KLA10801 Multiple vulnerabilities in Microsoft Windows

2016-05-10T00:00:00
ID KLA10801
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-09-25T00:00:00

Description

Detect date:

05/10/2016

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges, obtain sensitive information.

Affected products:

Windows Server 2012 R2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows RT 8.1
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows Vista Service Pack 2
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 for 32-bit Systems
Windows Server 2008 for 32-bit Systems (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Vista x64 Edition Service Pack 2
Windows 10 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-0185
CVE-2016-0189
CVE-2016-0181
CVE-2016-0197
CVE-2016-0196
CVE-2016-0195
CVE-2016-0152
CVE-2016-0168
CVE-2016-0176
CVE-2016-0174
CVE-2016-0175
CVE-2016-0180
CVE-2016-0173
CVE-2016-0170
CVE-2016-0171
CVE-2016-0190
CVE-2016-0184
CVE-2016-0169
CVE-2016-0182
CVE-2016-0178
CVE-2016-0179

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2016-01859.3Critical
CVE-2016-01897.6Critical
CVE-2016-01812.1Warning
CVE-2016-01977.2High
CVE-2016-01967.2High
CVE-2016-01959.3Critical
CVE-2016-01527.2High
CVE-2016-01684.3Warning
CVE-2016-01767.2High
CVE-2016-01747.2High
CVE-2016-01752.1Warning
CVE-2016-01807.2High
CVE-2016-01737.2High
CVE-2016-01709.3Critical
CVE-2016-01717.2High
CVE-2016-01902.1Warning
CVE-2016-01849.3Critical
CVE-2016-01694.3Warning
CVE-2016-01829.3Critical
CVE-2016-01789.0Critical
CVE-2016-01799.3Critical

Microsoft official advisories:

KB list:

3156421
3156059
3156016
3153704
3155784
3156387
3156013
3141083
3156019
3155178
3153171
3156017
3153199
3158991
3150220

Exploitation:

The following public exploits exists for this vulnerability: