Microsoft Security Bulletin: February 10

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 57 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

Microsoft Virtual Machine Manager Elevation of Privilege Vulnerability (MS15-017)

Severity

Critical 4

Qualys ID

91021

Vendor Reference

MS15-017

CVE Reference

CVE-2015-0012

CVSS Scores

Base 6.9 / Temporal 5.1

Description

Virtual Machine Manager (VMM) delivers industry leading fabric management, virtual machine management and services deployment in private cloud environments.
A vulnerability exists in Virtual Machine Manager (VMM) when VMM improperly validates user roles.
Affected Software:
Microsoft System Center Virtual Machine Manager 2012 R2 Update Rollup 4.
This security update is rated Important for Microsoft System Center 2012 R2 Virtual Machine Manager Update Rollup 4.

Consequence

Successful exploitation allows an attacker to gain administrative privileges to the VMM server and take control of all virtual machines controlled by the VMM server.

Solution

Refer to MS15-017 for further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-017 VMM Server update 3023195
Microsoft Graphics Component Information Disclosure Vulnerability (MS15-016)

Severity

Critical 4

Qualys ID

91018

Vendor Reference

MS15-016

CVE Reference

CVE-2015-0061

CVSS Scores

Base 4.3 / Temporal 3.2

Description

An information disclosure vulnerability exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted TIFF image format files. The vulnerability could allow information disclosure if an attacker runs a specially crafted application on an affected system.
Microsoft has released a security update that addresses the vulnerability by correcting how Windows processes TIFF image format files.
The security update is rated Important for all supported releases of Microsoft Windows.

Consequence

An attacker who successfully exploited this vulnerability could potentially read data which was not intended to be disclosed.

Solution

Refer to MS15-016 for further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-016 Windows 7 for 32-bit Systems Service Pack 1
MS15-016 Windows 7 for x64-based Systems Service Pack 1
MS15-016 Windows 8 for 32-bit Systems
MS15-016 Windows 8 for x64-based Systems
MS15-016 Windows 8.1 for 32-bit Systems
MS15-016 Windows 8.1 for x64-based Systems
MS15-016 Windows Server 2003 Service Pack 2
MS15-016 Windows Server 2003 with SP2 for Itanium-based Systems
MS15-016 Windows Server 2003 x64 Edition Service Pack 2
MS15-016 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-016 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-016 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-016 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-016 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-016 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-016 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-016 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-016 Windows Server 2012
MS15-016 Windows Server 2012
MS15-016 Windows Server 2012 R2
MS15-016 Windows Server 2012 R2
MS15-016 Windows Vista Service Pack 2
MS15-016 Windows Vista x64 Edition Service Pack 2
Microsoft Internet Explorer Cumulative Security Update (MS15-009)

Severity

Urgent 5

Qualys ID

100220

Vendor Reference

MS15-009

CVE Reference

CVE-2014-8967, CVE-2015-0017, CVE-2015-0018, CVE-2015-0019, CVE-2015-0020, CVE-2015-0021, CVE-2015-0022, CVE-2015-0023, CVE-2015-0025, CVE-2015-0026, CVE-2015-0027, CVE-2015-0028, CVE-2015-0029, CVE-2015-0030, CVE-2015-0031, CVE-2015-0035, CVE-2015-0036, CVE-2015-0037, CVE-2015-0038, CVE-2015-0039, CVE-2015-0040, CVE-2015-0041, CVE-2015-0042, CVE-2015-0043, CVE-2015-0044, CVE-2015-0045, CVE-2015-0046, CVE-2015-0048, CVE-2015-0049, CVE-2015-0050, CVE-2015-0051, CVE-2015-0052, CVE-2015-0053, CVE-2015-0054, CVE-2015-0055, CVE-2015-0066, CVE-2015-0067, CVE-2015-0068, CVE-2015-0069, CVE-2015-0070, CVE-2015-0071

CVSS Scores

Base 9.3 / Temporal 7.7

Description

Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
This security update resolves one publicly disclosed and forty privately reported vulnerabilities in Internet Explorer.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, by adding additional permission validations to Internet Explorer, by helping to ensure that affected versions of Internet Explorer properly implement the ASLR security feature, and by helping to ensure that cross-domain policies are properly enforced in Internet Explorer.
This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients

Consequence

Successful exploitation of this vulnerability will allow an attacker to execute arbitrary code, failed exploits may result in denial of service.

Solution

Refer to Microsoft Security Bulletin MS15-009 for details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3021952)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3021952)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3021952)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3021952)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3034196)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3034196)
MS15-009 Windows 7 for 32-bit Systems Service Pack 1(3034196)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows 7 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows 8 for 32-bit Systems(3021952)
MS15-009 Windows 8 for 32-bit Systems(3034196)
MS15-009 Windows 8 for x64-based Systems(3021952)
MS15-009 Windows 8 for x64-based Systems(3034196)
MS15-009 Windows 8.1 for 32-bit Systems(3021952)
MS15-009 Windows 8.1 for 32-bit Systems(3034196)
MS15-009 Windows 8.1 for x64-based Systems(3021952)
MS15-009 Windows 8.1 for x64-based Systems(3034196)
MS15-009 Windows Server 2003 Service Pack 2(3021952)
MS15-009 Windows Server 2003 Service Pack 2(3021952)
MS15-009 Windows Server 2003 Service Pack 2(3021952)
MS15-009 Windows Server 2003 with SP2 for Itanium-based Systems(3021952)
MS15-009 Windows Server 2003 with SP2 for Itanium-based Systems(3021952)
MS15-009 Windows Server 2003 x64 Edition Service Pack 2(3021952)
MS15-009 Windows Server 2003 x64 Edition Service Pack 2(3021952)
MS15-009 Windows Server 2003 x64 Edition Service Pack 2(3021952)
MS15-009 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3021952)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows Server 2008 R2 for x64-based Systems Service Pack 1(3034196)
MS15-009 Windows Server 2008 for 32-bit Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for 32-bit Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for 32-bit Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for 32-bit Systems Service Pack 2(3034196)
MS15-009 Windows Server 2008 for Itanium-based Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for x64-based Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for x64-based Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for x64-based Systems Service Pack 2(3021952)
MS15-009 Windows Server 2008 for x64-based Systems Service Pack 2(3034196)
MS15-009 Windows Server 2012(3021952)
MS15-009 Windows Server 2012(3034196)
MS15-009 Windows Server 2012 R2(3021952)
MS15-009 Windows Server 2012 R2(3034196)
MS15-009 Windows Vista Service Pack 2(3021952)
MS15-009 Windows Vista Service Pack 2(3021952)
MS15-009 Windows Vista Service Pack 2(3021952)
MS15-009 Windows Vista Service Pack 2(3034196)
MS15-009 Windows Vista x64 Edition Service Pack 2(3021952)
MS15-009 Windows Vista x64 Edition Service Pack 2(3021952)
MS15-009 Windows Vista x64 Edition Service Pack 2(3021952)
MS15-009 Windows Vista x64 Edition Service Pack 2(3034196)
Microsoft Windows Kernel-Mode Driver Remote Code Execution Vulnerability (MS15-010)

Severity

Critical 4

Qualys ID

91016

Vendor Reference

MS15-010

CVE Reference

CVE-2015-0003, CVE-2015-0010, CVE-2015-0057, CVE-2015-0058, CVE-2015-0059, CVE-2015-0060

CVSS Scores

Base 7.2 / Temporal 6

Description

The security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver validates certain parameters against registered objects, validates and enforces impersonation levels, handles objects in memory, validates data returned from user mode functions before being executed, handles TrueType
This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1; it is rated Important for all supported editions of Windows Server 2003, Windows Vista, and Windows Server 2008.
Note: Windows XP is end of life and is vulnerable to this issue. For further details see Exploits Against Obsolete Software.

Consequence

An attacker who successfully exploits this vulnerability can bypass impersonation-level security and gain elevated privileges on a targeted system, which can allow them to intercept WebDAV requests for files from any server (including corporate SharePoint sites) and redirect those file requests to return any, potentially malicious, files of the attackers choosing.

Solution

Refer to MS15-010 to obtain more information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-010 Windows 7 for 32-bit Systems Service Pack 1
MS15-010 Windows 7 for 32-bit Systems Service Pack 1
MS15-010 Windows 7 for x64-based Systems Service Pack 1
MS15-010 Windows 7 for x64-based Systems Service Pack 1
MS15-010 Windows 8 for 32-bit Systems
MS15-010 Windows 8 for 32-bit Systems
MS15-010 Windows 8 for x64-based Systems
MS15-010 Windows 8 for x64-based Systems
MS15-010 Windows 8.1 for 32-bit Systems
MS15-010 Windows 8.1 for 32-bit Systems
MS15-010 Windows 8.1 for x64-based Systems
MS15-010 Windows 8.1 for x64-based Systems
MS15-010 Windows Server 2003 Service Pack 2
MS15-010 Windows Server 2003 Service Pack 2
MS15-010 Windows Server 2003 with SP2 for Itanium-based Systems
MS15-010 Windows Server 2003 with SP2 for Itanium-based Systems
MS15-010 Windows Server 2003 x64 Edition Service Pack 2
MS15-010 Windows Server 2003 x64 Edition Service Pack 2
MS15-010 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-010 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-010 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-010 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-010 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-010 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-010 Windows Server 2012
MS15-010 Windows Server 2012
MS15-010 Windows Server 2012
MS15-010 Windows Server 2012
MS15-010 Windows Server 2012 R2
MS15-010 Windows Server 2012 R2
MS15-010 Windows Server 2012 R2
MS15-010 Windows Server 2012 R2
MS15-010 Windows Vista Service Pack 2
MS15-010 Windows Vista Service Pack 2
MS15-010 Windows Vista x64 Edition Service Pack 2
MS15-010 Windows Vista x64 Edition Service Pack 2
Microsoft Group Policy Remote Code Execution Vulnerability (MS15-011)

Severity

Urgent 5
Qualys ID

91017

Vendor Reference

MS15-011

CVE Reference

CVE-2015-0008

CVSS Scores

Base 8.3 / Temporal 6.9

Description
The security update addresses the vulnerability by improving how domain-configured systems connect to domain controllers prior to Group Policy accepting configuration data.
This security update is rated Critical for all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1
Note: There is no update released for Windows 2003. This vulnerability requires that a user connect their computer to an untrusted network such as a Wi-Fi hotspot in a coffee shop; therefore, workstations that are connected to an untrusted network are most at risk from this vulnerability.
QID Detection Logic (Authenticated):
Operating Systems: Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8, Windows RT, Windows RT 8.1, Windows Server 2012
This QID checks for the file version of %windir%\system32\gpsvc.dll
The following KBs are checked:
The patch version of 6.0.6002.19279 (KB3000483)
The patch version of 6.0.6002.23588 (KB3000483)
The patch version of 6.1.7601.18711 (KB3000483)
The patch version of 6.1.7601.22917 (KB3000483)
The patch version of 6.2.9200.17225 (KB3000483)
The patch version of 6.2.9200.21339 (KB3000483)
The patch version of 6.3.9600.17630 (KB3000483)
In addition, Registry Key - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History - checks if system is connected to the domain. If yes, then following Minimum recommended settings mentioned in KB3000483 are checked:-
1. Registry key - HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths with value "Netlogon" contains data - RequireMutualAuthentication=1, RequireIntegrity=1
2. Registry key - HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths with value "Sysvol" contains data - RequireMutualAuthentication=1, RequireIntegrity=1
```
		Value Name 			Value
		\\*\NETLOGON			RequireMutualAuthentication=1, RequireIntegrity=1
		\\*\SYSVOL			RequireMutualAuthentication=1, RequireIntegrity=1
```
Consequence

The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network.

Solution

Refer to MS15-011to obtain further patch information.
In some environments, to be completely protected from the vulnerability, additional configuration by a system administrator is required in addition to deploying this security update. Refer to Microsoft Knowledge Base Article KB3000483 to obtain further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-011 Windows 7 for 32-bit Systems Service Pack 1
MS15-011 Windows 7 for x64-based Systems Service Pack 1
MS15-011 Windows 8 for 32-bit Systems
MS15-011 Windows 8 for x64-based Systems
MS15-011 Windows 8.1 for 32-bit Systems
MS15-011 Windows 8.1 for x64-based Systems
MS15-011 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-011 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-011 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-011 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-011 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-011 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-011 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-011 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-011 Windows Server 2012
MS15-011 Windows Server 2012
MS15-011 Windows Server 2012 R2
MS15-011 Windows Server 2012 R2
MS15-011 Windows Vista Service Pack 2
MS15-011 Windows Vista x64 Edition Service Pack 2
Microsoft Office Remote Code Execution Vulnerability (MS15-012)

Severity

Critical 4

Qualys ID

110249

Vendor Reference

MS15-012

CVE Reference

CVE-2015-0063, CVE-2015-0064, CVE-2015-0065

CVSS Scores

Base 9.3 / Temporal 7.7

Description

This security update resolves three privately reported vulnerabilities in Microsoft Office.
These vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
This security update is rated Important for all supported editions of Microsoft Excel 2007, Microsoft Word 2007, Microsoft Office 2010, Microsoft Excel 2010, Microsoft Word 2010, Microsoft Web Applications 2010, Microsoft Excel 2013, Microsoft Word Viewer, Microsoft Excel Viewer, and Microsoft Office Compatibility Pack.

Consequence

Successfully exploiting these vulnerabilities might allow a remote attacker to execute arbitrary code on the affected system

Solution

Refer to Microsoft Security Bulletin MS15-012 for further details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-012 Microsoft Excel Viewer
MS15-012 Microsoft Office 2007 Service Pack 3(Microsoft Excel 2007 Service Pack 3)
MS15-012 Microsoft Office 2007 Service Pack 3(Microsoft Word 2007 Service Pack 3)
MS15-012 Microsoft Office 2010 Service Pack 2 (32-bit editions)(Microsoft Excel 2010 Service Pack 2 (32-bit editions))
MS15-012 Microsoft Office 2010 Service Pack 2 (32-bit editions)(Microsoft Word 2010 Service Pack 2 (32-bit editions))
MS15-012 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS15-012 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS15-012 Microsoft Office 2010 Service Pack 2 (64-bit editions)(Microsoft Excel 2010 Service Pack 2 (64-bit editions))
MS15-012 Microsoft Office 2010 Service Pack 2 (64-bit editions)(Microsoft Word 2010 Service Pack 2 (64-bit editions))
MS15-012 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS15-012 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS15-012 Microsoft Office 2013 (32-bit editions)(Microsoft Excel 2013 (32-bit editions))
MS15-012 Microsoft Office 2013 (64-bit editions)(Microsoft Excel 2013 (64-bit editions))
MS15-012 Microsoft Office 2013 Service Pack 1 (32-bit editions)(Microsoft Excel 2013 Service Pack 1 (32-bit editions))
MS15-012 Microsoft Office 2013 Service Pack 1 (64-bit editions)(Microsoft Excel 2013 Service Pack 1 (64-bit editions))
MS15-012 Microsoft Office Compatibility Pack Service Pack 3
MS15-012 Microsoft Office Compatibility Pack Service Pack 3
MS15-012 Microsoft Office Web Apps 2010 Service Pack 2(Microsoft Web Applications 2010 Service Pack 2)
MS15-012 Microsoft SharePoint Server 2010 Service Pack 2(Word Automation Services)
MS15-012 Microsoft Word Viewer
Microsoft Office Security Bypass Feature Bypass Vulnerability (MS15-013)

Severity

Serious 3

Qualys ID

110250

Vendor Reference

MS15-013

CVE Reference

CVE-2013-2852, CVE-2014-6362

CVSS Scores

Base 6.9 / Temporal 5.4

Description

This security update resolves one publicly disclosed vulnerability in Microsoft Office.
The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file.
This security update is rated Important for all supported editions of Microsoft Office 2007, Microsoft Office 2010, and Microsoft Office 2013.

Consequence

Successfully exploiting this vulnerability might allow a remote attacker to bypass security features of Microsoft Office.

Solution

Refer to Microsoft Security Bulletin MS15-013 for further details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-013 Microsoft Office 2007 Service Pack 3
MS15-013 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS15-013 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS15-013 Microsoft Office 2013 (32-bit editions)
MS15-013 Microsoft Office 2013 (64-bit editions)
MS15-013 Microsoft Office 2013 Service Pack 1 (32-bit editions)
MS15-013 Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Windows Group Policy Security Feature Bypass Vulnerability (MS15-014)

Severity

Serious 3

Qualys ID

91020

Vendor Reference

MS15-014

CVE Reference

CVE-2015-0009

CVSS Scores

Base 3.3 / Temporal 2.6

Description

A security feature bypass vulnerability exists in the Group Policy application of Security Configuration policies that could cause Group Policy settings on a targeted system to revert to their default, and potentially less secure, state.
The security update addresses the vulnerability by correcting how Group Policy settings are applied when the Security Configuration Engine policy file is corrupted or otherwise unreadable.
This security update is rated Important for all supported releases of Microsoft Windows.

Consequence

The vulnerability could allow security feature bypass.

Solution

Refer to MS15-014 for further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-014 Windows 7 for 32-bit Systems Service Pack 1
MS15-014 Windows 7 for x64-based Systems Service Pack 1
MS15-014 Windows 8 for 32-bit Systems
MS15-014 Windows 8 for x64-based Systems
MS15-014 Windows 8.1 for 32-bit Systems
MS15-014 Windows 8.1 for x64-based Systems
MS15-014 Windows Server 2003 Service Pack 2
MS15-014 Windows Server 2003 with SP2 for Itanium-based Systems
MS15-014 Windows Server 2003 x64 Edition Service Pack 2
MS15-014 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-014 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-014 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-014 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-014 Windows Server 2008 for 32-bit Systems Service Pack 2
MS15-014 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS15-014 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-014 Windows Server 2008 for x64-based Systems Service Pack 2
MS15-014 Windows Server 2012
MS15-014 Windows Server 2012
MS15-014 Windows Server 2012 R2
MS15-014 Windows Server 2012 R2
MS15-014 Windows Vista Service Pack 2
MS15-014 Windows Vista x64 Edition Service Pack 2
Microsoft Windows Elevation of Privilege Vulnerability (MS15-015)

Severity

Serious 3

Qualys ID

91019

Vendor Reference

MS15-015

CVE Reference

CVE-2015-0062

CVSS Scores

Base 7.2 / Temporal 6

Description

An elevation of privilege vulnerability exists in Microsoft Windows. This is due to improper validation and enforcement of impersonation checks. The vulnerability can be exploited only in the specific scenario where the process uses SeAssignPrimaryTokenPrivilege.
Affected Software:
Windows 7 Service Pack 1
Windows Server 2008 R2 Service Pack 1
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1

This security update is rated Important.

Consequence

An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. If this process runs with administrator privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

Refer to MS15-015 for further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS15-015 Windows 7 for 32-bit Systems Service Pack 1
MS15-015 Windows 7 for x64-based Systems Service Pack 1
MS15-015 Windows 8 for 32-bit Systems
MS15-015 Windows 8 for x64-based Systems
MS15-015 Windows 8.1 for 32-bit Systems
MS15-015 Windows 8.1 for x64-based Systems
MS15-015 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS15-015 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-015 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS15-015 Windows Server 2012
MS15-015 Windows Server 2012
MS15-015 Windows Server 2012 R2
MS15-015 Windows Server 2012 R2

These new vulnerability checks are included in Qualys vulnerability signature 2.2.934-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

Ensure access to TCP ports 135 and 139 are available.
Enable Windows Authentication (specify Authentication Records).
Enable the following Qualys IDs:
- 91021
- 91018
- 100220
- 91016
- 91017
- 110249
- 110250
- 91020
- 91019
If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Qualys Cloud Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Microsoft security alert.

February 10, 2015

Advisory overview

Vulnerability details

Microsoft Virtual Machine Manager Elevation of Privilege Vulnerability (MS15-017)

Microsoft Graphics Component Information Disclosure Vulnerability (MS15-016)

Microsoft Internet Explorer Cumulative Security Update (MS15-009)

Microsoft Windows Kernel-Mode Driver Remote Code Execution Vulnerability (MS15-010)

Microsoft Group Policy Remote Code Execution Vulnerability (MS15-011)

Microsoft Office Remote Code Execution Vulnerability (MS15-012)

Microsoft Office Security Bypass Feature Bypass Vulnerability (MS15-013)

Microsoft Windows Group Policy Security Feature Bypass Vulnerability (MS15-014)

Microsoft Windows Elevation of Privilege Vulnerability (MS15-015)

Selective Scan Instructions Using Qualys

Access for Qualys Customers

Technical Support

About Qualys