
CVE-2015-2507
high
CVE-2015-2508
high

KB list

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Multiple vulnerabilities in Microsoft Windows