KLA11835Multiple vulnerabilities in Microsoft Products (ESU)

2017-04-11T00:00:00
ID KLA11835
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-07-22T00:00:00

Description

Detect date:

04/11/2017

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges.

Exploitation:

This vulnerability can be exploited by the following malware:

Affected products:

Microsoft Silverlight 5 when installed on Microsoft Windows (x64-based)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows Vista x64 Edition Service Pack 2
Internet Explorer 9
Windows 10 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2012
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Windows Vista Service Pack 2
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2016
Windows RT 8.1
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 Version 1703 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 Version 1511 for 32-bit Systems
Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit)
Microsoft Office 2016 (32-bit edition)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based)
Microsoft Office 2007 Service Pack 3
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Mono Framework Version 5.0.0.48
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Windows 10 Version 1607 for 32-bit Systems
Microsoft Office 2016 (64-bit edition)
Windows 10 Version 1607 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Mono Framework Version 4.8.1.0
Internet Explorer 10
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1703 for 32-bit Systems
Microsoft Silverlight 5 when installed on Microsoft Windows (32-bit)
Windows Server 2012 R2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-0201
CVE-2017-0183
CVE-2017-0058
CVE-2017-0155
CVE-2013-6629
CVE-2017-0163
CVE-2017-0180
CVE-2017-0182
CVE-2017-0158
CVE-2017-0184
CVE-2017-0192
CVE-2017-0168
CVE-2017-0166
CVE-2017-0167
CVE-2017-0191
CVE-2017-0156
CVE-2017-0199

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2017-01990.0Unknown
CVE-2017-02010.0Unknown
CVE-2017-00580.0Unknown
CVE-2017-01550.0Unknown
CVE-2017-01560.0Unknown
CVE-2017-01660.0Unknown
CVE-2017-01670.0Unknown
CVE-2017-01910.0Unknown
CVE-2017-01920.0Unknown
CVE-2017-01580.0Unknown
CVE-2017-01630.0Unknown
CVE-2017-01680.0Unknown
CVE-2017-01800.0Unknown
CVE-2017-01820.0Unknown
CVE-2017-01830.0Unknown
CVE-2017-01840.0Unknown
CVE-2013-66290.0Unknown

Microsoft official advisories:

KB list:

4015549
4014661
4022719
4015546
4014793
4022722
4022887
4015068
4015195
4015380
4020535
3217841
3211308
4014652
4014794
4015383