MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348)

High Nessus Plugin ID 85332

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore affected by the following vulnerabilities :

- A spoofing vulnerability exists due to the Remote Desktop Session Host (RDSH) not properly validating certificates during authentication. An man-in-the-middle attacker can exploit this to impersonate a client session by spoofing a TLS/SSL server via a certificate that appears valid. (CVE-2015-2472)

- A code execution vulnerability exists due to the Remote Desktop Protocol client not properly handling the loading of certain specially crafted DLL files. An attacker, by placing a malicious DLL in the user's current working directory and convincing the user to open a crafted RDP file, can exploit this issue to execute arbitrary code in the context of the user.
(CVE-2015-2473)

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 8.1, 2012, 2012 R2, RT, and RT 8.1.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-082

Plugin Details

Severity: High

ID: 85332

File Name: smb_nt_ms15-082.nasl

Version: 1.9

Type: local

Agent: windows

Published: 2015/08/11

Updated: 2019/11/22

Dependencies: 13855, 57033

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2015-2473

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/08/11

Vulnerability Publication Date: 2015/08/11

Reference Information

CVE: CVE-2015-2472, CVE-2015-2473

BID: 76224, 76228

MSFT: MS15-082

MSKB: 3075220, 3075221, 3075222, 3075226

IAVA: 2015-A-0190