CVE Vulnerabilities in Windows Server 2012R2

 

For Windows Server 2012-R2  

Below are the some vulnerabilities that we found in Windows Server  2012R2  and their solutions:

Download the updates and install on server to remove the vulnerabilities from your server and make your server secure.


Microsoft .NET Framework 4.7.2 offline installer for Windows

https://support.microsoft.com/en-us/topic/microsoft-net-framework-4-7-2-offline-installer-for-windows-05a72734-2127-a15d-50cf-daf56d5faec2


Microsoft CVE-2020-16937: .NET Framework Information Disclosure Vulnerability

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4578962

https://www.catalog.update.microsoft.com/Search.aspx?q=4578981

https://www.catalog.update.microsoft.com/Search.aspx?q=4578984

https://www.catalog.update.microsoft.com/Search.aspx?q=4578989


Microsoft CVE-2018-0886: CredSSP Remote Code Execution Vulnerability

2018-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4103715)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4103715


Microsoft CVE-2017-5753: Guidance to mitigate speculative execution side-channel vulnerabilities

Security Update for SQL Server 2008 R2 Service Pack 3 CU for x64-based Systems (KB4057113) - CVE-2017-5753

https://www.microsoft.com/en-us/download/details.aspx?id=56415


A broad security vulnerability has been disclosed that impacts many modern processors. While not specific to SQL Server, Microsoft recommends all SQL Server customers review and take action for their environments.

SQL Server 2008 (SP4), SQL Server 2008R2 (SP3), SQL Server 2012 (Service Packs 3 and 4), SQL Server 2014 (Service Pack 2), SQL Server 2016 (RTM and Service Pack 1), and SQL Server 2017 (RTM), when running on x86 and x64 processor systems.

Security Update for SQL Server 2012 Service Pack 3 CU for x64-based Systems (KB4057121) - CVE-2017-5753

Security Update for SQL Server 2012 SP3 (KB4057115)

https://www.microsoft.com/en-us/download/details.aspx?id=56492


SQL Server 2008 Service Pack 4 MSSQL Service Pack: SQL Server 2008 SP4

https://www.microsoft.com/en-us/download/details.aspx?id=44278


Microsoft CVE-2017-5754: Guidance to mitigate speculative execution side-channel vulnerabilities

2018-07 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4338824)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4338824


MS16-120: Security Update for Microsoft Graphics Component (3192884)

MS16-120: October, 2016 Security Only Quality Update for Windows Server 2012 (KB3192393)

MS16-120: October, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3192392)

https://www.catalog.update.microsoft.com/search.aspx?q=3192393

https://www.catalog.update.microsoft.com/search.aspx?q=3192392


Microsoft CVE-2020-0646: .NET Framework Remote Code Execution Injection Vulnerability

2020-01 Security Only Update for .NET Framework 4.8 for Windows Server 2012 for x64 (KB4532950)

https://www.catalog.update.microsoft.com/Search.aspx?q=4532950

2020-01 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4532951)

https://www.catalog.update.microsoft.com/Search.aspx?q=4532951


MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)

MS15-048: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB3023222)

https://www.catalog.update.microsoft.com/Search.aspx?q=MS15-048


MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

MS14-072: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB2978126)

https://www.microsoft.com/en-us/download/details.aspx?id=44672


MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)

S15-101: Security Update for Microsoft .NET Framework 4.6 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3074232)

https://www.microsoft.com/en-us/download/details.aspx?id=48893


MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)

MS14-053: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB2977765)

https://www.microsoft.com/en-in/download/details.aspx?id=44193


MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)

MS15-118: Security Update for Microsoft .NET Framework 4.6 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3098785)

https://www.microsoft.com/en-us/download/details.aspx?id=49664


MS15-041: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)

MS15-041: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB3037579)

https://www.catalog.update.microsoft.com/Search.aspx?q=ms15-041


MS15-049: Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)

MS15-044: Security Update for Microsoft Silverlight (KB3056819)

microsoft.com/en-us/download/details.aspx?id=47128


MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

MS14-057: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB2978041)

https://www.microsoft.com/en-in/download/details.aspx?id=44321


MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)

Microsoft SQL Server 2014 on Microsoft (x86_64)

MS15-058: Security Update for SQL Server 2014 (KB3045323)

https://www.microsoft.com/en-us/download/details.aspx?id=48010


MS14-059: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

MS14-059: Security Update for Microsoft ASP.NET MVC 2 (KB2993939)

MS14-059: Security Update for Microsoft ASP.NET MVC 3 (KB2993937)

MS14-059: Security Update for Microsoft ASP.NET MVC 5.1 (KB2994397)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB2993928


MS15-080: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)

MS15-080: Security Update for Windows Server 2012 R2 (KB3078601)

MS15-080: Security Update for Windows Server 2012 (KB3078601)

https://www.microsoft.com/en-us/download/details.aspx?id=48327


MS15-129: Security Update for Silverlight to Address Remote Code Execution (3106614)

MS15-129: Security Update for Microsoft Silverlight (KB3106614)

https://www.microsoft.com/en-in/download/details.aspx?id=50349


MS15-044: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)

MS15-044: Security Update for Windows Server 2012 R2 (KB3045171)

https://www.microsoft.com/en-us/download/details.aspx?id=46944


MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)

Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2

https://www.microsoft.com/en-in/download/details.aspx?id=43926


Microsoft CVE-2020-0606: .NET Framework Remote Code Execution Vulnerability

2020-01 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4532951)

https://www.catalog.update.microsoft.com/Search.aspx?q=4532951


MS16-006: Security Update for Silverlight to Address Remote Code Execution (3126036)

MS16-006: Security Update for Microsoft Silverlight (KB3126036)

https://www.microsoft.com/en-us/download/details.aspx?id=50719


MS16-109: Security Update for Silverlight (3182373)

MS16-109: Security Update for Microsoft Silverlight (KB3182373)

https://www.microsoft.com/en-us/download/details.aspx?id=53822


Microsoft CVE-2017-0283: Windows Uninscribed Remote Code Execution Vulnerability

2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717


Microsoft CVE-2017-8527: Win32k Graphics Remote Code Execution Vulnerability

2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717


Microsoft CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability

2020-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4552962)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4552962


Microsoft CVE-2017-0108: Windows Graphics Component Remote Code Execution Vulnerability

https://www.catalog.update.microsoft.com/search.aspx?q=kb4012213


Microsoft CVE-2020-1147: .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

2020-07 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4565588)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4565588


Microsoft CVE-2020-1108: .NET Core & .NET Framework Denial of Service Vulnerability

2020-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4552962)

https://www.catalog.update.microsoft.com/Search.aspx?q=4552962


Microsoft CVE-2019-1142: .NET Framework Elevation of Privilege Vulnerability

2019-09 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4514331)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4514331


Microsoft CVE-2020-1476: ASP.NET and .NET Elevation of Privilege Vulnerability

2020-08 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4569732)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4569732


Microsoft CVE-2020-16937: .NET Framework Information Disclosure Vulnerability

2020-10 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64

(KB4578986)

https://www.catalog.update.microsoft.com/Search.aspx?q=Microsoft+.NET+Framework+4.6.2


Microsoft CVE-2013-6629: libjpeg Information Disclosure Vulnerability

2017 Security Only Quality Update for Windows Server 2012 R2 (KB4015547)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4015547


Microsoft CVE-2017-8527: Win32k Graphics Remote Code Execution Vulnerability

Microsoft CVE-2017-0283: Windows Uniscribe Remote Code Execution Vulnerability

This will applicable for both the above VA issue (CVE-2017-8527 and CVE-2017-0283)

Download and apply patch from below link Select this and click on download button.  

(2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717


Microsoft CVE-2017-8563: Windows Elevation of Privilege Vulnerability

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4025333


Microsoft CVE-2020-0689: Microsoft Secure Boot Security Feature Bypass Vulnerability

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4592495








No comments:

Post a Comment