The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Windows Server 2012

computer vulnerability announce CVE-2015-1635

Windows: code execution via HTTP.sys

Synthesis of the vulnerability

An attacker can send web queries to a service using HTTP.sys of Windows, such as IIS, in order to execute code.
Impacted products: IIS, Windows 2008 R2, Windows 2012, Windows 7, Windows 8.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 14/04/2015.
Revision date: 17/04/2015.
Identifiers: 3042553, CERTFR-2015-AVI-152, CVE-2015-1635, MS15-034, VIGILANCE-VUL-16597.

Description of the vulnerability

The Windows product uses the HTTP.sys driver to process HTTP queries.

However, a malicious query leads to code execution in HTTP.sys. The vulnerability is related to the processing of the Range header of HTTP.

An attacker can therefore send web queries to a service using HTTP.sys of Windows, such as IIS, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 16611

Microsoft Windows: credentials disclosure via HTTP redirections

Synthesis of the vulnerability

An attacker who controls both an HTTP server used by a application program based on urlmon.dll and a CIFS server can use HTTP redirections to get encrypted user credentials.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 15/04/2015.
Identifiers: VIGILANCE-VUL-16611, VU#672268.

Description of the vulnerability

Microsoft Windows offers a library urlmon.dll that provides an HTTP client.

This client follows HTTP redirections. However, it does so even if the URL scheme is changed from "http" to "file". So, when the redirection target is a SMB/CIFS server, the client automatically sends the user credentials (user name and password hash) to the CIFS server.

An attacker who controls both an HTTP server used by a application program based on urlmon.dll and a CIFS server can therefore use HTTP redirections to get encrypted user credentials.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-1647

Windows: denial of service via Hyper-V

Synthesis of the vulnerability

An attacker can trigger a denial of service in Hyper-V of Windows.
Impacted products: Windows 2012, Windows 8.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 14/04/2015.
Identifiers: 3047234, CERTFR-2015-AVI-160, CVE-2015-1647, MS15-042, VIGILANCE-VUL-16605.

Description of the vulnerability

The Windows Hyper-V product provides an environment for virtual machines.

However, an attacker in a virtual machine can generate a denial of service on other virtual machines.

An attacker can therefore trigger a denial of service in Hyper-V of Windows.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-1648

Microsoft .NET: information disclosure via customErrors

Synthesis of the vulnerability

An attacker can generate an error in a Microsoft .NET/ASP.NET application, in order to obtain sensitive information.
Impacted products: IIS, .NET Framework, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 14/04/2015.
Identifiers: 3048010, CERTFR-2015-AVI-159, CVE-2015-1648, MS15-041, VIGILANCE-VUL-16604.

Description of the vulnerability

The Microsoft .NET uses the ASP.NET customErrors directive to define the type of error messages to be displayed.

However, when the customErrors mode is disabled, an attacker can trigger an error in order to read details about the application.

An attacker can therefore generate an error in a Microsoft .NET/ASP.NET application, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-1638

Windows: information disclosure via AD FS

Synthesis of the vulnerability

An attacker can read AD FS data on Windows, in order to obtain sensitive information.
Impacted products: Windows 2012.
Severity: 2/4.
Consequences: data reading.
Provenance: user console.
Creation date: 14/04/2015.
Identifiers: 3045711, CERTFR-2015-AVI-158, CVE-2015-1638, MS15-040, VIGILANCE-VUL-16603.

Description of the vulnerability

The AD FS (Active Directory Federation Services) service is used to share information between entities (federations).

Users use the Logoff feature, in order to disconnect from the system. However, due to a Logoff failure, the last user is still authenticated.

An attacker can therefore read AD FS data on Windows, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-1643 CVE-2015-1644

Windows: two vulnerabilities of Impersonation

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Windows.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/04/2015.
Identifiers: 3049576, CERTFR-2015-AVI-156, CVE-2015-1643, CVE-2015-1644, MS15-038, VIGILANCE-VUL-16601.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can use an impersonation level in NtCreateTransactionManager, in order to escalate his privileges. [severity:2/4; CVE-2015-1643]

An attacker can use an impersonation level in a MS-DOS Device Name, in order to escalate his privileges. [severity:2/4; CVE-2015-1644]
Full Vigil@nce bulletin... (Free trial)

vulnerability 16460

Windows: fraudulent certificate emitted for Google

Synthesis of the vulnerability

An attacker, who owns the malicious "google.com" certificate, can use a Man-in-the-middle attack on a fake Google site, in order for example to obtain sensitive information.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Mobile, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 25/03/2015.
Identifiers: 3050995, VIGILANCE-VUL-16460.

Description of the vulnerability

The Windows system is installed with trusted certification authorities, such as "China Internet Network Information Center (CNNIC)".

However, this authority published a malicious certificate for "google.com", "gmail.com", "googleapis.com", etc.

An attacker, who owns the malicious "google.com" certificate, can therefore use a Man-in-the-middle attack on a fake Google site, in order for example to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 16396

Windows: fraudulent certificate emitted for Live.fi

Synthesis of the vulnerability

An attacker, who owns the "www.live.fi" certificate, can use a Man-in-the-middle attack on a fake Live site, in order for example to obtain sensitive information.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Mobile, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 17/03/2015.
Identifiers: 3046310, VIGILANCE-VUL-16396.

Description of the vulnerability

The Windows system is installed with trusted certification authorities, such as "COMODO RSA Domain Validation Secure Serve CA".

However, this authority published a malicious certificate for "www.live.fi".

An attacker, who owns the malicious "www.live.fi" certificate, can therefore use a Man-in-the-middle attack on a fake Live site, in order for example to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-0079

Windows: memory leak via RDP

Synthesis of the vulnerability

An attacker can create a memory leak in the RDP service of Windows, in order to trigger a denial of service.
Impacted products: Windows 2012, Windows 7, Windows 8.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 10/03/2015.
Identifiers: 3039976, CERTFR-2015-AVI-106, CVE-2015-0079, MS15-030, VIGILANCE-VUL-16374.

Description of the vulnerability

The Windows system uses RDP for remote access.

However, the memory allocated to process RDP 8.0 sessions is never freed.

An attacker can therefore create a memory leak in the RDP service of Windows, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-0076

Windows: information disclosure via JXR

Synthesis of the vulnerability

An attacker can invite the victim the display a malicious PNG image, to read a memory fragment of Windows, in order to obtain sensitive information.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 10/03/2015.
Identifiers: 3035126, CERTFR-2015-AVI-105, CVE-2015-0076, MS15-029, VIGILANCE-VUL-16373.

Description of the vulnerability

The Windows system analyzes JXR (JPEG XR) images before displaying them.

However, it does not initialize a memory area before returning it to the user.

An attacker can therefore invite the victim the display a malicious JXR image, to read a memory fragment of Windows, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.