CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 3CVE-2015-0009 – Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
https://notcve.org/view.php?id=CVE-2015-0009
11 Feb 2015 — The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." La implenetación de la política de Group Policy Sec... • https://packetstorm.news/files/id/155007 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 12%CPEs: 12EXPL: 2CVE-2015-0008 – Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)
https://notcve.org/view.php?id=CVE-2015-0008
11 Feb 2015 — The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." L... • https://packetstorm.news/files/id/155002 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 1%CPEs: 12EXPL: 2CVE-2015-0010 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0010
11 Feb 2015 — The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1)... • https://www.exploit-db.com/exploits/37098 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 80%CPEs: 12EXPL: 5CVE-2015-0057 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0057
11 Feb 2015 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores del modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows ... • https://packetstorm.news/files/id/135028 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 22%CPEs: 12EXPL: 0CVE-2015-0061
https://notcve.org/view.php?id=CVE-2015-0061
11 Feb 2015 — Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability." Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, ... • http://www.securityfocus.com/bid/72456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 2%CPEs: 12EXPL: 1CVE-2015-0060 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0060
11 Feb 2015 — The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." El mapeador de fuentes en win32k.sys en los controladores del modo de kernel ... • https://www.exploit-db.com/exploits/37098 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 26%CPEs: 12EXPL: 1CVE-2015-0003 – Microsoft Windows WM_SYSTIMER Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-0003
10 Feb 2015 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores del modo kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wind... • https://www.exploit-db.com/exploits/37098 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 20%CPEs: 11EXPL: 3CVE-2015-0004 – Microsoft Windows < 8.1 (x86/x64) - User Profile Service Privilege Escalation (MS15-003)
https://notcve.org/view.php?id=CVE-2015-0004
13 Jan 2015 — The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability." User Profile Service (también conocido como ProfSvc) en Microsoft W... • https://packetstorm.news/files/id/139200 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 12%CPEs: 10EXPL: 1CVE-2015-0006
https://notcve.org/view.php?id=CVE-2015-0006
13 Jan 2015 — The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability." El servicio Network Location Awareness (NL... • https://github.com/bugch3ck/imposter • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-0011
https://notcve.org/view.php?id=CVE-2015-0011
13 Jan 2015 — mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability." mrxdav.sys (también conocido como el controlador WebD... • http://secunia.com/advisories/62154 • CWE-264: Permissions, Privileges, and Access Controls •