The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Windows 2008 R0

computer vulnerability alert CVE-2014-0282 CVE-2014-1762 CVE-2014-1764

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/06/2014.
Revision date: 20/12/2016.
Identifiers: 2969262, CERTFR-2014-AVI-266, CVE-2014-0282, CVE-2014-1762, CVE-2014-1764, CVE-2014-1766, CVE-2014-1769, CVE-2014-1771, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1777, CVE-2014-1778, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766, CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773, CVE-2014-2775, CVE-2014-2776, CVE-2014-2777, CVE-2014-2782, MS14-035, VIGILANCE-VUL-14876, ZDI-14-174, ZDI-14-175, ZDI-14-176, ZDI-14-177, ZDI-14-178, ZDI-14-179, ZDI-14-180, ZDI-14-181, ZDI-14-182, ZDI-14-183, ZDI-14-184, ZDI-14-185, ZDI-14-186, ZDI-14-212, ZDI-14-213, ZDI-14-226, ZDI-14-227, ZDI-14-237, ZDI-14-259, ZDI-14-260, ZDI-14-270, ZDI-14-354, ZDI-14-357, ZDI-14-366, ZDI-14-367.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can use a TLS Certificate Renegotiation, in order to obtain sensitive information. [severity:2/4; CVE-2014-1771]

An attacker can read local files, in order to obtain sensitive information. [severity:2/4; CVE-2014-1777]

An attacker can use three vulnerabilities, in order to escalate his privileges. [severity:2/4; CVE-2014-1764, CVE-2014-1778, CVE-2014-2777]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-0282, CVE-2014-1762, CVE-2014-1766, CVE-2014-1769, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766, CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773, CVE-2014-2775, CVE-2014-2776, CVE-2014-2782, ZDI-14-174, ZDI-14-175, ZDI-14-176, ZDI-14-177, ZDI-14-178, ZDI-14-179, ZDI-14-180, ZDI-14-181, ZDI-14-182, ZDI-14-183, ZDI-14-184, ZDI-14-185, ZDI-14-186, ZDI-14-212, ZDI-14-213, ZDI-14-226, ZDI-14-227, ZDI-14-237, ZDI-14-259, ZDI-14-260, ZDI-14-270, ZDI-14-354, ZDI-14-357, ZDI-14-366, ZDI-14-367]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-7202 CVE-2016-7278 CVE-2016-7279

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 14/12/2016.
Revision date: 16/12/2016.
Identifiers: 3204059, 972, CERTFR-2016-AVI-413, CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287, MS16-144, VIGILANCE-VUL-21365.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can bypass security features via Windows Hyperlink Object Library, in order to obtain sensitive information. [severity:2/4; CVE-2016-7278]

An attacker can bypass security features via Microsoft Browser, in order to obtain sensitive information. [severity:2/4; CVE-2016-7282]

An attacker can bypass security features via Internet Explorer, in order to obtain sensitive information. [severity:2/4; CVE-2016-7284]

An attacker can generate a memory corruption via Microsoft Browser, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7279]

An attacker can generate a memory corruption via Internet Explorer, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7283]

An attacker can bypass security features via Microsoft Browser, in order to escalate his privileges. [severity:3/4; CVE-2016-7281]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7202]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 972, CVE-2016-7287]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7270

Microsoft .NET: information disclosure via SQL Server Always Encrypted

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SQL Server Always Encrypted of Microsoft .NET, in order to obtain sensitive information.
Impacted products: .NET Framework, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 14/12/2016.
Identifiers: 3205640, CERTFR-2016-AVI-417, CVE-2016-7270, MS16-155, VIGILANCE-VUL-21378.

Description of the vulnerability

An attacker can bypass access restrictions to data via SQL Server Always Encrypted of Microsoft .NET, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-7295

Windows: information disclosure via CLFS

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via CLFS of Windows, in order to obtain sensitive information.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/12/2016.
Identifiers: 3207328, CERTFR-2016-AVI-416, CVE-2016-7295, MS16-153, VIGILANCE-VUL-21375.

Description of the vulnerability

An attacker can bypass access restrictions to data via Common Log File System Driver of Windows, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7259 CVE-2016-7260

Windows: two vulnerabilities via Win32k

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Win32k of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/12/2016.
Identifiers: 3205651, CERTFR-2016-AVI-416, CVE-2016-7259, CVE-2016-7260, MS16-151, VIGILANCE-VUL-21373.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via Graphics Component, in order to escalate his privileges. [severity:2/4; CVE-2016-7259]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-7260]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-7219 CVE-2016-7292

Windows: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/12/2016.
Identifiers: 3205655, CERTFR-2016-AVI-416, CVE-2016-7219, CVE-2016-7292, MS16-149, VIGILANCE-VUL-21371.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via Crypto Driver, in order to obtain sensitive information. [severity:2/4; CVE-2016-7219]

An attacker can bypass security features via Windows Installer, in order to escalate his privileges. [severity:3/4; CVE-2016-7292]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7274

Windows: memory corruption via Uniscribe

Synthesis of the vulnerability

An attacker can generate a memory corruption via Uniscribe of Windows, in order to trigger a denial of service, and possibly to run code.
Impacted products: IIS, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 14/12/2016.
Identifiers: 3204063, 3208223, 4010318, 4010319, 4010320, 4010321, 4013074, 4013075, 4013076, 4013078, 4013081, 4013082, 4013083, 4013389, CERTFR-2016-AVI-416, CVE-2016-7274, MS16-147, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, MS17-022, VIGILANCE-VUL-21368.

Description of the vulnerability

An attacker can generate a memory corruption via Uniscribe of Windows, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-7257 CVE-2016-7272 CVE-2016-7273

Windows: three vulnerabilities via Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Graphics Component of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on server, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 14/12/2016.
Identifiers: 3204066, CERTFR-2016-AVI-416, CVE-2016-7257, CVE-2016-7272, CVE-2016-7273, MS16-146, VIGILANCE-VUL-21367, ZDI-16-645.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via GDI, in order to obtain sensitive information. [severity:2/4; CVE-2016-7257]

An attacker can generate a memory corruption via Windows Graphics, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7272, ZDI-16-645]

An attacker can generate a memory corruption via Windows Graphics, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7273]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-7216

Windows: privilege escalation via Kernel API

Synthesis of the vulnerability

An attacker can bypass restrictions via Kernel API of Windows, in order to escalate his privileges.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/11/2016.
Identifiers: 3199720, 874, CERTFR-2016-AVI-374, CVE-2016-7216, MS16-139, VIGILANCE-VUL-21079.

Description of the vulnerability

An attacker can bypass restrictions via Kernel API of Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-7220 CVE-2016-7237 CVE-2016-7238

Windows: three vulnerabilities via Authentication Methods

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Authentication Methods of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/11/2016.
Identifiers: 3199173, CERTFR-2016-AVI-374, CVE-2016-7220, CVE-2016-7237, CVE-2016-7238, MS16-137, VIGILANCE-VUL-21077.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can force a read at an invalid address via Virtual Secure Mode, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-7220]

An attacker can trigger a fatal error via Local Security Authority Subsystem, in order to trigger a denial of service. [severity:1/4; CVE-2016-7237]

An attacker can bypass security features via Windows NTLM, in order to escalate his privileges. [severity:2/4; CVE-2016-7238]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Windows 2008 R0: