Summary
This host is missing an important security update according to Microsoft Bulletin MS14-031.
Impact
Successful exploitation will allow attackers to cause denial of service condition.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/library/security/ms14-031
Insight
Flaw is due to some error within the Windows TCP/IP networking protocol which allows processing of crafted packets.
Affected
Microsoft Windows 8 x32/x64
Microsoft Windows 8.1 x32/x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7 x32/x64 Service Pack 1 and prior Microsoft Windows Vista x32/x64 Service Pack 2 and prior Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2014-1811 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Microsoft Windows Local Procedure Call Local Privilege Escalation Vulnerability (2898715)
- Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2778344)
- Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
- Microsoft Group Policy Preferences Privilege Elevation Vulnerability (2962486)
- Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)