Kaspersky LabKLA10975KLA10975 Multiple vulnerabilities in Microsoft Windows
9 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
0.027 Low
EPSS
Percentile
90.3%
Detect date:
03/14/2017
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information.
Affected products:
Windows Server 2016
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2012
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Vista x64 Edition Service Pack 2
Windows 10 Version 1607 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 8.1 for x64-based systems
Windows Server 2016 (Server Core installation)
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2017-0051
CVE-2017-0021
CVE-2017-0095
CVE-2017-0096
CVE-2017-0097
CVE-2017-0098
CVE-2017-0099
CVE-2017-0109
CVE-2017-0074
CVE-2017-0075
CVE-2017-0076
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2017-00512.9Warning
CVE-2017-00217.7Critical
CVE-2017-00957.9Critical
CVE-2017-00962.3Warning
CVE-2017-00972.3Warning
CVE-2017-00982.9Warning
CVE-2017-00992.3Warning
CVE-2017-01097.4High
CVE-2017-00742.3Warning
CVE-2017-00757.4High
CVE-2017-00762.9Warning
Microsoft official advisories:
KB list:
4012217
4012216
4012606
4013198
4013429
3211306
4012214
4012213
References
support.microsoft.com/kb/3211306
support.microsoft.com/kb/4012213
support.microsoft.com/kb/4012214
support.microsoft.com/kb/4012216
support.microsoft.com/kb/4012217
support.microsoft.com/kb/4012606
support.microsoft.com/kb/4013198
support.microsoft.com/kb/4013429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0021
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0051
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0074
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0075
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0076
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0095
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0096
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0097
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0098
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0099
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0109
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
9 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
0.027 Low
EPSS
Percentile
90.3%