Kaspersky LabKLA10978KLA10978 Multiple vulnerabilities in Windows Uniscribe
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.212 Low
EPSS
Percentile
96.3%
Detect date:
03/14/2017
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Windows Uniscribe. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.
Affected products:
Microsoft Windows Vista Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS17-011
CVE-2017-0072
CVE-2017-0083
CVE-2017-0084
CVE-2017-0085
CVE-2017-0086
CVE-2017-0087
CVE-2017-0088
CVE-2017-0089
CVE-2017-0090
CVE-2017-0091
CVE-2017-0092
CVE-2017-0111
CVE-2017-0112
CVE-2017-0113
CVE-2017-0114
CVE-2017-0115
CVE-2017-0116
CVE-2017-0117
CVE-2017-0118
CVE-2017-0119
CVE-2017-0120
CVE-2017-0121
CVE-2017-0122
CVE-2017-0123
CVE-2017-0124
CVE-2017-0125
CVE-2017-0126
CVE-2017-0127
CVE-2017-0128
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2017-00729.3Critical
CVE-2017-00839.3Critical
CVE-2017-00849.3Critical
CVE-2017-00854.3Warning
CVE-2017-00869.3Critical
CVE-2017-00879.3Critical
CVE-2017-00889.3Critical
CVE-2017-00899.3Critical
CVE-2017-00909.3Critical
CVE-2017-00914.3Warning
CVE-2017-00924.3Warning
CVE-2017-01114.3Warning
CVE-2017-01124.3Warning
CVE-2017-01134.3Warning
CVE-2017-01144.3Warning
CVE-2017-01154.3Warning
CVE-2017-01164.3Warning
CVE-2017-01174.3Warning
CVE-2017-01184.3Warning
CVE-2017-01194.3Warning
CVE-2017-01204.3Warning
CVE-2017-01214.3Warning
CVE-2017-01224.3Warning
CVE-2017-01234.3Warning
CVE-2017-01244.3Warning
CVE-2017-01254.3Warning
CVE-2017-01264.3Warning
CVE-2017-01274.3Warning
CVE-2017-01284.3Warning
Microsoft official advisories:
KB list:
4012217
4012215
4012216
4012606
4013198
4013429
4012212
4012214
4012213
4013076
4012583
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/4012212
support.microsoft.com/kb/4012213
support.microsoft.com/kb/4012214
support.microsoft.com/kb/4012215
support.microsoft.com/kb/4012216
support.microsoft.com/kb/4012217
support.microsoft.com/kb/4012583
support.microsoft.com/kb/4012606
support.microsoft.com/kb/4013076
support.microsoft.com/kb/4013198
support.microsoft.com/kb/4013429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0128
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0085
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0086
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0087
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0091
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0112
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0113
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0114
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0115
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0119
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0120
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0122
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0125
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0126
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0127
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0128
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms17-011.aspx
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.212 Low
EPSS
Percentile
96.3%