Дата обнаружения
|
11/08/2015 |
Уровень угрозы
|
Critical |
Описание
|
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities
Technical details (1) can be exploited by multiple ways for example opening document or website with embedded malicious fonts. By exploiting (2) malicious can retrieve base address of the kernel driver from affected process or bypass impersonation restrictions. To exploit this vulnerability malicious must log on to system and run specially designed application. By exploiting (3) malicious can monitor actions of another users loged in to affected system after malicious user loged off or observe data that was accessible to affected users. To exploit this vulnerability attacker must log on to affected system and run a specially designed application which will continue working after malicious logs off. To exploit (4) malicious user must log on to affected system and run specially designed application. (5) caused by certificates validation errors during auth. Man-in-the-middle attacker can generate untrusted certificate that matches issuer name and serial number of the trusted certificates. To exploit (6) attacker must place malicious DLL to target user’s working directory and then lead user to open the specially designed RDP file. Systems without enabled RDP server are out of risk. (7) caused by improper handling some logging activity by SMB, resulting memory corruption. To exploit this vulnerability malicious must use valid credentials and use specially designed string to leverage SMB server logging error. (8) caused by Microsoft XML Core Services, exposes memory addresses not intended for disclosure. By exploiting this vulnerability malicious can bypass Address Space Layout Randomization restrictions to obtain sensitive information. To exploit this vulnerability attacker could host malicious website to invoke MSXML via Internet Explorer. (10) related to Universal Description, Discovery and Integration Services, which improperly validate or sanitize search parameter in FRAME tag.By exploiting this vulnerability via XSS attack malicious could gain auth cookies or unexpectedly redirect affected user. To exploit (11) attacker must first leverage another vulnerability to cause code execution in IE with EPM. Than malicious can execute Excel, Notepad, PowerPoint or another with unsafe command line parameter. Another part of updates for this vulnerability listed in KLA10645, KLA10648 Vulnerability (12) related to Microsoft XML Core Services and Web Distributed Authoring and Versioning which allows use of SSL 2.0. Man-in-the-middle attacker can force SSL 2.0 session and then decrypt part of transmitted data. (13) caused by allowance of registry and filesystem changes for some applications from sandbox. Attacker must lead user to open some specially designed file invokes vulnerable sandboxed application. Vulnerability (15) allow attacker to predict the memory offsets of specific instructions in a given call stack. |
Пораженные продукты
|
Windows Vista Service Pack 2 |
Решение
|
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) |
Первичный источник обнаружения
|
CVE-2015-2423 CVE-2015-2431 CVE-2015-2430 CVE-2015-2456 CVE-2015-2458 CVE-2015-2433 CVE-2015-2432 CVE-2015-2471 CVE-2015-2472 CVE-2015-2473 CVE-2015-2474 CVE-2015-2475 CVE-2015-2476 CVE-2015-1769 CVE-2015-2449 CVE-2015-2455 CVE-2015-2460 CVE-2015-2459 CVE-2015-2462 CVE-2015-2461 CVE-2015-2464 CVE-2015-2463 CVE-2015-2465 CVE-2015-2454 CVE-2015-2453 CVE-2015-2434 CVE-2015-2435 CVE-2015-2428 CVE-2015-2441 CVE-2015-2446 CVE-2015-2429 CVE-2015-2440 CVE-2015-2442 |
Оказываемое влияние
?
|
ACE
[?]
OSI
[?]
DoS
[?]
SB
[?]
|
Связанные продукты
|
Microsoft .NET Framework Microsoft Silverlight Microsoft Lync Microsoft Office Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10 |
CVE-IDS
|
CVE-2015-24234.3Warning
CVE-2015-24319.3Critical CVE-2015-24309.3Critical CVE-2015-24569.3Critical CVE-2015-24589.3Critical CVE-2015-24332.1Warning CVE-2015-24329.3Critical CVE-2015-24714.3Warning CVE-2015-24724.3Warning CVE-2015-24739.3Critical CVE-2015-24749.0Critical CVE-2015-24754.3Warning CVE-2015-24762.6Warning CVE-2015-17697.2High CVE-2015-24494.3Warning CVE-2015-24559.3Critical CVE-2015-24609.3Critical CVE-2015-24599.3Critical CVE-2015-24629.3Critical CVE-2015-24619.3Critical CVE-2015-24649.3Critical CVE-2015-24639.3Critical CVE-2015-24652.1Warning CVE-2015-24542.1Warning CVE-2015-24534.7Warning CVE-2015-24344.3Warning CVE-2015-24359.3Critical CVE-2015-24282.1Warning CVE-2015-24419.3Critical CVE-2015-24469.3Critical CVE-2015-24299.3Critical CVE-2015-24404.3Warning CVE-2015-24429.3Critical |