MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348)

high Nessus Plugin ID 85332

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore affected by the following vulnerabilities :

- A spoofing vulnerability exists due to the Remote Desktop Session Host (RDSH) not properly validating certificates during authentication. An man-in-the-middle attacker can exploit this to impersonate a client session by spoofing a TLS/SSL server via a certificate that appears valid. (CVE-2015-2472)

- A code execution vulnerability exists due to the Remote Desktop Protocol client not properly handling the loading of certain specially crafted DLL files. An attacker, by placing a malicious DLL in the user's current working directory and convincing the user to open a crafted RDP file, can exploit this issue to execute arbitrary code in the context of the user.
(CVE-2015-2473)

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 8.1, 2012, 2012 R2, RT, and RT 8.1.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-082

Plugin Details

Severity: High

ID: 85332

File Name: smb_nt_ms15-082.nasl

Version: 1.9

Type: local

Agent: windows

Published: 8/11/2015

Updated: 11/22/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-2473

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2015

Vulnerability Publication Date: 8/11/2015

Reference Information

CVE: CVE-2015-2472, CVE-2015-2473

BID: 76224, 76228

IAVA: 2015-A-0190

MSFT: MS15-082

MSKB: 3075220, 3075221, 3075222, 3075226