Summary
This host is missing an important security
update according to Microsoft Bulletin MS15-005.
Impact
Successful exploitation will allow remote
attackers to gain restricted privileges.
Impact Level: System
Solution
Run Windows Update and update the
listed hotfixes or download and update mentioned hotfixes in the advisory from the below link,
https://technet.microsoft.com/library/security/MS15-004
Insight
The flaw is due to an error when
handling directory traversal sequences within the TS WebProxy Windows component, which can be exploited to gain otherwise restricted privileges.
Affected
Microsoft Windows 8 x32/x64
Microsoft Windows Server 2012/R2
Microsoft Windows 8.1 x32/x64 Edition
Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior
Detection
Get the vulnerable file version and
check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2015-0016 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
- Cumulative Patch for Internet Information Services (Q327696)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)