KLA10474
Multiple vulnerabilities in Microsoft products

Обновлено: 07/08/2022
Дата обнаружения
10/02/2015
Уровень угрозы
Critical
Описание

Multiple critical vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to fain privileges, bypass security restrictions or cause denial of service.

Below is a complete list of vulnerabilities

  1. A double-free and other unknown vulnerability can be exploited locally via a specially designed applications;
  2. An unknown vulnerability can be exploited locally via specially designed TrueType font;
  3. Improper work with impersonation token can be exploited locally via an unknown vectors.
Пораженные продукты

Windows Server 2003 x86, x64, Itanium Service Pack 2
Windows Vista x86, x64 Service Pack 2
Windows Server 2008 x86, x64, Itanium Service Pack 2
Windows 7 x86, x64 Service Pack 1
Windows 2008 R2 x64, Itanium Service Pack 1
Windows 8 x86, x64
Windows 8.1 x86, x64
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
MS advisory
CVE-2015-0057
CVE-2015-0060
CVE-2015-0058
CVE-2015-0059
CVE-2015-0010
CVE-2015-0003
Оказываемое влияние
?
DoS 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Microsoft Windows Vista
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2003
Windows RT
CVE-IDS