Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10882
HistoryOct 11, 2016 - 12:00 a.m.

KLA10882 Multiple vulnerabilities in Microsoft Windows

2016-10-1100:00:00
Kaspersky Lab
threats.kaspersky.com
74

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.4%

JSON

Detect date:

10/11/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges or obtain sensitive information.

Affected products:

Microsoft Windows 10 1511, 1607
Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-3270
CVE-2016-3263
CVE-2016-3209
CVE-2016-3262
CVE-2016-7182
CVE-2016-3396
CVE-2016-3393
CVE-2016-3298
CVE-2016-3376
CVE-2016-3341
CVE-2016-3266
CVE-2016-0070
CVE-2016-0073
CVE-2016-0075
CVE-2016-0079
CVE-2016-0142
CVE-2016-7211
CVE-2016-7188
CVE-2016-7185

Impacts:

ACE

Related products:

Microsoft Windows Vista

CVE-IDS:

CVE-2016-3263

Microsoft official advisories:

KB list:

4038788
3183431
3192441
3191203
3190847
3194798
3191256
3192440
3185331
3193515
3185332
3192393
3192392
3200970

Exploitation:

Public exploits exist for this vulnerability.

References

Related

mskb 46
nessus 8
openvas 14
kaspersky 4
prion 19
cve 19
thn 1
threatpost 4
symantec 19
checkpoint_advisories 16
mscve 19
attackerkb 2
cisa_kev 2
zdi 1
exploitpack 1
exploitdb 1
ibm 1
mskb
mskb
MS16-120 and MS16-123: Description of the security update for kernel-mode drivers: October 11, 2016
2016-10-11 07:00:00
MS16-120: Security update for Microsoft graphics component: October 11, 2016
2016-10-11 00:00:00
October 2016 security monthly quality rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
2016-10-11 07:00:00
nessus
nessus
MS16-120: Security Update for Microsoft Graphics Component (3192884)
2016-10-12 00:00:00
MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892)
2016-10-12 00:00:00
MS16-124: Security Update for Windows Registry (3193227)
2016-10-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (3192884)
2016-10-12 00:00:00
Microsoft Lync Multiple Vulnerabilities (3192884)
2016-10-12 00:00:00
Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (3192884)
2016-10-12 00:00:00
kaspersky
kaspersky
KLA11906 Multiple vulnerabilities for Microsoft Products (ESU)
2016-10-11 00:00:00
KLA10884 Code execution vulnerability in Microsoft Office
2016-10-11 00:00:00
KLA10883 OSI vulnerability in Microsoft Products
2016-10-11 00:00:00
prion
prion
Privilege escalation
2016-10-14 02:59:00
Privilege escalation
2016-10-14 02:59:00
Privilege escalation
2016-10-14 02:59:00
cve
cve
CVE-2016-7185
2016-10-14 02:59:00
CVE-2016-3376
2016-10-14 02:59:00
CVE-2016-3266
2016-10-14 02:59:00
thn
thn
Microsoft Patches 5 Zero-Day Vulnerabilities Being Exploited in the Wild
2016-10-11 20:41:00
threatpost
threatpost
Microsoft Patches Five Zero Days Under Attack
2016-10-11 15:18:35
FruityArmor APT Group Used Recently Patched Windows Zero Day
2016-10-20 07:00:01
Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw
2019-03-13 15:15:11
symantec
symantec
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-7211 Local Privilege Escalation Vulnerability
2016-10-11 00:00:00
Microsoft Windows Graphics Component CVE-2016-3270 Local Privilege Escalation Vulnerability
2016-10-11 00:00:00
Microsoft Internet Explorer CVE-2016-3298 Multiple Information Disclosure Vulnerabilities
2016-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Win32k Elevation of Privilege (MS16-120: CVE-2016-3270)
2016-10-11 00:00:00
Microsoft Win32k Elevation of Privilege (MS16-123: CVE-2016-7211)
2016-10-11 00:00:00
Microsoft Windows GDI+ Information Disclosure (MS16-120: CVE-2016-3262)
2016-10-11 00:00:00
mscve
mscve
Win32k Elevation of Privilege Vulnerability
2016-10-11 07:00:00
Internet Explorer Information Disclosure Vulnerability
2016-10-11 07:00:00
GDI+ Information Disclosure Vulnerability
2016-10-11 07:00:00
attackerkb
attackerkb
CVE-2016-3298
2016-10-14 00:00:00
CVE-2016-3393
2016-10-14 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability
2022-05-24 00:00:00
Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability
2022-05-25 00:00:00
zdi
zdi
Microsoft Windows MSXML IDispatch Use-After-Free Information Disclosure Vulnerability
2016-09-16 00:00:00
exploitpack
exploitpack
Microsoft Windows Kernel - win32k Denial of Service (MS16-135)
2016-11-09 00:00:00
exploitdb
exploitdb
Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)
2016-11-09 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1
2021-02-20 06:44:39

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.4%

JSON
Related for KLA10882
mskb46nessus8openvas14kaspersky4prion19cve19thn1threatpost4symantec19checkpoint_advisories16mscve19attackerkb2cisa_kev2zdi1exploitpack1exploitdb1ibm1