CVE-2015-0014
published 2015-01-13CVE-2015-0014: Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8…
PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
96.89%
99.9th percentile
Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Talos
Microsoft Update Tuesday January 2015: Another Light Month, No IE
Bulletins, More Changes to Reporting
blogs_talos·2015-01-13·CVSS 7.2
[HIGH] Microsoft Update Tuesday January 2015: Another Light Month, No IE
Bulletins, More Changes to Reporting
This post was written by Yves Younan.
Microsoft’s first Update Tuesday of 2015 is pretty light, there’s a total of eight bulletins, all covering a single vulnerability. Seven of these bulletins are rated as important and just one is rated critical. No bulletin for IE is being released this month. Two of the vulnerabilities were publicly disclosed prior to today, while another one was being actively exploited by attackers.
Microsoft made a number of changes to Update Tuesday last month, such as dropping deployment priority in favor of their exploitability index (XI). This month more changes were made to the program: Microsoft is no longer providing their Advance Notification Service (ANS) to the general public, but is instead only providing it to premier customers.
The first bulletin of
Talos
Microsoft Update Tuesday January 2015: Another Light Month, No IE
Bulletins, More Changes to Reporting
blogs_talos·2015-01-13·CVSS 7.2
[HIGH] Microsoft Update Tuesday January 2015: Another Light Month, No IE
Bulletins, More Changes to Reporting
## Microsoft Update Tuesday January 2015: Another Light Month, No IE
Bulletins, More Changes to Reporting
This post was written by Yves Younan .
Microsoft’s first Update Tuesday of 2015 is pretty light, there’s a total of eight bulletins, all covering a single vulnerability. Seven of these bulletins are rated as important and just one is rated critical. No bulletin for IE is being released this month. Two of the vulnerabilities were publicly disclosed prior to today, while another one was being actively exploited by attackers.
Microsoft made a number of changes to Update Tuesday last month, such as dropping deployment priority in favor of their exploitability index (XI). This month more changes were made to the program: Microsoft is no longer providing their Advance Notification Service
http://secunia.com/advisories/61580http://www.securityfocus.com/bid/71968http://www.securitytracker.com/id/1031523https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002https://exchange.xforce.ibmcloud.com/vulnerabilities/99517https://exchange.xforce.ibmcloud.com/vulnerabilities/99518http://secunia.com/advisories/61580http://www.securityfocus.com/bid/71968http://www.securitytracker.com/id/1031523https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002https://exchange.xforce.ibmcloud.com/vulnerabilities/99517https://exchange.xforce.ibmcloud.com/vulnerabilities/99518
2015-01-13
Published