PT-2015-5767 · Microsoft · Windows Rt+7
Published
2015-08-11
·
Updated
2019-05-15
·
CVE-2015-2472
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows Vista SP2
Microsoft Windows Server 2008 SP2 and R2 SP1
Microsoft Windows 7 SP1
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012 Gold and R2
Microsoft Windows RT Gold and 8.1
Description
A spoofing issue exists due to improper certificate validation during authentication. This allows attackers to impersonate client sessions.
Recommendations
For Microsoft Windows Vista SP2, update to a version that properly verifies certificates.
For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that properly verifies certificates.
For Microsoft Windows 7 SP1, update to a version that properly verifies certificates.
For Microsoft Windows 8, update to a version that properly verifies certificates.
For Microsoft Windows 8.1, update to a version that properly verifies certificates.
For Microsoft Windows Server 2012 Gold and R2, update to a version that properly verifies certificates.
For Microsoft Windows RT Gold and 8.1, update to a version that properly verifies certificates.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows 7
Windows 8
Windows 8.1
Windows Rt
Windows Server 2008
Windows Server 2012
Windows Vista