KLA51712
Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
2. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely to obtain sensitive information.
3. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
4. An information disclosure vulnerability can be exploited remotely to obtain sensitive information.
5. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
6. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
7. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
9. An elevation of privilege vulnerability in Reliability Analysis Metrics Calculation (RacTask) can be exploited remotely to gain privileges.
10. An information disclosure vulnerability in Windows Cryptographic Services can be exploited remotely to obtain sensitive information.
11. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
12. An elevation of privilege vulnerability in Windows System Assessment Tool can be exploited remotely to gain privileges.
13. An information disclosure vulnerability in Microsoft Message Queuing can be exploited remotely to obtain sensitive information.
14. A security feature bypass vulnerability in Windows Group Policy can be exploited remotely to bypass security restrictions.
15. An elevation of privilege vulnerability in Reliability Analysis Metrics Calculation Engine (RACEng) can be exploited remotely to gain privileges.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

5029301
5029318
5029296
5029307