Kaspersky LabKLA11136KLA11136 Multiple vulnerabilities in Microsoft Windows
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.5%
Detect date:
11/14/2017
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, gain privileges.
Affected products:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 10 Version 1709 for x64-based Systems
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2017-11768
CVE-2017-11788
CVE-2017-11830
CVE-2017-11831
CVE-2017-11832
CVE-2017-11842
CVE-2017-11847
CVE-2017-11849
CVE-2017-11850
CVE-2017-11851
CVE-2017-11853
CVE-2017-11880
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2017-117681.9Warning
CVE-2017-117885.0Warning
CVE-2017-118304.6Warning
CVE-2017-118314.7Warning
CVE-2017-118321.9Warning
CVE-2017-118421.9Warning
CVE-2017-118479.3Critical
CVE-2017-118491.9Warning
CVE-2017-118501.9Warning
CVE-2017-118511.9Warning
CVE-2017-118534.3Warning
CVE-2017-118801.9Warning
Microsoft official advisories:
KB list:
4048955
4048952
4048953
4048954
4048956
4048958
4048959
4048961
4048962
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/4048952
support.microsoft.com/kb/4048953
support.microsoft.com/kb/4048954
support.microsoft.com/kb/4048955
support.microsoft.com/kb/4048956
support.microsoft.com/kb/4048958
support.microsoft.com/kb/4048959
support.microsoft.com/kb/4048961
support.microsoft.com/kb/4048962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11831
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11832
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11842
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11849
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11850
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11851
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11880
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11768
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11788
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11830
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11831
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11832
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11842
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11847
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11849
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11850
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11851
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11853
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11880
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.5%