Kaspersky LabKLA10979KLA10979 Multiple vulnerabilities in Microsoft Windows
9 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Detect date:
03/14/2017
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service.
Affected products:
Microsoft Windows Vista Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS17-012
CVE-2017-0051
CVE-2017-0021
CVE-2017-0095
CVE-2017-0096
CVE-2017-0097
CVE-2017-0098
CVE-2017-0099
CVE-2017-0109
CVE-2017-0074
CVE-2017-0075
CVE-2017-0076
CVE-2017-0055
CVE-2017-0102
CVE-2017-0103
CVE-2017-0101
CVE-2017-0050
CVE-2017-0056
CVE-2017-0024
CVE-2017-0026
CVE-2017-0078
CVE-2017-0079
CVE-2017-0080
CVE-2017-0081
CVE-2017-0082
CVE-2017-0043
CVE-2017-0045
CVE-2017-0022
CVE-2017-0143
CVE-2017-0144
CVE-2017-0145
CVE-2017-0146
CVE-2017-0147
CVE-2017-0148
CVE-2017-0014
CVE-2017-0060
CVE-2017-0061
CVE-2017-0062
CVE-2017-0063
CVE-2017-0025
CVE-2017-0073
CVE-2017-0108
CVE-2017-0038
CVE-2017-0001
CVE-2017-0005
CVE-2017-0047
CVE-2017-0072
CVE-2017-0083
CVE-2017-0084
CVE-2017-0085
CVE-2017-0086
CVE-2017-0087
CVE-2017-0088
CVE-2017-0089
CVE-2017-0090
CVE-2017-0091
CVE-2017-0092
CVE-2017-0111
CVE-2017-0112
CVE-2017-0113
CVE-2017-0114
CVE-2017-0115
CVE-2017-0116
CVE-2017-0117
CVE-2017-0118
CVE-2017-0119
CVE-2017-0120
CVE-2017-0121
CVE-2017-0122
CVE-2017-0123
CVE-2017-0124
CVE-2017-0125
CVE-2017-0126
CVE-2017-0127
CVE-2017-0128
CVE-2017-0130
CVE-2017-0008
CVE-2017-0057
CVE-2017-0100
CVE-2017-0104
CVE-2017-0007
CVE-2017-0016
CVE-2017-0039
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2017-00515.4High
CVE-2017-00219.0Critical
CVE-2017-00957.6Critical
CVE-2017-00962.6Warning
CVE-2017-00975.4High
CVE-2017-00985.4High
CVE-2017-00995.4High
CVE-2017-01097.6Critical
CVE-2017-00745.4High
CVE-2017-00757.6Critical
CVE-2017-00765.4High
CVE-2017-00556.1High
CVE-2017-01027.8Critical
CVE-2017-01037.0High
CVE-2017-01017.8Critical
CVE-2017-00507.8Critical
CVE-2017-00567.8Critical
CVE-2017-00247.8Critical
CVE-2017-00267.8Critical
CVE-2017-00787.8Critical
CVE-2017-00797.8Critical
CVE-2017-00807.8Critical
CVE-2017-00817.8Critical
CVE-2017-00827.8Critical
CVE-2017-00435.3High
CVE-2017-00455.5High
CVE-2017-00224.3Warning
CVE-2017-01438.1Critical
CVE-2017-01448.1Critical
CVE-2017-01458.1Critical
CVE-2017-01468.1Critical
CVE-2017-01475.9High
CVE-2017-01488.1Critical
CVE-2017-00147.5Critical
CVE-2017-00605.5High
CVE-2017-00615.3High
CVE-2017-00624.7Warning
CVE-2017-00636.5High
CVE-2017-00257.8Critical
CVE-2017-00734.3Warning
CVE-2017-01087.8Critical
CVE-2017-00385.5High
CVE-2017-00017.8Critical
CVE-2017-00057.0High
CVE-2017-00477.8Critical
CVE-2017-00728.8Critical
CVE-2017-00838.8Critical
CVE-2017-00848.8Critical
CVE-2017-00854.3Warning
CVE-2017-00868.8Critical
CVE-2017-00878.8Critical
CVE-2017-00888.8Critical
CVE-2017-00898.8Critical
CVE-2017-00908.8Critical
CVE-2017-00914.3Warning
CVE-2017-00924.3Warning
CVE-2017-01114.3Warning
CVE-2017-01124.3Warning
CVE-2017-01134.3Warning
CVE-2017-01144.3Warning
CVE-2017-01154.3Warning
CVE-2017-01164.3Warning
CVE-2017-01174.3Warning
CVE-2017-01184.3Warning
CVE-2017-01194.3Warning
CVE-2017-01204.3Warning
CVE-2017-01214.3Warning
CVE-2017-01224.3Warning
CVE-2017-01234.3Warning
CVE-2017-01244.3Warning
CVE-2017-01254.3Warning
CVE-2017-01264.3Warning
CVE-2017-01274.3Warning
CVE-2017-01284.3Warning
CVE-2017-01307.5Critical
CVE-2017-00084.3Warning
CVE-2017-00574.3Warning
CVE-2017-01007.8Critical
CVE-2017-01048.1Critical
CVE-2017-00075.5High
CVE-2017-00165.9High
CVE-2017-00397.8Critical
Microsoft official advisories:
KB list:
4012217
4012215
4012216
4012606
4013198
4013429
3211306
4012212
4012214
4012213
4012598
4012583
3217587
4012021
4012373
4012497
4017018
4012584
3218362
3205715
4011981
3217882
Exploitation:
This vulnerability can be exploited by the following malware:
References
support.microsoft.com/kb/3205715
support.microsoft.com/kb/3211306
support.microsoft.com/kb/3217587
support.microsoft.com/kb/3217882
support.microsoft.com/kb/3218362
support.microsoft.com/kb/4011981
support.microsoft.com/kb/4012021
support.microsoft.com/kb/4012212
support.microsoft.com/kb/4012213
support.microsoft.com/kb/4012214
support.microsoft.com/kb/4012215
support.microsoft.com/kb/4012216
support.microsoft.com/kb/4012217
support.microsoft.com/kb/4012373
support.microsoft.com/kb/4012497
support.microsoft.com/kb/4012583
support.microsoft.com/kb/4012584
support.microsoft.com/kb/4012598
support.microsoft.com/kb/4012606
support.microsoft.com/kb/4013198
support.microsoft.com/kb/4013429
support.microsoft.com/kb/4017018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0001
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0005
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0024
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0025
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0043
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0047
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0051
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0055
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0057
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0062
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0074
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0079
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0085
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0086
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0087
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0091
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0095
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0099
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0100
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0102
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0104
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0109
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0112
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0113
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0114
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0115
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0119
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0120
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0122
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0125
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0126
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0127
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0128
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0146
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0148
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/library/security/MS17-012
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/
threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/
Related
9 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%