Windows : Microsoft Bulletins : Microsoft Windows RDP Remote Code Execution Vulnerabilities (3080348)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.805080

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows RDP Remote Code Execution Vulnerabilities (3080348)

Zusammenfassung: This host is missing an important security; update according to Microsoft Bulletin MS15-082.

Beschreibung: Summary:
This host is missing an important security
update according to Microsoft Bulletin MS15-082.

Vulnerability Insight:
Multiple flaws are due to:

- A spoofing vulnerability exists when the Remote Desktop Session Host (RDSH)
improperly validates certificates during authentication.

- A remote code execution vulnerability exists when Microsoft Windows Remote
Desktop Protocol client improperly handles the loading of certain specially
crafted DLL files.

Vulnerability Impact:
Successful exploitation will allow attacker
to take complete control of an affected system. An attacker could then install,
programs, view, change, or delete data or create new accounts with full user
rights.

Affected Software/OS:
- Microsoft Windows 8 x32/x64

- Microsoft Windows Server 2012/R2

- Microsoft Windows 8.1 x32/x64

- Microsoft Windows Vista x32/x64 Service Pack 2 and prior

- Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Service Pack 1 and prior

- Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-2472
Microsoft Security Bulletin: MS15-082
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082
http://www.securitytracker.com/id/1033242
Common Vulnerability Exposure (CVE) ID: CVE-2015-2473

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.805080
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows RDP Remote Code Execution Vulnerabilities (3080348)
Zusammenfassung:	This host is missing an important security; update according to Microsoft Bulletin MS15-082.
Beschreibung:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-082. Vulnerability Insight: Multiple flaws are due to: - A spoofing vulnerability exists when the Remote Desktop Session Host (RDSH) improperly validates certificates during authentication. - A remote code execution vulnerability exists when Microsoft Windows Remote Desktop Protocol client improperly handles the loading of certain specially crafted DLL files. Vulnerability Impact: Successful exploitation will allow attacker to take complete control of an affected system. An attacker could then install, programs, view, change, or delete data or create new accounts with full user rights. Affected Software/OS: - Microsoft Windows 8 x32/x64 - Microsoft Windows Server 2012/R2 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2472 Microsoft Security Bulletin: MS15-082 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082 http://www.securitytracker.com/id/1033242 Common Vulnerability Exposure (CVE) ID: CVE-2015-2473
Copyright	Copyright (C) 2015 Greenbone AG