Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11900
HistoryJul 11, 2017 - 12:00 a.m.

KLA11900 Multiple vulnerabilities in Microsoft Products (ESU)

2017-07-1100:00:00
Kaspersky Lab
threats.kaspersky.com
30

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.939 High

EPSS

Percentile

99.1%

JSON

Detect date:

07/11/2017

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 for 32-bit Systems
Internet Explorer 9
Windows 10 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows Server 2012
Internet Explorer 11
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2016
Windows RT 8.1
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 Version 1703 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 Version 1511 for 32-bit Systems
Microsoft Edge (EdgeHTML-based)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 10
Windows 10 Version 1703 for 32-bit Systems
Windows Server 2012 R2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-8486
CVE-2017-8608
CVE-2017-8467
CVE-2017-8606
CVE-2017-8463
CVE-2017-8563
CVE-2017-8590
CVE-2017-8564
CVE-2017-8565
CVE-2017-8607
CVE-2017-8618
CVE-2017-8592
CVE-2017-8495
CVE-2017-8557
CVE-2017-8556
CVE-2017-8573
CVE-2017-8577
CVE-2017-8578
CVE-2017-0170
CVE-2017-8588
CVE-2017-8589
CVE-2017-8587
CVE-2017-8580
CVE-2017-8581
CVE-2017-8582

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2017-01706.5High
CVE-2017-84637.8Critical
CVE-2017-84677.0High
CVE-2017-84864.7Warning
CVE-2017-84957.5Critical
CVE-2017-85567.0High
CVE-2017-85575.5High
CVE-2017-85638.1Critical
CVE-2017-85645.5High
CVE-2017-85658.1Critical
CVE-2017-85737.0High
CVE-2017-85777.0High
CVE-2017-85787.8Critical
CVE-2017-85807.0High
CVE-2017-85817.0High
CVE-2017-85825.9High
CVE-2017-85876.5High
CVE-2017-85887.0High
CVE-2017-85899.8Critical
CVE-2017-85908.8Critical
CVE-2017-85926.5High
CVE-2017-86067.5Critical
CVE-2017-86077.5Critical
CVE-2017-86087.5Critical
CVE-2017-86187.5Critical

KB list:

4022746
4022748
4022914
4025337
4025341
4025397
4025398
4025409
4025497
4025674
4025872
4025877
4026059
4026061
4032955
4025240
4025252

Microsoft official advisories:

References

Related

openvas 23
nessus 9
mskb 25
kaspersky 1
prion 35
cve 33
talosblog 1
qualysblog 1
trendmicroblog 1
symantec 24
mscve 25
zdi 6
checkpoint_advisories 4
osv 3
myhack58 3
kitploit 1
seebug 2
thn 1
zdt 1
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4025337)
2017-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4025341)
2017-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4025336)
2017-07-12 00:00:00
nessus
nessus
Windows 2008 July 2017 Multiple Security Updates
2017-07-11 00:00:00
Windows 7 and Windows Server 2008 R2 July 2017 Security Updates
2017-07-11 00:00:00
Windows 8.1 and Windows Server 2012 R2 July 2017 Security Updates
2017-07-11 00:00:00
mskb
mskb
July 11, 2017—KB4025341 (Monthly Rollup)
2017-07-11 07:00:00
July 11, 2017—KB4025331 (Monthly Rollup)
2017-07-11 07:00:00
July 11, 2017—KB4025337 (Security-only update)
2017-09-12 07:00:00
kaspersky
kaspersky
KLA11067 Multiple vulnerabilities in Microsoft Windows
2017-07-11 00:00:00
prion
prion
Privilege escalation
2017-07-11 21:29:00
Privilege escalation
2017-07-11 21:29:00
Privilege escalation
2017-07-11 21:29:00
cve
cve
CVE-2017-8580
2017-07-11 21:29:00
CVE-2017-8581
2017-07-11 21:29:00
CVE-2017-8577
2017-07-11 21:29:00
talosblog
talosblog
Microsoft Patch Tuesday - July 2017
2017-07-11 12:59:00
qualysblog
qualysblog
July Patch Tuesday: 19 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches
2017-07-11 18:32:52
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 10, 2017
2017-07-14 12:00:02
symantec
symantec
Microsoft Windows Explorer CVE-2017-8463 Remote Code Execution Vulnerability
2017-07-11 00:00:00
Microsoft Windows Kerberos CVE-2017-8495 Security Bypass Vulnerability
2017-07-11 00:00:00
Microsoft Windows CVE-2017-8590 Local Privilege Escalation Vulnerability
2017-07-11 00:00:00
mscve
mscve
Http.sys Information Disclosure Vulnerability
2017-07-11 07:00:00
Win32k Elevation of Privilege Vulnerability
2017-07-11 07:00:00
Windows Common Log File System Driver Elevation of Privilege Vulnerability
2017-07-11 07:00:00
zdi
zdi
(Pwn2Own) Microsoft Windows Palette Object Use-After-Free Privilege Escalation Vulnerability
2017-07-31 00:00:00
(Pwn2Own) Microsoft Windows CLFS Driver Uninitialized Memory Privilege Escalation Vulnerability
2017-07-11 00:00:00
(Pwn2Own) Microsoft Windows PlgBlt Integer Overflow Privilege Escalation Vulnerability
2017-07-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Browser Security Feature Bypass (CVE-2017-8592)
2017-07-11 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2017-8578)
2017-07-11 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2017-8577)
2017-07-11 00:00:00
osv
osv
CVE-2017-8592
2017-07-11 21:29:01
CVE-2017-8607
2017-07-11 21:29:02
CVE-2017-8608
2017-07-11 21:29:02
myhack58
myhack58
. NET advanced code audit, the eleventh classes LosFormatter to deserialize vulnerability-vulnerability warning-the black bar safety net
2019-04-18 00:00:00
NTLM, LDAP&RDP Relay vulnerability analysis-vulnerability warning-the black bar safety net
2017-07-13 00:00:00
. NET advanced code audit of the first ten classes ObjectStateFormatter deserialize vulnerability-vulnerability warning-the black bar safety net
2019-04-17 00:00:00
kitploit
kitploit
ysoserial.net - Deserialization payload generator for a variety of .NET formatters
2017-11-26 13:14:00
seebug
seebug
Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-8564)
2017-07-27 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability(CVE-2017-8618)
2017-08-17 00:00:00
thn
thn
Critical Flaws Found in Windows NTLM Security Protocol – Patch Now
2017-07-11 20:23:00
zdt
zdt
Microsoft Windows Kernel - IOCTL 0x120007 (NsiGetParameter) nsiproxy/netio Pool Memory Disclosure
2017-07-19 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.939 High

EPSS

Percentile

99.1%

JSON
Related for KLA11900
openvas23nessus9mskb25kaspersky1prion35cve33talosblog1qualysblog1trendmicroblog1symantec24mscve25zdi6checkpoint_advisories4osv3myhack583kitploit1seebug2thn1zdt1