Lucene search

K
kasperskyKaspersky LabKLA10825
HistoryJun 14, 2016 - 12:00 a.m.

KLA10825 Multiple vulnerabilities in Microsoft Windows

2016-06-1400:00:00
Kaspersky Lab
threats.kaspersky.com
350

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.937 High

EPSS

Percentile

99.1%

Detect date:

06/14/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, gain privileges or obtain sensitive information.

Affected products:

Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows 10 Versioin 1511

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-3215
CVE-2016-3213
CVE-2016-3203
CVE-2016-3201
CVE-2016-3220
CVE-2016-3219
CVE-2016-3218
CVE-2016-3216
CVE-2016-3299
CVE-2016-3236
CVE-2016-3232
CVE-2016-3231
CVE-2016-3228
CVE-2016-3227
CVE-2016-3225
CVE-2016-3223
CVE-2016-3221

Impacts:

ACE

Related products:

Microsoft Windows Vista

CVE-IDS:

CVE-2016-32155.5High
CVE-2016-32138.8Critical
CVE-2016-32037.8Critical
CVE-2016-32016.5High
CVE-2016-32207.8Critical
CVE-2016-32197.8Critical
CVE-2016-32187.8Critical
CVE-2016-32164.3Warning
CVE-2016-32995.3High
CVE-2016-32369.8Critical
CVE-2016-32325.0Warning
CVE-2016-32317.8Critical
CVE-2016-32288.8Critical
CVE-2016-32279.8Critical
CVE-2016-32257.8Critical
CVE-2016-32238.1Critical
CVE-2016-32217.8Critical

Microsoft official advisories:

KB list:

3162343
3161561
3163017
3163018
3159398
3161949
3161664
3164033
3164035
3164294
3157569
3161951

Exploitation:

Public exploits exist for this vulnerability.

References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.937 High

EPSS

Percentile

99.1%