Digital Duniya: CVE Vulnerabilities in Windows Server 2012R2

For Windows Server 2012-R2

Below are the some vulnerabilities that we found in Windows Server 2012R2 and their solutions:

Download the updates and install on server to remove the vulnerabilities from your server and make your server secure.

Microsoft .NET Framework 4.7.2 offline installer for Windows

https://support.microsoft.com/en-us/topic/microsoft-net-framework-4-7-2-offline-installer-for-windows-05a72734-2127-a15d-50cf-daf56d5faec2

Microsoft CVE-2020-16937: .NET Framework Information Disclosure Vulnerability

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4578962

https://www.catalog.update.microsoft.com/Search.aspx?q=4578981

https://www.catalog.update.microsoft.com/Search.aspx?q=4578984

https://www.catalog.update.microsoft.com/Search.aspx?q=4578989

Microsoft CVE-2018-0886: CredSSP Remote Code Execution Vulnerability

2018-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4103715)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4103715

Microsoft CVE-2017-5753: Guidance to mitigate speculative execution side-channel vulnerabilities

Security Update for SQL Server 2008 R2 Service Pack 3 CU for x64-based Systems (KB4057113) - CVE-2017-5753

https://www.microsoft.com/en-us/download/details.aspx?id=56415

A broad security vulnerability has been disclosed that impacts many modern processors. While not specific to SQL Server, Microsoft recommends all SQL Server customers review and take action for their environments.

SQL Server 2008 (SP4), SQL Server 2008R2 (SP3), SQL Server 2012 (Service Packs 3 and 4), SQL Server 2014 (Service Pack 2), SQL Server 2016 (RTM and Service Pack 1), and SQL Server 2017 (RTM), when running on x86 and x64 processor systems.

Security Update for SQL Server 2012 Service Pack 3 CU for x64-based Systems (KB4057121) - CVE-2017-5753

Security Update for SQL Server 2012 SP3 (KB4057115)

https://www.microsoft.com/en-us/download/details.aspx?id=56492

SQL Server 2008 Service Pack 4 MSSQL Service Pack: SQL Server 2008 SP4

https://www.microsoft.com/en-us/download/details.aspx?id=44278

Microsoft CVE-2017-5754: Guidance to mitigate speculative execution side-channel vulnerabilities

2018-07 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4338824)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4338824

MS16-120: Security Update for Microsoft Graphics Component (3192884)

MS16-120: October, 2016 Security Only Quality Update for Windows Server 2012 (KB3192393)

MS16-120: October, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3192392)

https://www.catalog.update.microsoft.com/search.aspx?q=3192393

https://www.catalog.update.microsoft.com/search.aspx?q=3192392

Microsoft CVE-2020-0646: .NET Framework Remote Code Execution Injection Vulnerability

2020-01 Security Only Update for .NET Framework 4.8 for Windows Server 2012 for x64 (KB4532950)

https://www.catalog.update.microsoft.com/Search.aspx?q=4532950

2020-01 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4532951)

https://www.catalog.update.microsoft.com/Search.aspx?q=4532951

MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)

MS15-048: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB3023222)

https://www.catalog.update.microsoft.com/Search.aspx?q=MS15-048

MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

MS14-072: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB2978126)

https://www.microsoft.com/en-us/download/details.aspx?id=44672

MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)

S15-101: Security Update for Microsoft .NET Framework 4.6 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3074232)

https://www.microsoft.com/en-us/download/details.aspx?id=48893

MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)

MS14-053: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB2977765)

https://www.microsoft.com/en-in/download/details.aspx?id=44193

MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)

MS15-118: Security Update for Microsoft .NET Framework 4.6 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3098785)

https://www.microsoft.com/en-us/download/details.aspx?id=49664

MS15-041: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)

MS15-041: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB3037579)

https://www.catalog.update.microsoft.com/Search.aspx?q=ms15-041

MS15-049: Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)

MS15-044: Security Update for Microsoft Silverlight (KB3056819)

microsoft.com/en-us/download/details.aspx?id=47128

MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

MS14-057: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-

based Systems (KB2978041)

https://www.microsoft.com/en-in/download/details.aspx?id=44321

MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)

Microsoft SQL Server 2014 on Microsoft (x86_64)

MS15-058: Security Update for SQL Server 2014 (KB3045323)

https://www.microsoft.com/en-us/download/details.aspx?id=48010

MS14-059: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

MS14-059: Security Update for Microsoft ASP.NET MVC 2 (KB2993939)

MS14-059: Security Update for Microsoft ASP.NET MVC 3 (KB2993937)

MS14-059: Security Update for Microsoft ASP.NET MVC 5.1 (KB2994397)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB2993928

MS15-080: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)

MS15-080: Security Update for Windows Server 2012 R2 (KB3078601)

MS15-080: Security Update for Windows Server 2012 (KB3078601)

https://www.microsoft.com/en-us/download/details.aspx?id=48327

MS15-129: Security Update for Silverlight to Address Remote Code Execution (3106614)

MS15-129: Security Update for Microsoft Silverlight (KB3106614)

https://www.microsoft.com/en-in/download/details.aspx?id=50349

MS15-044: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)

MS15-044: Security Update for Windows Server 2012 R2 (KB3045171)

https://www.microsoft.com/en-us/download/details.aspx?id=46944

MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)

Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2

https://www.microsoft.com/en-in/download/details.aspx?id=43926

Microsoft CVE-2020-0606: .NET Framework Remote Code Execution Vulnerability

2020-01 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4532951)

https://www.catalog.update.microsoft.com/Search.aspx?q=4532951

MS16-006: Security Update for Silverlight to Address Remote Code Execution (3126036)

MS16-006: Security Update for Microsoft Silverlight (KB3126036)

https://www.microsoft.com/en-us/download/details.aspx?id=50719

MS16-109: Security Update for Silverlight (3182373)

MS16-109: Security Update for Microsoft Silverlight (KB3182373)

https://www.microsoft.com/en-us/download/details.aspx?id=53822

Microsoft CVE-2017-0283: Windows Uninscribed Remote Code Execution Vulnerability

2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717

Microsoft CVE-2017-8527: Win32k Graphics Remote Code Execution Vulnerability

2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717

Microsoft CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability

2020-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4552962)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4552962

Microsoft CVE-2017-0108: Windows Graphics Component Remote Code Execution Vulnerability

https://www.catalog.update.microsoft.com/search.aspx?q=kb4012213

Microsoft CVE-2020-1147: .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

2020-07 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4565588)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4565588

Microsoft CVE-2020-1108: .NET Core & .NET Framework Denial of Service Vulnerability

2020-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4552962)

https://www.catalog.update.microsoft.com/Search.aspx?q=4552962

Microsoft CVE-2019-1142: .NET Framework Elevation of Privilege Vulnerability

2019-09 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4514331)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4514331

Microsoft CVE-2020-1476: ASP.NET and .NET Elevation of Privilege Vulnerability

2020-08 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4569732)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4569732

Microsoft CVE-2020-16937: .NET Framework Information Disclosure Vulnerability

2020-10 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64

(KB4578986)

https://www.catalog.update.microsoft.com/Search.aspx?q=Microsoft+.NET+Framework+4.6.2

Microsoft CVE-2013-6629: libjpeg Information Disclosure Vulnerability

2017 Security Only Quality Update for Windows Server 2012 R2 (KB4015547)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4015547

Microsoft CVE-2017-8527: Win32k Graphics Remote Code Execution Vulnerability

Microsoft CVE-2017-0283: Windows Uniscribe Remote Code Execution Vulnerability

This will applicable for both the above VA issue (CVE-2017-8527 and CVE-2017-0283)

Download and apply patch from below link Select this and click on download button.

(2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717

Microsoft CVE-2017-8563: Windows Elevation of Privilege Vulnerability

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4025333

Microsoft CVE-2020-0689: Microsoft Secure Boot Security Feature Bypass Vulnerability

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4592495

Microsoft CVE-2018-0886: CredSSP Remote Code Execution Vulnerability

2018-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4103715) - CVE-2018-0886

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4103715

Digital Duniya

CVE Vulnerabilities in Windows Server 2012R2

No comments:

Post a Comment