CVE-2015-1716
published 2015-05-13CVE-2015-1716: Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server…
PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
20.93%
97.2th percentile
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - May 2015
blogs_talos·2015-05-12·CVSS 4.3
[MEDIUM] Microsoft Patch Tuesday - May 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 13 bulletins being released which address 48 CVEs. Three of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer, GDI+ Font Parsing, and Windows Journal. The remaining ten bulletins are marked as Important and address vulnerabilities in Microsoft Office, Sharepoint, .NET, Silverlight, Service Control Manager, Windows Kernel, VBScript/JScript, Microsoft Management Console, and Secure Channel.
## Bulletins Rated CriticalMS15-043, MS15-044, and MS15-045 are rated Critical.
MS15-043 is this month’s Internet Explorer security bulletin with vulnerabilities in versions 6 through 11 being ad
Talos
Microsoft Patch Tuesday - May 2015
blogs_talos·2015-05-12·CVSS 4.3
[MEDIUM] Microsoft Patch Tuesday - May 2015
## Microsoft Patch Tuesday - May 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 13 bulletins being released which address 48 CVEs. Three of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer, GDI+ Font Parsing, and Windows Journal. The remaining ten bulletins are marked as Important and address vulnerabilities in Microsoft Office, Sharepoint, .NET, Silverlight, Service Control Manager, Windows Kernel, VBScript/JScript, Microsoft Management Console, and Secure Channel.
## Bulletins Rated Critical MS15-043, MS15-044, and MS15-045 are rated Critical.
MS15-043 is this month’s Internet Explorer security bulletin with vulnerabi
http://www.securityfocus.com/bid/74489http://www.securitytracker.com/id/1032283https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-055http://www.securityfocus.com/bid/74489http://www.securitytracker.com/id/1032283https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-055
2015-05-13
Published