Kaspersky Threats

Detect date

?

09/08/2015

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Windows and related products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

Improper memory objects access at Edge can be exploited remotely via a specially designed web site or user web content to execute arbitrary code;
Improper accounts handling at Active Directory can be exploited remotely via machine accounts manipulating to cause denial of service;
Improper fonts handling at Adobe Type Manager can be exploited remotely via a specially designed OpenType font to cause denial of service;
Improper memory objects handling at Adobe Type Manager can be exploited remotely via a specially designed application to execute arbitrary code;
Improper fonts handling at Windows, Office and Lync components can be exploited remotely via a specially designed OpenType font to execute arbitrary code;
Improper memory objects handling at kernel-mode driver can be exploited via a specially designed application to gain privileges;
Lack of integrity levels validation and enforcement at kernel-mode driver can be exploited via a specially designed application to gain privileges;
Improper memory address initialization can be exploited locally via a compromised process to bypass security restrictions;
An unknown vulnerabilities at Windows Journal can be exploited remotely via a specially designed journal file to execute arbitrary code or cause denial of service;
Improper impersonation levels validation and enforcement at Task Management and can be exploited via a specially designed application to gain privileges;
Improper file interaction verification at Task Scheduler can be exploited via a specially designed application to gain privileges;
Improper access control list configuration appliance at Hyper-V can be exploited remotely via a specially designed application to bypass security restrictions;
Lack of *.mcl (Media Center Link) files handling restrictions in Windows Media Center can be exploited remotely via a specially designed mcl file to execute arbitrary code.

Technical details

(2) can be exploited via creating multiple machine accounts.

Denial of service caused by exploitation of (9) can lead to data loss.

Exploitation of vulnerability (12) can cause allowance of unintended network traffic. Customers with disabled Hyper-V role are not affected to this vulnerability.

To exploit vulnerabilities (2, 4, 6, 7, 10, 11) attacker must be logged in and specially for vulnerability (2) have sufficient permissions to create accounts.

Affected products

Windows 10
Windows Server 2008 Service Pack 2
Windows Server 2008 R2 Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows 7 Service Pack 1
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Office 2007 Service Pack 3
Office 2010 Service Pack 2
Lync 2013 Service Pack 1
Lync Basic 2013 Service Pack 1
Lync 2010
Lync 2010 Attendee
Live Meeting 2007 Console
Windows Media Center

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-2494
CVE-2015-2542
CVE-2015-2486
CVE-2015-2485
CVE-2015-2546
CVE-2015-2535
CVE-2015-2534
CVE-2015-2530
CVE-2015-2529
CVE-2015-2528
CVE-2015-2527
CVE-2015-2525
CVE-2015-2524
CVE-2015-2509
CVE-2015-2517
CVE-2015-2516
CVE-2015-2514
CVE-2015-2513
CVE-2015-2512
CVE-2015-2511
CVE-2015-2510
CVE-2015-2519
CVE-2015-2518
CVE-2015-2506
CVE-2015-2507
CVE-2015-2508

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

WLF

[?]

PE

[?]

Related products

Microsoft Lync
Microsoft Office
Microsoft Windows Vista
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2008
Windows RT
Microsoft Windows 10
Microsoft Windows Media Center

CVE-IDS

?

Microsoft official advisories

Microsoft Security Update Guide

KB list

3089657
3087135
3081088
3085500
3084135
3087088
3072595
3081091
3081087
3081090
3081455
3085546
3085529
3089656
3069114
3089669
3082089
3089665
3091287
3087039
3081089
3087918

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Find out the statistics of the vulnerabilities spreading in your region

Detect date ?	09/08/2015
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Windows and related products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code. Below is a complete list of vulnerabilities Improper memory objects access at Edge can be exploited remotely via a specially designed web site or user web content to execute arbitrary code; Improper accounts handling at Active Directory can be exploited remotely via machine accounts manipulating to cause denial of service; Improper fonts handling at Adobe Type Manager can be exploited remotely via a specially designed OpenType font to cause denial of service; Improper memory objects handling at Adobe Type Manager can be exploited remotely via a specially designed application to execute arbitrary code; Improper fonts handling at Windows, Office and Lync components can be exploited remotely via a specially designed OpenType font to execute arbitrary code; Improper memory objects handling at kernel-mode driver can be exploited via a specially designed application to gain privileges; Lack of integrity levels validation and enforcement at kernel-mode driver can be exploited via a specially designed application to gain privileges; Improper memory address initialization can be exploited locally via a compromised process to bypass security restrictions; An unknown vulnerabilities at Windows Journal can be exploited remotely via a specially designed journal file to execute arbitrary code or cause denial of service; Improper impersonation levels validation and enforcement at Task Management and can be exploited via a specially designed application to gain privileges; Improper file interaction verification at Task Scheduler can be exploited via a specially designed application to gain privileges; Improper access control list configuration appliance at Hyper-V can be exploited remotely via a specially designed application to bypass security restrictions; Lack of .mcl (Media Center Link) files handling restrictions in Windows Media Center can be exploited remotely via a specially designed mcl file to execute arbitrary code. Technical details* (2) can be exploited via creating multiple machine accounts. Denial of service caused by exploitation of (9) can lead to data loss. Exploitation of vulnerability (12) can cause allowance of unintended network traffic. Customers with disabled Hyper-V role are not affected to this vulnerability. To exploit vulnerabilities (2, 4, 6, 7, 10, 11) attacker must be logged in and specially for vulnerability (2) have sufficient permissions to create accounts.
Affected products	Windows 10 Windows Server 2008 Service Pack 2 Windows Server 2008 R2 Service Pack 1 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows 7 Service Pack 1 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Office 2007 Service Pack 3 Office 2010 Service Pack 2 Lync 2013 Service Pack 1 Lync Basic 2013 Service Pack 1 Lync 2010 Lync 2010 Attendee Live Meeting 2007 Console Windows Media Center
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2015-2494 CVE-2015-2542 CVE-2015-2486 CVE-2015-2485 CVE-2015-2546 CVE-2015-2535 CVE-2015-2534 CVE-2015-2530 CVE-2015-2529 CVE-2015-2528 CVE-2015-2527 CVE-2015-2525 CVE-2015-2524 CVE-2015-2509 CVE-2015-2517 CVE-2015-2516 CVE-2015-2514 CVE-2015-2513 CVE-2015-2512 CVE-2015-2511 CVE-2015-2510 CVE-2015-2519 CVE-2015-2518 CVE-2015-2506 CVE-2015-2507 CVE-2015-2508
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] WLF [?] PE [?]
Related products	Microsoft Lync Microsoft Office Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10 Microsoft Windows Media Center
CVE-IDS ?	CVE-2015-24949.3Critical CVE-2015-25429.3Critical CVE-2015-24869.3Critical CVE-2015-24859.3Critical CVE-2015-25466.9High CVE-2015-25354.0Warning CVE-2015-25341.9Warning CVE-2015-25309.3Critical CVE-2015-25292.1Warning CVE-2015-25287.2High CVE-2015-25277.2High CVE-2015-25257.2High CVE-2015-25247.2High CVE-2015-25099.3Critical CVE-2015-25176.9High CVE-2015-25164.3Warning CVE-2015-25149.3Critical CVE-2015-25139.3Critical CVE-2015-25127.2High CVE-2015-25116.9High CVE-2015-25109.3Critical CVE-2015-25199.3Critical CVE-2015-25186.9High CVE-2015-25069.3Critical CVE-2015-25077.2High CVE-2015-25087.2High
Microsoft official advisories	Microsoft Security Update Guide
KB list	3089657 3087135 3081088 3085500 3084135 3087088 3072595 3081091 3081087 3081090 3081455 3085546 3085529 3089656 3069114 3089669 3082089 3089665 3091287 3087039 3081089 3087918
Exploitation	Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10656Multiple vulnerabilities in Microsoft Windows

KLA10656
Multiple vulnerabilities in Microsoft Windows