Kaspersky Threats

Detect date

?

12/08/2015

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service or gain privileges.

Below is a complete list of vulnerabilities

Improper requests parsing at Windows Domain Name System (DNS) can be exploited remotely via a specially designed DNS requests to execute arbitrary code;
Improper fonts parsing at Uniscribe can be exploited remotely via a specially designed content to execute arbitrary code;
Improper input validation can be exploited locally via a specially designed application to execute arbitrary code;
Race condition at Windows Pragmatic General Multicast (PGM) protocol can be exploited by logged in attacker via a specially designed application to gain privileges;
Improper memory handling at Windows kernel can be exploited by logged in user to gain privileges.
Unspecified vulnerabilities in Windows Media Center

Technical details

Vulnerability (1) is relevant for Windows servers configured as DNS servers. Exploitation of this vulnerability can lead to arbitrary code execution in the context of Local System Account.

Vulnerability (3) caused by improper input validation before libraries loading.

Vulnerability (4) related to situation when attacker-induced race condition results in references to memory contents that have already been freed. This vulnerability id relevant only for systems with installed Microsoft Message Queuing and specifically enabled PGM which isn’t default configuration.

Affected products

Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Microsoft Windows 10 version 1511
Windows Media Center

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-6127
CVE-2015-6131
CVE-2015-6130
CVE-2015-6133
CVE-2015-6132
CVE-2015-6126
CVE-2015-6125
CVE-2015-6175
CVE-2015-6174
CVE-2015-6128
CVE-2015-6171
CVE-2015-6173

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

PE

[?]

Detect date ?	12/08/2015
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service or gain privileges. Below is a complete list of vulnerabilities Improper requests parsing at Windows Domain Name System (DNS) can be exploited remotely via a specially designed DNS requests to execute arbitrary code; Improper fonts parsing at Uniscribe can be exploited remotely via a specially designed content to execute arbitrary code; Improper input validation can be exploited locally via a specially designed application to execute arbitrary code; Race condition at Windows Pragmatic General Multicast (PGM) protocol can be exploited by logged in attacker via a specially designed application to gain privileges; Improper memory handling at Windows kernel can be exploited by logged in user to gain privileges. Unspecified vulnerabilities in Windows Media Center Technical details Vulnerability (1) is relevant for Windows servers configured as DNS servers. Exploitation of this vulnerability can lead to arbitrary code execution in the context of Local System Account. Vulnerability (3) caused by improper input validation before libraries loading. Vulnerability (4) related to situation when attacker-induced race condition results in references to memory contents that have already been freed. This vulnerability id relevant only for systems with installed Microsoft Message Queuing and specifically enabled PGM which isn’t default configuration.
Affected products	Microsoft Windows Vista Service Pack 2 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows 7 Service Pack 1 Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 Microsoft Windows 10 version 1511 Windows Media Center
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2015-6127 CVE-2015-6131 CVE-2015-6130 CVE-2015-6133 CVE-2015-6132 CVE-2015-6126 CVE-2015-6125 CVE-2015-6175 CVE-2015-6174 CVE-2015-6128 CVE-2015-6171 CVE-2015-6173
Impacts ?	ACE [?] OSI [?] DoS [?] PE [?]
Related products	Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10 Microsoft Windows Media Center
CVE-IDS ?	CVE-2015-61274.3Warning CVE-2015-61319.3Critical CVE-2015-61309.3Critical CVE-2015-61337.2High CVE-2015-61327.2High CVE-2015-61267.2High CVE-2015-61259.3Critical CVE-2015-61757.2High CVE-2015-61747.2High CVE-2015-61287.2High CVE-2015-61717.2High CVE-2015-61737.2High
Microsoft official advisories	Microsoft Security Update Guide
KB list	3108347 3109094 3109103 3116130 3108381 3108371 3116162 3100465 3116900 3116869 3119075 3108670 3108669
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/38912 https://www.exploit-db.com/exploits/38911 https://www.exploit-db.com/exploits/38968 https://www.exploit-db.com/exploits/38918 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.