Lucene search

K
kasperskyKaspersky LabKLA11902
HistoryMar 14, 2017 - 12:00 a.m.

KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)

2017-03-1400:00:00
Kaspersky Lab
threats.kaspersky.com
77

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

Low

EPSS

0.974

Percentile

99.9%

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely via specially crafted website to execute arbitrary code.
  2. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
  3. A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to execute arbitrary code.
  4. An elevation of privilege vulnerability in Windows COM Session can be exploited remotely via specially crafted application to gain privileges.
  5. An elevation of privilege vulnerability in Windows Transaction Manager can be exploited remotely via specially crafted application to gain privileges.
  6. An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
  7. A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code.
  8. A memory corruption vulnerability in iSNS Server can be exploited remotely via specially crafted application to execute arbitrary code.
  9. An information disclosure vulnerability in Microsoft XML Core Services can be exploited remotely to obtain sensitive information.
  10. An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.
  11. An information disclosure vulnerability in Windows Uniscribe can be exploited remotely via specially crafted document to obtain sensitive information.
  12. An information disclosure vulnerability in Windows SMB can be exploited remotely via specially crafted packet to obtain sensitive information.
  13. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
  14. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  15. An information disclosure vulnerability in The Color Management Module (ICM32.dll) can be exploited remotely via specially crafted webpage to obtain sensitive information.
  16. An information disclosure vulnerability in Windows Active Directory Federation Services can be exploited remotely via specially crafted request to obtain sensitive information.
  17. An information disclosure vulnerability in Windows DirectShow can be exploited remotely via specially crafted content to obtain sensitive information.
  18. A information disclosure vulnerability in Windows DVD Maker can be exploited remotely via specially crafted to obtain sensitive information.
  19. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
  20. A denial of service vulnerability in Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
  21. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  22. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
  23. A remote code execution vulnerability in Windows DLL Loading can be exploited remotely to execute arbitrary code.
  24. An elevation of privilege vulnerability in Windows Registry can be exploited remotely via specially crafted application to gain privileges.
  25. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  26. An elevation of privilege vulnerability in Microsoft IIS Server XSS can be exploited remotely via specially crafted request to gain privileges.
  27. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
  28. A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to obtain sensitive information.

Original advisories

CVE-2017-0108

CVE-2017-0109

CVE-2017-0072

CVE-2017-0100

CVE-2017-0101

CVE-2017-0102

CVE-2017-0143

CVE-2017-0104

CVE-2017-0022

CVE-2017-0001

CVE-2017-0145

CVE-2017-0120

CVE-2017-0147

CVE-2017-0005

CVE-2017-0127

CVE-2017-0124

CVE-2017-0125

CVE-2017-0009

CVE-2017-0008

CVE-2017-0047

CVE-2017-0060

CVE-2017-0148

CVE-2017-0061

CVE-2017-0043

CVE-2017-0042

CVE-2017-0045

CVE-2017-0119

CVE-2017-0062

CVE-2017-0149

CVE-2017-0099

CVE-2017-0144

CVE-2017-0040

CVE-2017-0090

CVE-2017-0091

CVE-2017-0096

CVE-2017-0097

CVE-2017-0038

CVE-2017-0039

CVE-2017-0103

CVE-2017-0063

CVE-2017-0118

CVE-2017-0117

CVE-2017-0116

CVE-2017-0115

CVE-2017-0114

CVE-2017-0113

CVE-2017-0112

CVE-2017-0111

CVE-2017-0092

CVE-2017-0076

CVE-2017-0014

CVE-2017-0059

CVE-2017-0056

CVE-2017-0055

CVE-2017-0050

CVE-2017-0123

CVE-2017-0122

CVE-2017-0073

CVE-2017-0075

CVE-2017-0025

CVE-2017-0146

CVE-2017-0128

CVE-2017-0089

CVE-2017-0088

CVE-2017-0121

CVE-2017-0130

CVE-2017-0126

CVE-2017-0083

CVE-2017-0085

CVE-2017-0084

CVE-2017-0087

CVE-2017-0086

Exploitation

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/

https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/

Public exploits exist for this vulnerability.

Related products

Microsoft-Internet-Explorer

Microsoft-Silverlight

Microsoft-Lync

Microsoft-Office

Microsoft-Lync-2010-Attendee

Microsoft-Word

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-XML-Core-Services

Microsoft-Windows-10

Microsoft-Edge

CVE list

CVE-2017-0042 warning

CVE-2017-0096 warning

CVE-2017-0097 high

CVE-2017-0099 high

CVE-2017-0109 critical

CVE-2017-0075 critical

CVE-2017-0076 high

CVE-2017-0055 high

CVE-2017-0102 critical

CVE-2017-0103 high

CVE-2017-0101 critical

CVE-2017-0050 critical

CVE-2017-0056 critical

CVE-2017-0043 high

CVE-2017-0045 high

CVE-2017-0022 high

CVE-2017-0143 critical

CVE-2017-0144 critical

CVE-2017-0145 critical

CVE-2017-0146 critical

CVE-2017-0147 critical

CVE-2017-0148 critical

CVE-2017-0014 critical

CVE-2017-0060 high

CVE-2017-0061 high

CVE-2017-0062 warning

CVE-2017-0063 high

CVE-2017-0025 critical

CVE-2017-0073 warning

CVE-2017-0108 critical

CVE-2017-0038 high

CVE-2017-0001 critical

CVE-2017-0005 critical

CVE-2017-0047 critical

CVE-2017-0072 critical

CVE-2017-0083 critical

CVE-2017-0084 critical

CVE-2017-0085 warning

CVE-2017-0086 critical

CVE-2017-0087 critical

CVE-2017-0088 critical

CVE-2017-0089 critical

CVE-2017-0090 critical

CVE-2017-0091 warning

CVE-2017-0092 warning

CVE-2017-0111 warning

CVE-2017-0112 warning

CVE-2017-0113 warning

CVE-2017-0114 warning

CVE-2017-0115 warning

CVE-2017-0116 warning

CVE-2017-0117 warning

CVE-2017-0118 warning

CVE-2017-0119 warning

CVE-2017-0120 warning

CVE-2017-0121 warning

CVE-2017-0122 warning

CVE-2017-0123 warning

CVE-2017-0124 warning

CVE-2017-0125 warning

CVE-2017-0126 warning

CVE-2017-0127 warning

CVE-2017-0128 warning

CVE-2017-0009 warning

CVE-2017-0059 warning

CVE-2017-0130 critical

CVE-2017-0149 critical

CVE-2017-0008 warning

CVE-2017-0040 critical

CVE-2017-0100 critical

CVE-2017-0104 critical

CVE-2017-0039 critical

KB list

4012204

4012215

3211306

4012212

4012598

4012583

3217587

4012021

4012373

4012497

4017018

4012584

3218362

4011981

3217882

3214051

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Microsoft Silverlight 5 when installed on Microsoft Windows (x64-based)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 for 32-bit SystemsWindows Vista x64 Edition Service Pack 2Internet Explorer 9Windows 10 for x64-based SystemsWindows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2012Windows Server 2008 for 32-bit Systems Service Pack 2Microsoft Office 2010 Service Pack 2 (32-bit editions)Skype for Business 2016 (64-bit)Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows Vista Service Pack 2Microsoft XML Core Services 3.0Microsoft Lync 2013 Service Pack 1 (64-bit)Microsoft Office 2010 Service Pack 2 (64-bit editions)Internet Explorer 11Windows Server 2008 for x64-based Systems Service Pack 2Microsoft Lync Basic 2013 Service Pack 1 (64-bit)Windows Server 2016Microsoft Lync 2010 Attendee (admin level install)Skype for Business 2016 Basic (32-bit)Microsoft Live Meeting 2007 Add-inWindows Server 2008 for Itanium-Based Systems Service Pack 2Windows RT 8.1Skype for Business 2016 (32-bit)Microsoft Lync 2010 Attendee (user level install)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1511 for 32-bit SystemsMicrosoft Lync 2010 (64-bit)Microsoft Office Word ViewerMicrosoft Live Meeting 2007 ConsoleMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit)Microsoft Edge (EdgeHTML-based)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based)Microsoft Office 2007 Service Pack 3Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1511 for x64-based SystemsSkype for Business 2016 Basic (64-bit)Microsoft Lync Basic 2013 Service Pack 1 (32-bit)Windows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Internet Explorer 10Microsoft Lync 2010 (32-bit)Microsoft Silverlight 5 when installed on Microsoft Windows (32-bit)Windows Server 2012 R2Microsoft Lync 2013 Service Pack 1 (32-bit)

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

Low

EPSS

0.974

Percentile

99.9%