Microsoft security alert.
February 10, 2015
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 57 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Virtual Machine Manager Elevation of Privilege Vulnerability (MS15-017)
- Severity
- Critical 4
- Qualys ID
- 91021
- Vendor Reference
- MS15-017
- CVE Reference
- CVE-2015-0012
- CVSS Scores
- Base 6.9 / Temporal 5.1
- Description
-
Virtual Machine Manager (VMM) delivers industry leading fabric management, virtual machine management and services deployment in private cloud environments.
A vulnerability exists in Virtual Machine Manager (VMM) when VMM improperly validates user roles.
Affected Software:
Microsoft System Center Virtual Machine Manager 2012 R2 Update Rollup 4.This security update is rated Important for Microsoft System Center 2012 R2 Virtual Machine Manager Update Rollup 4.
- Consequence
- Successful exploitation allows an attacker to gain administrative privileges to the VMM server and take control of all virtual machines controlled by the VMM server.
- Solution
-
Refer to MS15-017 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-017 VMM Server update 3023195
-
Microsoft Graphics Component Information Disclosure Vulnerability (MS15-016)
- Severity
- Critical 4
- Qualys ID
- 91018
- Vendor Reference
- MS15-016
- CVE Reference
- CVE-2015-0061
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
An information disclosure vulnerability exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted TIFF image format files. The vulnerability could allow information disclosure if an attacker runs a specially crafted application on an affected system.
Microsoft has released a security update that addresses the vulnerability by correcting how Windows processes TIFF image format files.
The security update is rated Important for all supported releases of Microsoft Windows.
- Consequence
- An attacker who successfully exploited this vulnerability could potentially read data which was not intended to be disclosed.
- Solution
-
Refer to MS15-016 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-016 Windows 7 for 32-bit Systems Service Pack 1
MS15-016 Windows 7 for x64-based Systems Service Pack 1
MS15-016 Windows 8 for 32-bit Systems
MS15-016 Windows 8 for x64-based Systems
MS15-016 Windows 8.1 for 32-bit Systems
MS15-016 Windows 8.1 for x64-based Systems
MS15-016 Windows Server 2003 Service Pack 2
MS15-016 Windows Server 2003 with SP2 for Itanium-based Systems
MS15-016 Windows Server 2003 x64 Edition Service Pack 2
MS15-016 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-016 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-016 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-016 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-016 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-016 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-016 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-016 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-016 Windows Server 2012
MS15-016 Windows Server 2012
MS15-016 Windows Server 2012 R2
MS15-016 Windows Server 2012 R2
MS15-016 Windows Vista Service Pack 2
MS15-016 Windows Vista x64 Edition Service Pack 2
-
Microsoft Internet Explorer Cumulative Security Update (MS15-009)
- Severity
- Urgent 5
- Qualys ID
- 100220
- Vendor Reference
- MS15-009
- CVE Reference
- CVE-2014-8967, CVE-2015-0017, CVE-2015-0018, CVE-2015-0019, CVE-2015-0020, CVE-2015-0021, CVE-2015-0022, CVE-2015-0023, CVE-2015-0025, CVE-2015-0026, CVE-2015-0027, CVE-2015-0028, CVE-2015-0029, CVE-2015-0030, CVE-2015-0031, CVE-2015-0035, CVE-2015-0036, CVE-2015-0037, CVE-2015-0038, CVE-2015-0039, CVE-2015-0040, CVE-2015-0041, CVE-2015-0042, CVE-2015-0043, CVE-2015-0044, CVE-2015-0045, CVE-2015-0046, CVE-2015-0048, CVE-2015-0049, CVE-2015-0050, CVE-2015-0051, CVE-2015-0052, CVE-2015-0053, CVE-2015-0054, CVE-2015-0055, CVE-2015-0066, CVE-2015-0067, CVE-2015-0068, CVE-2015-0069, CVE-2015-0070, CVE-2015-0071
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
This security update resolves one publicly disclosed and forty privately reported vulnerabilities in Internet Explorer.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, by adding additional permission validations to Internet Explorer, by helping to ensure that affected versions of Internet Explorer properly implement the ASLR security feature, and by helping to ensure that cross-domain policies are properly enforced in Internet Explorer.
This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients
- Consequence
- Successful exploitation of this vulnerability will allow an attacker to execute arbitrary code, failed exploits may result in denial of service.
- Solution
-
Refer to Microsoft Security Bulletin MS15-009 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3021952)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3021952)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3021952)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3021952)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3034196)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3034196)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3034196)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows 8 for 32-bit Systems(3021952)
MS15-009 Windows 8 for 32-bit Systems(3034196)
MS15-009 Windows 8 for x64-based Systems(3021952)
MS15-009 Windows 8 for x64-based Systems(3034196)
MS15-009 Windows 8.1 for 32-bit Systems(3021952)
MS15-009 Windows 8.1 for 32-bit Systems(3034196)
MS15-009 Windows 8.1 for x64-based Systems(3021952)
MS15-009 Windows 8.1 for x64-based Systems(3034196)
MS15-009 Windows Server 2003 Service Pack 2(3021952)
MS15-009 Windows Server 2003 Service Pack 2(3021952)
MS15-009 Windows Server 2003 Service Pack 2(3021952)
MS15-009 Windows Server 2003 with SP2 for Itanium-based Systems(3021952)
MS15-009 Windows Server 2003 with SP2 for Itanium-based Systems(3021952)
MS15-009 Windows Server 2003 x64 Edition Service Pack 2(3021952)
MS15-009 Windows Server 2003 x64 Edition Service Pack 2(3021952)
MS15-009 Windows Server 2003 x64 Edition Service Pack 2(3021952)
MS15-009 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows Server 2008 for 32-bit Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for 32-bit Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for 32-bit Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for 32-bit Systems Service Pack 2(3034196)
MS15-009 Windows Server 2008 for Itanium-based Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for x64-based Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for x64-based Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for x64-based Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for x64-based Systems Service Pack 2(3034196)
MS15-009 Windows Server 2012(3021952)
MS15-009 Windows Server 2012(3034196)
MS15-009 Windows Server 2012 R2(3021952)
MS15-009 Windows Server 2012 R2(3034196)
MS15-009 Windows Vista Service Pack 2(3021952)
MS15-009 Windows Vista Service Pack 2(3021952)
MS15-009 Windows Vista Service Pack 2(3021952)
MS15-009 Windows Vista Service Pack 2(3034196)
MS15-009 Windows Vista x64 Edition Service Pack 2(3021952)
MS15-009 Windows Vista x64 Edition Service Pack 2(3021952)
MS15-009 Windows Vista x64 Edition Service Pack 2(3021952)
MS15-009 Windows Vista x64 Edition Service Pack 2(3034196)
-
Microsoft Windows Kernel-Mode Driver Remote Code Execution Vulnerability (MS15-010)
- Severity
- Critical 4
- Qualys ID
- 91016
- Vendor Reference
- MS15-010
- CVE Reference
- CVE-2015-0003, CVE-2015-0010, CVE-2015-0057, CVE-2015-0058, CVE-2015-0059, CVE-2015-0060
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
The security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver validates certain parameters against registered objects, validates and enforces impersonation levels, handles objects in memory, validates data returned from user mode functions before being executed, handles TrueType
This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1; it is rated Important for all supported editions of Windows Server 2003, Windows Vista, and Windows Server 2008.
Note: Windows XP is end of life and is vulnerable to this issue. For further details see Exploits Against Obsolete Software.
- Consequence
- An attacker who successfully exploits this vulnerability can bypass impersonation-level security and gain elevated privileges on a targeted system, which can allow them to intercept WebDAV requests for files from any server (including corporate SharePoint sites) and redirect those file requests to return any, potentially malicious, files of the attackers choosing.
- Solution
-
Refer to MS15-010 to obtain more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-010 Windows 7 for 32-bit Systems Service Pack 1
MS15-010 Windows 7 for 32-bit Systems Service Pack 1
MS15-010 Windows 7 for x64-based Systems Service Pack 1
MS15-010 Windows 7 for x64-based Systems Service Pack 1
MS15-010 Windows 8 for 32-bit Systems
MS15-010 Windows 8 for 32-bit Systems
MS15-010 Windows 8 for x64-based Systems
MS15-010 Windows 8 for x64-based Systems
MS15-010 Windows 8.1 for 32-bit Systems
MS15-010 Windows 8.1 for 32-bit Systems
MS15-010 Windows 8.1 for x64-based Systems
MS15-010 Windows 8.1 for x64-based Systems
MS15-010 Windows Server 2003 Service Pack 2
MS15-010 Windows Server 2003 Service Pack 2
MS15-010 Windows Server 2003 with SP2 for Itanium-based Systems
MS15-010 Windows Server 2003 with SP2 for Itanium-based Systems
MS15-010 Windows Server 2003 x64 Edition Service Pack 2
MS15-010 Windows Server 2003 x64 Edition Service Pack 2
MS15-010 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-010 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-010 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-010 Windows Server 2012
MS15-010 Windows Server 2012
MS15-010 Windows Server 2012
MS15-010 Windows Server 2012
MS15-010 Windows Server 2012 R2
MS15-010 Windows Server 2012 R2
MS15-010 Windows Server 2012 R2
MS15-010 Windows Server 2012 R2
MS15-010 Windows Vista Service Pack 2
MS15-010 Windows Vista Service Pack 2
MS15-010 Windows Vista x64 Edition Service Pack 2
MS15-010 Windows Vista x64 Edition Service Pack 2
-
Microsoft Group Policy Remote Code Execution Vulnerability (MS15-011)
- Severity
- Urgent 5
- Qualys ID
- 91017
- Vendor Reference
- MS15-011
- CVE Reference
- CVE-2015-0008
- CVSS Scores
- Base 8.3 / Temporal 6.9
- Description
-
The security update addresses the vulnerability by improving how domain-configured systems connect to domain controllers prior to Group Policy accepting configuration data.
This security update is rated Critical for all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1
Note: There is no update released for Windows 2003. This vulnerability requires that a user connect their computer to an untrusted network such as a Wi-Fi hotspot in a coffee shop; therefore, workstations that are connected to an untrusted network are most at risk from this vulnerability.
QID Detection Logic (Authenticated):
Operating Systems: Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8, Windows RT, Windows RT 8.1, Windows Server 2012
This QID checks for the file version of %windir%\system32\gpsvc.dll
The following KBs are checked:
The patch version of 6.0.6002.19279 (KB3000483)
The patch version of 6.0.6002.23588 (KB3000483)
The patch version of 6.1.7601.18711 (KB3000483)
The patch version of 6.1.7601.22917 (KB3000483)
The patch version of 6.2.9200.17225 (KB3000483)
The patch version of 6.2.9200.21339 (KB3000483)
The patch version of 6.3.9600.17630 (KB3000483)
In addition, Registry Key - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History - checks if system is connected to the domain. If yes, then following Minimum recommended settings mentioned in KB3000483 are checked:-
1. Registry key - HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths with value "Netlogon" contains data - RequireMutualAuthentication=1, RequireIntegrity=1
2. Registry key - HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths with value "Sysvol" contains data - RequireMutualAuthentication=1, RequireIntegrity=1
Value Name Value \\*\NETLOGON RequireMutualAuthentication=1, RequireIntegrity=1 \\*\SYSVOL RequireMutualAuthentication=1, RequireIntegrity=1
- Consequence
-
The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network.
- Solution
-
Refer to MS15-011to obtain further patch information.
In some environments, to be completely protected from the vulnerability, additional configuration by a system administrator is required in addition to deploying this security update. Refer to Microsoft Knowledge Base Article KB3000483 to obtain further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-011 Windows 7 for 32-bit Systems Service Pack 1
MS15-011 Windows 7 for x64-based Systems Service Pack 1
MS15-011 Windows 8 for 32-bit Systems
MS15-011 Windows 8 for x64-based Systems
MS15-011 Windows 8.1 for 32-bit Systems
MS15-011 Windows 8.1 for x64-based Systems
MS15-011 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-011 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-011 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-011 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-011 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-011 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-011 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-011 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-011 Windows Server 2012
MS15-011 Windows Server 2012
MS15-011 Windows Server 2012 R2
MS15-011 Windows Server 2012 R2
MS15-011 Windows Vista Service Pack 2
MS15-011 Windows Vista x64 Edition Service Pack 2
-
Microsoft Office Remote Code Execution Vulnerability (MS15-012)
- Severity
- Critical 4
- Qualys ID
- 110249
- Vendor Reference
- MS15-012
- CVE Reference
- CVE-2015-0063, CVE-2015-0064, CVE-2015-0065
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
This security update resolves three privately reported vulnerabilities in Microsoft Office.
These vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
This security update is rated Important for all supported editions of Microsoft Excel 2007, Microsoft Word 2007, Microsoft Office 2010, Microsoft Excel 2010, Microsoft Word 2010, Microsoft Web Applications 2010, Microsoft Excel 2013, Microsoft Word Viewer, Microsoft Excel Viewer, and Microsoft Office Compatibility Pack.
- Consequence
- Successfully exploiting these vulnerabilities might allow a remote attacker to execute arbitrary code on the affected system
- Solution
-
Refer to Microsoft Security Bulletin MS15-012 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-012 Microsoft Excel Viewer
MS15-012 Microsoft Office 2007 Service Pack 3(Microsoft Excel 2007 Service Pack 3)
MS15-012 Microsoft Office 2007 Service Pack 3(Microsoft Word 2007 Service Pack 3)
MS15-012 Microsoft Office 2010 Service Pack 2 (32-bit editions)(Microsoft Excel 2010 Service Pack 2 (32-bit editions))
MS15-012 Microsoft Office 2010 Service Pack 2 (32-bit editions)(Microsoft Word 2010 Service Pack 2 (32-bit editions))
MS15-012 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS15-012 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS15-012 Microsoft Office 2010 Service Pack 2 (64-bit editions)(Microsoft Excel 2010 Service Pack 2 (64-bit editions))
MS15-012 Microsoft Office 2010 Service Pack 2 (64-bit editions)(Microsoft Word 2010 Service Pack 2 (64-bit editions))
MS15-012 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS15-012 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS15-012 Microsoft Office 2013 (32-bit editions)(Microsoft Excel 2013 (32-bit editions))
MS15-012 Microsoft Office 2013 (64-bit editions)(Microsoft Excel 2013 (64-bit editions))
MS15-012 Microsoft Office 2013 Service Pack 1 (32-bit editions)(Microsoft Excel 2013 Service Pack 1 (32-bit editions))
MS15-012 Microsoft Office 2013 Service Pack 1 (64-bit editions)(Microsoft Excel 2013 Service Pack 1 (64-bit editions))
MS15-012 Microsoft Office Compatibility Pack Service Pack 3
MS15-012 Microsoft Office Compatibility Pack Service Pack 3
MS15-012 Microsoft Office Web Apps 2010 Service Pack 2(Microsoft Web Applications 2010 Service Pack 2)
MS15-012 Microsoft SharePoint Server 2010 Service Pack 2(Word Automation Services)
MS15-012 Microsoft Word Viewer
-
Microsoft Office Security Bypass Feature Bypass Vulnerability (MS15-013)
- Severity
- Serious 3
- Qualys ID
- 110250
- Vendor Reference
- MS15-013
- CVE Reference
- CVE-2013-2852, CVE-2014-6362
- CVSS Scores
- Base 6.9 / Temporal 5.4
- Description
-
This security update resolves one publicly disclosed vulnerability in Microsoft Office.
The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file.
This security update is rated Important for all supported editions of Microsoft Office 2007, Microsoft Office 2010, and Microsoft Office 2013.
- Consequence
- Successfully exploiting this vulnerability might allow a remote attacker to bypass security features of Microsoft Office.
- Solution
-
Refer to Microsoft Security Bulletin MS15-013 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-013 Microsoft Office 2007 Service Pack 3
MS15-013 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS15-013 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS15-013 Microsoft Office 2013 (32-bit editions)
MS15-013 Microsoft Office 2013 (64-bit editions)
MS15-013 Microsoft Office 2013 Service Pack 1 (32-bit editions)
MS15-013 Microsoft Office 2013 Service Pack 1 (64-bit editions)
-
Microsoft Windows Group Policy Security Feature Bypass Vulnerability (MS15-014)
- Severity
- Serious 3
- Qualys ID
- 91020
- Vendor Reference
- MS15-014
- CVE Reference
- CVE-2015-0009
- CVSS Scores
- Base 3.3 / Temporal 2.6
- Description
-
A security feature bypass vulnerability exists in the Group Policy application of Security Configuration policies that could cause Group Policy settings on a targeted system to revert to their default, and potentially less secure, state.
The security update addresses the vulnerability by correcting how Group Policy settings are applied when the Security Configuration Engine policy file is corrupted or otherwise unreadable.
This security update is rated Important for all supported releases of Microsoft Windows.
- Consequence
- The vulnerability could allow security feature bypass.
- Solution
-
Refer to MS15-014 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-014 Windows 7 for 32-bit Systems Service Pack 1
MS15-014 Windows 7 for x64-based Systems Service Pack 1
MS15-014 Windows 8 for 32-bit Systems
MS15-014 Windows 8 for x64-based Systems
MS15-014 Windows 8.1 for 32-bit Systems
MS15-014 Windows 8.1 for x64-based Systems
MS15-014 Windows Server 2003 Service Pack 2
MS15-014 Windows Server 2003 with SP2 for Itanium-based Systems
MS15-014 Windows Server 2003 x64 Edition Service Pack 2
MS15-014 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-014 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-014 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-014 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-014 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-014 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-014 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-014 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-014 Windows Server 2012
MS15-014 Windows Server 2012
MS15-014 Windows Server 2012 R2
MS15-014 Windows Server 2012 R2
MS15-014 Windows Vista Service Pack 2
MS15-014 Windows Vista x64 Edition Service Pack 2
-
Microsoft Windows Elevation of Privilege Vulnerability (MS15-015)
- Severity
- Serious 3
- Qualys ID
- 91019
- Vendor Reference
- MS15-015
- CVE Reference
- CVE-2015-0062
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
An elevation of privilege vulnerability exists in Microsoft Windows. This is due to improper validation and enforcement of impersonation checks. The vulnerability can be exploited only in the specific scenario where the process uses SeAssignPrimaryTokenPrivilege.
Affected Software:
Windows 7 Service Pack 1
Windows Server 2008 R2 Service Pack 1
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1
This security update is rated Important.
- Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. If this process runs with administrator privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Refer to MS15-015 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-015 Windows 7 for 32-bit Systems Service Pack 1
MS15-015 Windows 7 for x64-based Systems Service Pack 1
MS15-015 Windows 8 for 32-bit Systems
MS15-015 Windows 8 for x64-based Systems
MS15-015 Windows 8.1 for 32-bit Systems
MS15-015 Windows 8.1 for x64-based Systems
MS15-015 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-015 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-015 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-015 Windows Server 2012
MS15-015 Windows Server 2012
MS15-015 Windows Server 2012 R2
MS15-015 Windows Server 2012 R2
These new vulnerability checks are included in Qualys vulnerability signature 2.2.934-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 91021
- 91018
- 100220
- 91016
- 91017
- 110249
- 110250
- 91020
- 91019
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.