KLA11009 Multiple vulnerabilities in Microsoft Windows

2017-05-09T00:00:00
ID KLA11009
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-09-29T00:00:00

Description

Detect date:

05/09/2017

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, gain privileges.

Affected products:

Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2012
Windows RT 8.1
Windows 10 Version 1607 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2012 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2012 R2
Windows 10 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1703 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows Server 2016 (Server Core installation)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-0280
CVE-2017-0274
CVE-2017-0272
CVE-2017-0279
CVE-2017-0273
CVE-2017-0276
CVE-2017-0278
CVE-2017-0213
CVE-2017-0212
CVE-2017-0270
CVE-2017-0245
CVE-2017-0171
CVE-2017-0259
CVE-2017-0246
CVE-2017-0277
CVE-2017-0258
CVE-2017-0269
CVE-2017-0267
CVE-2017-0077
CVE-2017-0190
CVE-2017-0275
CVE-2017-0271
CVE-2017-0214
CVE-2017-0263
CVE-2017-0268
CVE-2017-0220

Impacts:

ACE

Related products:

Microsoft Windows Server 2012

CVE-IDS:

CVE-2017-02807.1High
CVE-2017-02796.8High
CVE-2017-02786.8High
CVE-2017-02776.8High
CVE-2017-02764.3Warning
CVE-2017-02754.3Warning
CVE-2017-02744.3Warning
CVE-2017-02734.3Warning
CVE-2017-02729.3Critical
CVE-2017-02714.3Warning
CVE-2017-02704.3Warning
CVE-2017-02694.3Warning
CVE-2017-02684.3Warning
CVE-2017-02674.3Warning
CVE-2017-02637.2High
CVE-2017-02591.9Warning
CVE-2017-02581.9Warning
CVE-2017-02466.9High
CVE-2017-02451.9Warning
CVE-2017-02201.9Warning
CVE-2017-02144.4Warning
CVE-2017-02131.9Warning
CVE-2017-02125.4High
CVE-2017-01902.1Warning
CVE-2017-01714.3Warning
CVE-2017-00777.2High

Microsoft official advisories:

KB list:

4038788
4016871
4019474
4019215
4019216
4019473
4019472
4019213
4019214

Exploitation:

The following public exploits exists for this vulnerability: