Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11904
HistoryDec 13, 2016 - 12:00 a.m.

KLA11904 Multiple vulnerabilities in Microsoft Products (ESU)

2016-12-1300:00:00
Kaspersky Lab
threats.kaspersky.com
25

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.9 High

EPSS

Percentile

98.7%

JSON

Detect date:

12/13/2016

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows Vista x64 Edition Service Pack 2
Microsoft Office 2016 for Mac
Internet Explorer 9
Windows 10 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows Server 2012
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Windows Vista Service Pack 2
Internet Explorer 11
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2016
Microsoft Office for Mac 2011
Windows RT 8.1
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 Version 1511 for 32-bit Systems
Microsoft Office Word Viewer
Microsoft Edge (EdgeHTML-based)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Office 2007 Service Pack 3
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Microsoft Windows Hyperlink Object Library
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 10
Windows Server 2012 R2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-7219
CVE-2016-7272
CVE-2016-7259
CVE-2016-7274
CVE-2016-7260
CVE-2016-7278
CVE-2016-7279
CVE-2016-7295
CVE-2016-7292
CVE-2016-7257
CVE-2016-7283
CVE-2016-7282

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2016-72728.8Critical
CVE-2016-72576.5High
CVE-2016-72797.5Critical
CVE-2016-72785.3High
CVE-2016-72838.8Critical
CVE-2016-72826.1High
CVE-2016-72927.8Critical
CVE-2016-72748.8Critical
CVE-2016-72955.5High
CVE-2016-72195.5High
CVE-2016-72597.8Critical
CVE-2016-72607.8Critical

KB list:

3203621
3207752
3205394
3196726
3203838
3196348
3204724
3204808
3205638
3204723

Microsoft official advisories:

References

Related

mskb 34
kaspersky 4
openvas 11
nessus 8
cvelist 12
checkpoint_advisories 12
prion 12
cve 12
symantec 12
mscve 12
srcincite 1
zdi 1
exploitpack 1
zdt 1
packetstorm 1
exploitdb 1
thn 1
threatpost 1
googleprojectzero 1
mskb
mskb
December 2016 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
2016-12-13 08:00:00
December 2016 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
2016-12-13 08:00:00
December 2016 Security Monthly Quality Rollup for Windows Server 2012
2016-12-13 08:00:00
kaspersky
kaspersky
KLA10924 Privilege escalation and information disclosure vulnerabilities in Microsoft Windows
2016-12-13 00:00:00
KLA10922 Multiple vulnerabilities in Microsoft Windows
2016-12-13 00:00:00
KLA10920 Multiple vulnerabilities in Microsoft Browser
2016-12-13 00:00:00
openvas
openvas
Microsoft Windows Kernel Mode Drivers Multiple Vulnerabilities (3205651)
2016-12-14 00:00:00
Microsoft Windows Information Disclosure And Elevation of Privilege Vulnerabilities (3205655)
2016-12-14 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (3204059)
2016-12-14 00:00:00
nessus
nessus
MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651)
2016-12-13 00:00:00
MS16-149: Security Update for Microsoft Windows (3205655)
2016-12-14 00:00:00
MS16-144: Cumulative Security Update for Internet Explorer (3204059)
2016-12-13 00:00:00
cvelist
cvelist
CVE-2016-7257
2016-12-20 05:54:00
CVE-2016-7278
2016-12-20 05:54:00
CVE-2016-7279
2016-12-20 05:54:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Information Disclosure (MS16-144: CVE-2016-7278)
2016-12-13 00:00:00
Microsoft Windows Win32k Elevation of Privilege (MS16-151: CVE-2016-7259)
2016-12-13 00:00:00
Microsoft Windows GDI Information Disclosure (MS16-146: CVE-2016-7257)
2016-12-13 00:00:00
prion
prion
Information disclosure
2016-12-20 06:59:00
Privilege escalation
2016-12-20 06:59:00
Information disclosure
2016-12-20 06:59:00
cve
cve
CVE-2016-7259
2016-12-20 06:59:00
CVE-2016-7279
2016-12-20 06:59:00
CVE-2016-7272
2016-12-20 06:59:00
symantec
symantec
Microsoft Internet Explorer CVE-2016-7278 Information Disclosure Vulnerability
2016-12-13 00:00:00
Microsoft Windows Graphics Component CVE-2016-7257 Information Disclosure Vulnerability
2016-12-13 00:00:00
Microsoft Windows Graphics Component CVE-2016-7259 Local Privilege Escalation Vulnerability
2016-12-13 00:00:00
mscve
mscve
Microsoft Browser Information Disclosure Vulnerability
2016-12-13 08:00:00
Microsft Browser Information Disclosure Vulnerability
2016-12-13 08:00:00
Win32k Elevation of Privilege Vulnerability
2016-12-13 08:00:00
srcincite
srcincite
SRC-2016-0045 : Microsoft Internet Explorer HyperlinkString Out-Of-Bounds Read Information Disclosure Vulnerability
2016-09-21 00:00:00
zdi
zdi
Microsoft Windows Icon File Integer Overflow Remote Code Execution Vulnerability
2016-12-15 00:00:00
exploitpack
exploitpack
Microsoft Windows - LoadUvsTable() Heap Buffer Overflow
2017-03-15 00:00:00
zdt
zdt
Microsoft Windows - LoadUvsTable() Heap-based Buffer Overflow Vulnerability
2017-03-16 00:00:00
packetstorm
packetstorm
Microsoft Windows LoadUvsTable() Buffer Overflow
2017-03-15 00:00:00
exploitdb
exploitdb
Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow
2017-03-15 00:00:00
thn
thn
Microsoft releases 12 Security Updates; Including 6 Critical Patches
2016-12-14 01:07:00
threatpost
threatpost
Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities
2016-12-13 15:27:58
googleprojectzero
googleprojectzero
Notes on Windows Uniscribe Fuzzing
2017-04-10 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.9 High

EPSS

Percentile

98.7%

JSON
Related for KLA11904
mskb34kaspersky4openvas11nessus8cvelist12checkpoint_advisories12prion12cve12symantec12mscve12srcincite1zdi1exploitpack1zdt1packetstorm1exploitdb1thn1threatpost1googleprojectzero1