CVE-2015-0079
published 2015-03-11CVE-2015-0079: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote…
PriorityP343high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
16.16%
96.5th percentile
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory consumption and RDP outage) by establishing many RDP sessions that do not properly free allocated memory, aka "Remote Desktop Protocol (RDP) Denial of Service Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
blogs_talos·2015-03-10·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
## Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins being released which address 45 CVEs. The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are rated important and cover vulnerabilities within Windows Kernel Mode Drivers, Exchange, Task Scheduler, Remote Desktop, SChannel, and the Microsoft Graphics component.
## Bulletins Rated Critical MS15-018, MS15-019, MS15-020, MS15-021, and MS15-022 are rated Critical.
MS15-018 addresses multiple vulnerabilities within Internet Explor
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
blogs_talos·2015-03-10·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins being released which address 45 CVEs. The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are rated important and cover vulnerabilities within Windows Kernel Mode Drivers, Exchange, Task Scheduler, Remote Desktop, SChannel, and the Microsoft Graphics component.
### Bulletins Rated CriticalMS15-018, MS15-019, MS15-020, MS15-021, and MS15-022 are rated Critical.
MS15-018 addresses multiple vulnerabilities within Internet Explorer, versions 6 through 11. 12 CVEs were resolved this month, including CVE-2015-0
Bugzilla
CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)
bugzilla·2015-01-20·CVSS 5.8
CVE-2015-0406 [MEDIUM] CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)
CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)
Oracle Java SE 6u91, 7u75 and 8u31 fixes an unspecified vulnerability in the Deployment component (CVE-2015-0406). Upstream has CVSSv2 scored this issue as: 5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0080 https://rhn.redhat.com/errata/RHSA-2015-0080.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0079 https://rh
Bugzilla
CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
bugzilla·2015-01-20·CVSS 1.9
CVE-2015-0413 [LOW] CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
Oracle Java SE 7u75 and 8u31 fixes an unspecified vulnerability in the Serviceability component (CVE-2015-0413). Upstream has CVSSv2 scored this issue as: 1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0080 https://rhn.redhat.com/errata/RHSA-2015-0080.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0079 https://rhn.re
2015-03-11
Published