Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10769
HistoryMar 08, 2016 - 12:00 a.m.

KLA10769 Multiple vulnerabilities in Microsoft Windows

2016-03-0800:00:00
Kaspersky Lab
threats.kaspersky.com
78

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.926 High

EPSS

Percentile

99.0%

JSON

Detect date:

03/08/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or gain privileges.

Affected products:

Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows 2012
Microsoft Windows 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows 10 Version 1511

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-0094
CVE-2016-0095
CVE-2016-0121
CVE-2016-0120
CVE-2016-0118
CVE-2016-0087
CVE-2016-0091
CVE-2016-0092
CVE-2016-0093
CVE-2016-0098
CVE-2016-0096
CVE-2016-0100
CVE-2016-0099
CVE-2016-0101
CVE-2016-0133
CVE-2016-0117

Impacts:

ACE

Related products:

Microsoft Windows Vista

CVE-IDS:

CVE-2016-00947.2High
CVE-2016-00957.2High
CVE-2016-01219.3Critical
CVE-2016-01207.1High
CVE-2016-01189.3Critical
CVE-2016-00877.2High
CVE-2016-00916.8High
CVE-2016-00929.3Critical
CVE-2016-00937.2High
CVE-2016-00989.3Critical
CVE-2016-00967.2High
CVE-2016-01007.2High
CVE-2016-00997.2High
CVE-2016-01019.3Critical
CVE-2016-01337.2High
CVE-2016-01179.3Critical

Microsoft official advisories:

KB list:

3140768
3140745
3139398
3139940
3140709
3143136
3138962
3139914
3140735
3143145
3143146
3140410
3143141
3143142
3143081
3139852
3137513
3143148
3138910

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 9
prion 16
cve 16
openvas 9
mskb 7
threatpost 2
zdt 9
symantec 16
checkpoint_advisories 12
zdi 4
attackerkb 1
seebug 2
securelist 1
cisa_kev 1
packetstorm 2
canvas 2
metasploit 1
exploitdb 1
fireeye 2
talosblog 1
nessus
nessus
MS16-034: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
2016-03-08 00:00:00
MS16-026: Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
2016-03-08 00:00:00
MS16-030: Security Update for Windows OLE to Address Remote Code Execution (3143136)
2016-03-08 00:00:00
prion
prion
Privilege escalation
2016-03-09 11:59:00
Privilege escalation
2016-03-09 11:59:00
Privilege escalation
2016-03-09 11:59:00
cve
cve
CVE-2016-0096
2016-03-09 11:59:00
CVE-2016-0094
2016-03-09 11:59:00
CVE-2016-0093
2016-03-09 11:59:00
openvas
openvas
Microsoft Kernel-Mode Drivers Privilege Elevation Vulnerabilities (3143145)
2016-03-09 00:00:00
Microsoft Graphic Fonts Multiple Vulnerabilities (3143148)
2016-03-09 00:00:00
Microsoft Windows OLE Remote Code Execution Vulnerabilities (3143136)
2016-03-09 00:00:00
mskb
mskb
MS16-034: Security update for Windows kernel-mode drivers to address elevation of privilege: March 8, 2016
2016-03-08 00:00:00
MS16-026: Security update for graphic fonts to address remote code execution: March 8, 2016
2016-03-08 00:00:00
MS16-030: Security update for Windows OLE to address remote code execution: March 8, 2016
2016-03-08 00:00:00
threatpost
threatpost
March 2016 Microsoft Patch Tuesday Security Bulletins
2016-03-08 14:08:51
Caution Urged over Patched Windows USB Driver Flaw
2016-03-09 14:07:54
zdt
zdt
Microsoft Windows - Kernel ATMFD.dll OTF Font Processing Pool-Based Buffer Overflow (MS16-026)
2016-03-14 00:00:00
Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (Pow
2016-04-21 00:00:00
Microsoft Windows 8.1 / 10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege E
2016-03-21 00:00:00
symantec
symantec
Microsoft Windows OpenType Fonts CVE-2016-0121 Remote Code Execution Vulnerability
2016-03-08 00:00:00
Microsoft Windows USB Mass Storage CVE-2016-0133 Local Privilege Escalation Vulnerability
2016-03-08 00:00:00
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0095 Local Privilege Escalation Vulnerability
2016-03-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows OpenType Font Parsing Remote Code Execution (MS16-026: CVE-2016-0121)
2016-03-08 00:00:00
Microsoft Windows Elevation of Privilege (MS16-031: CVE-2016-0087)
2016-03-08 00:00:00
Microsoft Windows Server Privilege Escalation (CVE-2016-0095)
2020-12-02 00:00:00
zdi
zdi
Microsoft Windows OleLoadPicture Bitmap Heap Corruption Remote Code Execution Vulnerability
2016-03-08 00:00:00
Microsoft Windows CreateWindowStation Privilege Escalation Vulnerability
2016-03-10 00:00:00
Microsoft Windows OleLoadPicture Heap Corruption Remote Code Execution Vulnerability
2016-03-08 00:00:00
attackerkb
attackerkb
CVE-2016-0099
2016-03-09 00:00:00
seebug
seebug
MS16-032 Secondary Logon Handle local mention the right vulnerability
2016-07-15 00:00:00
Windows bitmapε†…ζ Έι‡Šζ”ΎεŽι‡η”¨ζΌζ΄ž(CVE-2016-0094)
2016-04-08 00:00:00
securelist
securelist
On the trail of the XMRig miner
2020-10-22 10:00:59
cisa_kev
cisa_kev
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
2022-03-03 00:00:00
packetstorm
packetstorm
MS16-032 Secondary Logon Handle Privilege Escalation
2016-07-12 00:00:00
Office OLE DLL Hijacking
2016-11-10 00:00:00
canvas
canvas
Immunity Canvas: MS16_032
2016-03-09 11:59:00
Immunity Canvas: MS16_135
2016-11-10 02:00:09
metasploit
metasploit
MS16-032 Secondary Logon Handle Privilege Escalation
2016-06-21 18:56:12
exploitdb
exploitdb
Microsoft Windows 7 &lt; 10 / 2008 &lt; 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)
2016-07-13 00:00:00
fireeye
fireeye
How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners
2018-07-18 14:00:00
How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners
2018-07-18 10:00:00
talosblog
talosblog
China Chopper still active 9 years later
2019-08-27 08:14:42

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.926 High

EPSS

Percentile

99.0%

JSON
Related for KLA10769
nessus9prion16cve16openvas9mskb7threatpost2zdt9symantec16checkpoint_advisories12zdi4attackerkb1seebug2securelist1cisa_kev1packetstorm2canvas2metasploit1exploitdb1fireeye2talosblog1