Kaspersky LabKLA10984KLA10984 Privilege escalation vulnerabilities in Windows kernel
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
50.3%
Detect date:
03/14/2017
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges.
Affected products:
Windows Vista Service Pack 2
Windows 7 Service Pack 1
Windows 8.1
Windows RT
Windows 10
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS17-017
CVE-2017-0102
CVE-2017-0103
CVE-2017-0101
CVE-2017-0050
Impacts:
PE
Related products:
CVE-IDS:
CVE-2017-01024.6Warning
CVE-2017-01034.4Warning
CVE-2017-01016.8High
CVE-2017-00507.2High
Microsoft official advisories:
KB list:
4012217
4012215
4012216
4012606
4013198
4013429
4012212
4012214
4012213
4011981
4013081
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/4011981
support.microsoft.com/kb/4012212
support.microsoft.com/kb/4012213
support.microsoft.com/kb/4012214
support.microsoft.com/kb/4012215
support.microsoft.com/kb/4012216
support.microsoft.com/kb/4012217
support.microsoft.com/kb/4012606
support.microsoft.com/kb/4013081
support.microsoft.com/kb/4013198
support.microsoft.com/kb/4013429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0102
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms17-017.aspx
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
50.3%