Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10856
HistoryAug 09, 2016 - 12:00 a.m.

KLA10856 Multiple vulnerabilities in Microsoft Windows

2016-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
99

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.526 Medium

EPSS

Percentile

97.5%

JSON

Detect date:

08/09/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges or obtain sensitive information.

Affected products:

Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsof windows Server 2008 R2 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-3319
CVE-2016-3320
CVE-2016-3312
CVE-2016-3311
CVE-2016-3310
CVE-2016-3309
CVE-2016-3308
CVE-2016-3304
CVE-2016-3303
CVE-2016-3301
CVE-2016-3300
CVE-2016-3237

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2016-33199.3Critical
CVE-2016-33204.0Warning
CVE-2016-33125.0Warning
CVE-2016-33117.2High
CVE-2016-33107.2High
CVE-2016-33097.2High
CVE-2016-33087.2High
CVE-2016-33049.3Critical
CVE-2016-33039.3Critical
CVE-2016-33019.3Critical
CVE-2016-33007.2High
CVE-2016-32376.8High

Microsoft official advisories:

KB list:

3175887
3176495
3176492
3176493
3177725
3178034
3172729
3177108
3192441
3194798
3192440
3185331
3185332
3192393
3192392
3167679

Exploitation:

Public exploits exist for this vulnerability.

References

Related

attackerkb 3
prion 12
mskb 34
cve 12
openvas 12
nessus 9
kaspersky 3
checkpoint_advisories 7
symantec 12
mscve 12
seebug 1
fedora 1
thn 1
talos 1
zdt 5
packetstorm 1
exploitpack 2
zdi 2
cisa_kev 1
exploitdb 2
threatpost 1
securelist 1
cisa 1
attackerkb
attackerkb
CVE-2016-3311
2016-08-09 00:00:00
CVE-2016-3309
2016-08-09 00:00:00
CVE-2016-3310
2016-08-09 00:00:00
prion
prion
Privilege escalation
2016-08-09 21:59:00
Privilege escalation
2016-08-09 21:59:00
Privilege escalation
2016-08-09 21:59:00
mskb
mskb
MS16-098: Security update for Windows kernel-mode drivers: August 9, 2016
2016-08-09 00:00:00
MS16-098: Description of the security update for Windows kernel-mode drivers: August 9, 2016
2016-08-09 07:00:00
Security update 2016-08-09
2016-08-09 07:00:00
cve
cve
CVE-2016-3309
2016-08-09 21:59:00
CVE-2016-3310
2016-08-09 21:59:00
CVE-2016-3308
2016-08-09 21:59:00
openvas
openvas
Microsoft Kernel-Mode Drivers Multiple Privilege Elevation Vulnerabilities (3178466)
2016-08-10 00:00:00
Microsoft Graphics Component Multiple Remote Code Execution Vulnerabilities (3177393)
2016-08-10 00:00:00
Microsoft Office Multiple Remote Code Execution Vulnerabilities (3177393)
2016-08-10 00:00:00
nessus
nessus
MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466)
2016-08-09 00:00:00
MS16-097: Security Update for Microsoft Graphics Component (3177393)
2016-08-10 00:00:00
MS16-101: Security Update for Windows Authentication Methods (3178465)
2016-08-09 00:00:00
kaspersky
kaspersky
KLA11908 Multiple vulnerabilities in Microsoft Products (ESU)
2016-08-09 00:00:00
KLA10857 Multiple vulnerabilities in Microsoft Office
2016-08-09 00:00:00
KLA10858 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
2016-08-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Graphics Component Remote Code Execution (MS16-097: CVE-2016-3301; CVE-2016-3303)
2016-08-09 00:00:00
Microsoft Win32k Elevation of Privilege (MS16-098: CVE-2016-3311)
2016-08-09 00:00:00
Microsoft Win32k Elevation of Privilege (MS16-098: CVE-2016-3310)
2016-08-09 00:00:00
symantec
symantec
Microsoft Windows and Edge CVE-2016-3319 Remote Code Execution Vulnerability
2016-08-09 00:00:00
Microsoft Windows CVE-2016-3320 Local Security Bypass Vulnerability
2016-08-09 00:00:00
Microsoft Windows Netlogon CVE-2016-3300 Remote Privilege Escalation Vulnerability
2016-08-09 00:00:00
mscve
mscve
Windows PDF Remote Code Execution Vulnerability
2016-08-09 07:00:00
NetLogon Elevation of Privilege Vulnerability
2016-08-09 07:00:00
Secure Boot Security Feature Bypass Vulnerability
2016-08-09 07:00:00
seebug
seebug
Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability(CVE-2016-3319)
2017-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: dbxtool-7-2.fc25
2016-08-19 02:26:57
thn
thn
Microsoft Releases 9 Security Updates to Patch 34 Vulnerabilities
2016-08-09 21:38:00
talos
talos
Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability
2016-08-09 00:00:00
zdt
zdt
Kerberos in Microsoft Windows - Security Feature Bypass (MS16-101)
2016-09-22 00:00:00
Microsoft Windows 10 x64 RS2 - win32kfull!bFill Pool Overflow Exploit
2017-10-06 00:00:00
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
2016-08-17 00:00:00
packetstorm
packetstorm
Kerberos Security Feature Bypass
2016-09-23 00:00:00
exploitpack
exploitpack
Microsoft Windows 10 RS2 (x64) - win32kfull!bFill Pool Overflow
2017-10-06 00:00:00
Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)
2016-09-22 00:00:00
zdi
zdi
Microsoft Windows win32k RGNOBJ Integer Overflow Privilege Escalation Vulnerability
2016-08-09 00:00:00
Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Access Privilege Escalation Vulnerability
2016-08-09 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Kernel Privilege Escalation Vulnerability
2022-03-15 00:00:00
exploitdb
exploitdb
Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)
2016-09-22 00:00:00
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
2017-10-06 00:00:00
threatpost
threatpost
August 2016 Microsoft Patch Tuesday Security Bulletins
2016-08-09 14:59:55
securelist
securelist
MysterySnail attacks with Windows zero-day
2021-10-12 17:07:08
cisa
cisa
CISA Adds 15 Known Exploited Vulnerability to Catalog
2022-03-15 00:00:00

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.526 Medium

EPSS

Percentile

97.5%

JSON
Related for KLA10856
attackerkb3prion12mskb34cve12openvas12nessus9kaspersky3checkpoint_advisories7symantec12mscve12seebug1fedora1thn1talos1zdt5packetstorm1exploitpack2zdi2cisa_kev1exploitdb2threatpost1securelist1cisa1