Lucene search

Kaspersky LabKLA11842

HistoryJun 13, 2017 - 12:00 a.m.

KLA11842 Multiple vulnerabilities in Microsoft Products (ESU)

2017-06-1300:00:00

Kaspersky Lab

threats.kaspersky.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Detect date:

06/13/2017

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Microsoft Silverlight 5 when installed on Microsoft Windows (x64-based)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 for 32-bit Systems
Internet Explorer 9
Windows 10 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows Server 2012
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Skype for Business 2016 (64-bit)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Internet Explorer 11
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Windows Server 2016
Microsoft Lync 2010 Attendee (admin level install)
Windows RT 8.1
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 Version 1703 for x64-based Systems
Skype for Business 2016 (32-bit)
Microsoft Lync 2010 Attendee (user level install)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 Version 1511 for 32-bit Systems
Microsoft Lync 2010 (64-bit)
Microsoft Office Word Viewer
Microsoft Live Meeting 2007 Console
Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit)
Microsoft Edge (EdgeHTML-based)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based)
Microsoft Office 2007 Service Pack 3
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Windows 10 Version 1607 for 32-bit Systems
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Windows 10 Version 1607 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 10
Windows 10 Version 1703 for 32-bit Systems
Microsoft Silverlight 5 when installed on Microsoft Windows (32-bit)
Windows Server 2012 R2
Microsoft Live Meeting 2007 Add-in

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-8485
CVE-2017-8484
CVE-2017-8481
CVE-2017-8480
CVE-2017-8469
CVE-2017-8482
CVE-2017-8464
CVE-2017-8544
CVE-2017-8462
CVE-2017-0289
CVE-2017-0288
CVE-2017-8528
CVE-2017-8529
CVE-2017-0283
CVE-2017-0282
CVE-2017-0287
CVE-2017-0286
CVE-2017-0285
CVE-2017-0284
CVE-2017-8483
CVE-2017-8517
CVE-2017-0193
CVE-2017-8471
CVE-2017-0298
CVE-2017-8478
CVE-2017-8479
CVE-2017-8543
CVE-2017-8492
CVE-2017-8490
CVE-2017-8491
CVE-2017-8470
CVE-2017-8489
CVE-2017-8472
CVE-2017-8473
CVE-2017-8553
CVE-2017-8475
CVE-2017-8476
CVE-2017-8488
CVE-2017-0294
CVE-2017-0296
CVE-2017-0297
CVE-2017-8534
CVE-2017-8477
CVE-2017-8531
CVE-2017-0299
CVE-2017-8533
CVE-2017-8532
CVE-2017-8527
CVE-2017-8519
CVE-2017-0260
CVE-2017-0300

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2017-0284

Microsoft official advisories:

KB list:

4022719
4021558
4022722
4024402
4022008
4021903
4021923
4022013
4022010
4018106
4022887
4022884
4022883
3217845
4034679
4034664
4034741
4036586
4503292
4503269

References

support.microsoft.com/kb/3217845

support.microsoft.com/kb/4018106

support.microsoft.com/kb/4021558

support.microsoft.com/kb/4021903

support.microsoft.com/kb/4021923

support.microsoft.com/kb/4022008

support.microsoft.com/kb/4022010

support.microsoft.com/kb/4022013

support.microsoft.com/kb/4022719

support.microsoft.com/kb/4022722

support.microsoft.com/kb/4022883

support.microsoft.com/kb/4022884

support.microsoft.com/kb/4022887

support.microsoft.com/kb/4024402

support.microsoft.com/kb/4034664

support.microsoft.com/kb/4034679

support.microsoft.com/kb/4034741

support.microsoft.com/kb/4036586

support.microsoft.com/kb/4503269

support.microsoft.com/kb/4503292

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0193

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0260

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0282

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0283

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0284

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0285

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0286

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0287

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0288

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0289

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0294

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0296

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0297

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0298

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0299

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0300

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8462

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8464

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8469

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8470

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8471

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8472

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8473

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8475

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8476

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8477

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8478

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8479

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8480

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8481

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8482

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8483

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8484

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8485

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8488

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8489

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8490

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8491

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8492

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8517

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8519

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8527

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8528

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8529

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8531

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8532

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8533

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8534

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8544

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8553

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0193

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0260

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0282

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0283

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0284

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0285

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0286

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0287

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0288

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0289

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0294

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0296

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0297

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0298

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0299

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0300

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8462

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8464

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8469

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8470

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8471

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8472

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8473

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8475

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8476

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8477

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8478

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8479

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8480

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8481

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8482

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8483

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8484

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8485

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8488

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8489

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8490

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8491

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8492

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8517

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8519

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8527

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8528

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8529

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8531

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8532

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8533

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8534

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8543

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8544

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8553

portal.msrc.microsoft.com/en-us/security-guidance

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/class/Exploit/

threats.kaspersky.com/en/product/Microsoft-Edge/

threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/

threats.kaspersky.com/en/product/Microsoft-Lync-2010-Attendee/

threats.kaspersky.com/en/product/Microsoft-Lync/

threats.kaspersky.com/en/product/Microsoft-Office/

threats.kaspersky.com/en/product/Microsoft-Silverlight/

threats.kaspersky.com/en/product/Microsoft-Windows-10/

threats.kaspersky.com/en/product/Microsoft-Windows-7/

threats.kaspersky.com/en/product/Microsoft-Windows-8/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/

threats.kaspersky.com/en/product/Microsoft-Windows-Server/

threats.kaspersky.com/en/product/Microsoft-Windows/

threats.kaspersky.com/en/product/Microsoft-Word/

threats.kaspersky.com/en/product/Windows-RT/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for KLA11842