For Windows Server 2012-R2
Below are the some vulnerabilities that we found in Windows Server 2012R2 and their solutions:
Download the updates and install on server to remove the vulnerabilities from your server and make your server secure.
Microsoft .NET Framework 4.7.2 offline installer for Windows
Microsoft CVE-2020-16937: .NET Framework Information Disclosure Vulnerability
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4578962
https://www.catalog.update.microsoft.com/Search.aspx?q=4578981
https://www.catalog.update.microsoft.com/Search.aspx?q=4578984
https://www.catalog.update.microsoft.com/Search.aspx?q=4578989
Microsoft CVE-2018-0886: CredSSP Remote Code Execution Vulnerability
2018-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4103715)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4103715
Microsoft CVE-2017-5753: Guidance to mitigate speculative execution side-channel vulnerabilities
Security Update for SQL Server 2008 R2 Service Pack 3 CU for x64-based Systems (KB4057113) - CVE-2017-5753
https://www.microsoft.com/en-us/download/details.aspx?id=56415
A broad security vulnerability has been disclosed that impacts many modern processors. While not specific to SQL Server, Microsoft recommends all SQL Server customers review and take action for their environments.
SQL Server 2008 (SP4), SQL Server 2008R2 (SP3), SQL Server 2012 (Service Packs 3 and 4), SQL Server 2014 (Service Pack 2), SQL Server 2016 (RTM and Service Pack 1), and SQL Server 2017 (RTM), when running on x86 and x64 processor systems.
Security Update for SQL Server 2012 Service Pack 3 CU for x64-based Systems (KB4057121) - CVE-2017-5753
Security Update for SQL Server 2012 SP3 (KB4057115)
https://www.microsoft.com/en-us/download/details.aspx?id=56492
SQL Server 2008 Service Pack 4 MSSQL Service Pack: SQL Server 2008 SP4
https://www.microsoft.com/en-us/download/details.aspx?id=44278
Microsoft CVE-2017-5754: Guidance to mitigate speculative execution side-channel vulnerabilities
2018-07 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4338824)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4338824
MS16-120: Security Update for Microsoft Graphics Component (3192884)
MS16-120: October, 2016 Security Only Quality Update for Windows Server 2012 (KB3192393)
MS16-120: October, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3192392)
https://www.catalog.update.microsoft.com/search.aspx?q=3192393
https://www.catalog.update.microsoft.com/search.aspx?q=3192392
Microsoft CVE-2020-0646: .NET Framework Remote Code Execution Injection Vulnerability
2020-01 Security Only Update for .NET Framework 4.8 for Windows Server 2012 for x64 (KB4532950)
https://www.catalog.update.microsoft.com/Search.aspx?q=4532950
2020-01 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4532951)
https://www.catalog.update.microsoft.com/Search.aspx?q=4532951
MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
MS15-048: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-
based Systems (KB3023222)
https://www.catalog.update.microsoft.com/Search.aspx?q=MS15-048
MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
MS14-072: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-
based Systems (KB2978126)
https://www.microsoft.com/en-us/download/details.aspx?id=44672
MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)
S15-101: Security Update for Microsoft .NET Framework 4.6 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3074232)
https://www.microsoft.com/en-us/download/details.aspx?id=48893
MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
MS14-053: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-
based Systems (KB2977765)
https://www.microsoft.com/en-in/download/details.aspx?id=44193
MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)
MS15-118: Security Update for Microsoft .NET Framework 4.6 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3098785)
https://www.microsoft.com/en-us/download/details.aspx?id=49664
MS15-041: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
MS15-041: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-
based Systems (KB3037579)
https://www.catalog.update.microsoft.com/Search.aspx?q=ms15-041
MS15-049: Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)
MS15-044: Security Update for Microsoft Silverlight (KB3056819)
microsoft.com/en-us/download/details.aspx?id=47128
MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
MS14-057: Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-
based Systems (KB2978041)
https://www.microsoft.com/en-in/download/details.aspx?id=44321
MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
Microsoft SQL Server 2014 on Microsoft (x86_64)
MS15-058: Security Update for SQL Server 2014 (KB3045323)
https://www.microsoft.com/en-us/download/details.aspx?id=48010
MS14-059: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
MS14-059: Security Update for Microsoft ASP.NET MVC 2 (KB2993939)
MS14-059: Security Update for Microsoft ASP.NET MVC 3 (KB2993937)
MS14-059: Security Update for Microsoft ASP.NET MVC 5.1 (KB2994397)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB2993928
MS15-080: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
MS15-080: Security Update for Windows Server 2012 R2 (KB3078601)
MS15-080: Security Update for Windows Server 2012 (KB3078601)
https://www.microsoft.com/en-us/download/details.aspx?id=48327
MS15-129: Security Update for Silverlight to Address Remote Code Execution (3106614)
MS15-129: Security Update for Microsoft Silverlight (KB3106614)
https://www.microsoft.com/en-in/download/details.aspx?id=50349
MS15-044: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
MS15-044: Security Update for Windows Server 2012 R2 (KB3045171)
https://www.microsoft.com/en-us/download/details.aspx?id=46944
MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)
Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2
https://www.microsoft.com/en-in/download/details.aspx?id=43926
Microsoft CVE-2020-0606: .NET Framework Remote Code Execution Vulnerability
2020-01 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4532951)
https://www.catalog.update.microsoft.com/Search.aspx?q=4532951
MS16-006: Security Update for Silverlight to Address Remote Code Execution (3126036)
MS16-006: Security Update for Microsoft Silverlight (KB3126036)
https://www.microsoft.com/en-us/download/details.aspx?id=50719
MS16-109: Security Update for Silverlight (3182373)
MS16-109: Security Update for Microsoft Silverlight (KB3182373)
https://www.microsoft.com/en-us/download/details.aspx?id=53822
Microsoft CVE-2017-0283: Windows Uninscribed Remote Code Execution Vulnerability
2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717
Microsoft CVE-2017-8527: Win32k Graphics Remote Code Execution Vulnerability
2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717
Microsoft CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability
2020-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4552962)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4552962
Microsoft CVE-2017-0108: Windows Graphics Component Remote Code Execution Vulnerability
https://www.catalog.update.microsoft.com/search.aspx?q=kb4012213
Microsoft CVE-2020-1147: .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
2020-07 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4565588)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4565588
Microsoft CVE-2020-1108: .NET Core & .NET Framework Denial of Service Vulnerability
2020-05 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4552962)
https://www.catalog.update.microsoft.com/Search.aspx?q=4552962
Microsoft CVE-2019-1142: .NET Framework Elevation of Privilege Vulnerability
2019-09 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4514331)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4514331
Microsoft CVE-2020-1476: ASP.NET and .NET Elevation of Privilege Vulnerability
2020-08 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4569732)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4569732
Microsoft CVE-2020-16937: .NET Framework Information Disclosure Vulnerability
2020-10 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64
(KB4578986)
https://www.catalog.update.microsoft.com/Search.aspx?q=Microsoft+.NET+Framework+4.6.2
Microsoft CVE-2013-6629: libjpeg Information Disclosure Vulnerability
2017 Security Only Quality Update for Windows Server 2012 R2 (KB4015547)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4015547
Microsoft CVE-2017-8527: Win32k Graphics Remote Code Execution Vulnerability
Microsoft CVE-2017-0283: Windows Uniscribe Remote Code Execution Vulnerability
This will applicable for both the above VA issue (CVE-2017-8527 and CVE-2017-0283)
Download and apply patch from below link Select this and click on download button.
(2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4022717
Microsoft CVE-2017-8563: Windows Elevation of Privilege Vulnerability
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4025333
Microsoft CVE-2020-0689: Microsoft Secure Boot Security Feature Bypass Vulnerability
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4592495
No comments:
Post a Comment