Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11099
HistorySep 12, 2017 - 12:00 a.m.

KLA11099 Multiple vulnerabilities in Microsoft Windows

2017-09-1200:00:00
Kaspersky Lab
threats.kaspersky.com
172

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.592 Medium

EPSS

Percentile

97.7%

JSON

Detect date:

09/12/2017

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service.

Affected products:

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2016
Windows RT 8.1
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 Version 1703 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 Version 1511 for 32-bit Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1703 for 32-bit Systems
Windows Server 2012 R2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-8728
CVE-2017-8737
CVE-2017-8675
CVE-2017-8676
CVE-2017-8713
CVE-2017-8714
CVE-2017-8716
CVE-2017-8719
CVE-2017-8720
CVE-2017-0161
CVE-2017-8628
CVE-2017-8677
CVE-2017-8678
CVE-2017-8679
CVE-2017-8680
CVE-2017-8681
CVE-2017-8682
CVE-2017-8683
CVE-2017-8684
CVE-2017-8686
CVE-2017-8687
CVE-2017-8688
CVE-2017-8692
CVE-2017-8695
CVE-2017-8699
CVE-2017-8702
CVE-2017-8704
CVE-2017-8706
CVE-2017-8707
CVE-2017-8708
CVE-2017-8709
CVE-2017-8711
CVE-2017-8712
CVE-2017-8746
CVE-2017-9417

Impacts:

ACE

Related products:

Microsoft Word

CVE-IDS:

CVE-2017-87287.6Critical
CVE-2017-87377.6Critical
CVE-2017-86756.9High
CVE-2017-86762.1Warning
CVE-2017-87131.9Warning
CVE-2017-87146.9High
CVE-2017-87164.6Warning
CVE-2017-87191.9Warning
CVE-2017-87207.2High
CVE-2017-01616.8High
CVE-2017-86284.3Warning
CVE-2017-86772.1Warning
CVE-2017-86782.1Warning
CVE-2017-86792.1Warning
CVE-2017-86802.1Warning
CVE-2017-86812.1Warning
CVE-2017-86829.3Critical
CVE-2017-86832.1Warning
CVE-2017-86842.1Warning
CVE-2017-86867.5Critical
CVE-2017-86872.1Warning
CVE-2017-86882.1Warning
CVE-2017-86929.3Critical
CVE-2017-86952.6Warning
CVE-2017-86997.6Critical
CVE-2017-87024.4Warning
CVE-2017-87044.9Warning
CVE-2017-87061.9Warning
CVE-2017-87071.9Warning
CVE-2017-87081.9Warning
CVE-2017-87091.9Warning
CVE-2017-87111.9Warning
CVE-2017-87121.9Warning
CVE-2017-87464.6Warning
CVE-2017-94177.5Critical

Microsoft official advisories:

KB list:

4038788
4038782
4038786
4038783
4038792
4038799
4038793
4038781
4025333

Exploitation:

Public exploits exist for this vulnerability.

References

Related

mskb 24
openvas 18
nessus 11
kaspersky 1
prion 32
cve 32
talosblog 1
qualysblog 1
trendmicroblog 1
googleprojectzero 1
threatpost 1
thn 1
apple 2
debiancve 1
checkpoint_advisories 3
zdt 8
zdi 4
mscve 28
huawei 1
chrome 1
symantec 25
android 1
amazon 1
mskb
mskb
September 12, 2017—KB4038786 (Security-only update)
2017-09-12 07:00:00
September 12, 2017—KB4038793 (Security-only update)
2017-10-10 07:00:00
September 12, 2017—KB4038799 (Monthly Rollup)
2017-09-12 07:00:00
openvas
openvas
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4038799)
2017-09-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4038792)
2017-09-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4039384)
2017-09-13 00:00:00
nessus
nessus
Windows Server 2012 September 2017 Security Updates
2017-09-12 00:00:00
Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates
2017-09-12 00:00:00
Windows 2008 September 2017 Multiple Security Updates
2017-09-12 00:00:00
kaspersky
kaspersky
KLA11899 Multiple vulnerabilities in Microsoft Products (ESU)
2017-09-12 00:00:00
prion
prion
Information disclosure
2017-09-13 01:29:00
Information disclosure
2017-09-13 01:29:00
Information disclosure
2017-09-13 01:29:00
cve
cve
CVE-2017-8706
2017-09-13 01:29:00
CVE-2017-8678
2017-09-13 01:29:00
CVE-2017-8712
2017-09-13 01:29:00
talosblog
talosblog
Microsoft Patch Tuesday - September 2017
2017-09-12 15:41:00
qualysblog
qualysblog
September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches
2017-09-12 18:23:49
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017
2017-09-15 14:59:53
googleprojectzero
googleprojectzero
Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs
2017-10-05 00:00:00
threatpost
threatpost
Microsoft Patches .NET Zero Day Vulnerability in September Update
2017-09-12 15:59:40
thn
thn
Immediately Patch Windows 0-Day Flaw That's Being Used to Spread Spyware
2017-09-13 00:09:00
apple
apple
About the security content of Wi-Fi Update for Boot Camp 6.1
2017-07-19 00:00:00
About the security content of Wi-Fi Update for Boot Camp 6.1 - Apple Support
2017-07-21 10:20:15
debiancve
debiancve
CVE-2017-9417
2017-06-04 21:29:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows PDF Library Remote Code Execution (CVE-2017-8728)
2017-09-12 00:00:00
Microsoft Win32k Graphics Remote Code Execution (CVE-2017-8682)
2017-09-12 00:00:00
Microsoft Windows PDF Library Remote Code Execution (CVE-2017-8737)
2017-09-12 00:00:00
zdt
zdt
Broadcom BCM43xx Wi-Fi - BroadPWN Denial of Service Exploit
2018-03-09 00:00:00
Microsoft Windows Kernel - nt!NtSetIoCompletion / nt!NtRemoveIoCompletion Pool Memory Disclosure
2017-09-18 00:00:00
Microsoft Windows Kernel - win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malforme
2017-09-18 00:00:00
zdi
zdi
Microsoft Windows Uniscribe Bidirectional Text Out-Of-Bounds Read Information Disclosure Vulnerability
2017-09-12 00:00:00
Microsoft Windows PDF Library JPEG2000 Heap-based Buffer Overflow Remote Code Execution Vulnerability
2017-09-15 00:00:00
Microsoft Windows Bitmap Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2017-09-12 00:00:00
mscve
mscve
Broadcom BCM43xx Remote Code Execution Vulnerability
2017-09-12 07:00:00
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
2017-09-12 07:00:00
Windows PDF Remote Code Execution Vulnerability
2017-09-12 07:00:00
huawei
huawei
Security Advisory - BroadPwn Remote Code Execute Vulnerability
2017-07-27 00:00:00
chrome
chrome
Stable Channel Update for Chrome OS
2017-08-02 00:00:00
symantec
symantec
Microsoft Windows Device Guard CVE-2017-8746 Local Security Bypass Vulnerability
2017-09-12 00:00:00
Microsoft Windows Hyper-V CVE-2017-8706 Information Disclosure Vulnerability
2017-09-12 00:00:00
Microsoft Windows Uniscribe CVE-2017-8692 Remote Code Execution Vulnerability
2017-09-12 00:00:00
android
android
CVE-2017-9417
2017-07-01 00:00:00
amazon
amazon
Medium: R
2017-04-20 06:04:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.592 Medium

EPSS

Percentile

97.7%

JSON
Related for KLA11099
mskb24openvas18nessus11kaspersky1prion32cve32talosblog1qualysblog1trendmicroblog1googleprojectzero1threatpost1thn1apple2debiancve1checkpoint_advisories3zdt8zdi4mscve28huawei1chrome1symantec25android1amazon1