Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11914
HistoryMay 10, 2016 - 12:00 a.m.

KLA11914 Multiple vulnerability in Microsoft Products (ESU)

2016-05-1000:00:00
Kaspersky Lab
threats.kaspersky.com
48

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Detect date:

05/10/2016

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2012 R2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Edge (EdgeHTML-based)
Windows Server 2008 for x64-based Systems (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows RT 8.1
Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 10
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows 10 Version 1511 for 32-bit Systems
Windows Vista Service Pack 2
Internet Explorer 11
Windows 10 Version 1511 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 for 32-bit Systems
Internet Explorer 9
Windows Server 2008 for 32-bit Systems (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 for x64-based Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-0170
CVE-2016-0185
CVE-2016-0195
CVE-2016-0178
CVE-2016-0152
CVE-2016-0168
CVE-2016-0176
CVE-2016-0174
CVE-2016-0175
CVE-2016-0180
CVE-2016-0173
CVE-2016-0189
CVE-2016-0171
CVE-2016-0187
CVE-2016-0192
CVE-2016-0184
CVE-2016-0169
CVE-2016-0182
CVE-2016-0196
CVE-2016-0197

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2016-01857.8Critical
CVE-2016-01897.5Critical
CVE-2016-01877.5Critical
CVE-2016-01927.5Critical
CVE-2016-01977.8Critical
CVE-2016-01967.8Critical
CVE-2016-01958.8Critical
CVE-2016-01527.8Critical
CVE-2016-01686.5High
CVE-2016-01767.8Critical
CVE-2016-01747.8Critical
CVE-2016-01753.3Warning
CVE-2016-01807.8Critical
CVE-2016-01737.8Critical
CVE-2016-01708.8Critical
CVE-2016-01717.8Critical
CVE-2016-01848.8Critical
CVE-2016-01696.5High
CVE-2016-01827.8Critical
CVE-2016-01788.8Critical

KB list:

3156016
3156013
3141083
3156019
3155178
3153171
3156017
3153199
3155413
3158991
3150220
3154070

Microsoft official advisories:

References

Related

kaspersky 3
mskb 23
openvas 10
nessus 10
prion 20
cve 20
mscve 20
attackerkb 3
threatpost 10
checkpoint_advisories 14
symantec 20
packetstorm 1
myhack58 3
cisa_kev 2
metasploit 1
exploitpack 2
zdt 6
seebug 2
fireeye 9
zdi 7
exploitdb 3
malwarebytes 7
mmpc 1
thn 1
securelist 1
kaspersky
kaspersky
KLA10801 Multiple vulnerabilities in Microsoft Windows
2016-05-10 00:00:00
KLA10805 Multiple vulnerabilities in the JScript and VBScript
2016-05-10 00:00:00
KLA10806 Multiple vulnerabilities in Microsoft Internet Explorer and Edge
2016-05-10 00:00:00
mskb
mskb
MS16-062: Security update for kernel mode drivers: May 10, 2016
2016-05-10 00:00:00
Cumulative Update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: May 10, 2016
2016-05-10 07:00:00
Cumulative Update for Windows 10: May 10, 2016
2016-05-10 07:00:00
openvas
openvas
Microsoft Kernel-Mode Drivers Privilege Elevation Vulnerabilities (3158222)
2016-05-11 00:00:00
Microsoft Graphics Component Multiple Vulnerabilities (3156754)
2016-05-11 00:00:00
Microsoft Windows JScript and VBScript Remote Code Execution Vulnerabilities (3156764)
2016-05-11 00:00:00
nessus
nessus
MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222)
2016-05-10 00:00:00
MS16-055: Security Update for Microsoft Graphics Component (3156754)
2016-05-10 00:00:00
MS16-053: Cumulative Security Update for JScript and VBScript (3156764)
2016-05-10 00:00:00
prion
prion
Privilege escalation
2016-05-11 01:59:00
Privilege escalation
2016-05-11 01:59:00
Privilege escalation
2016-05-11 01:59:00
cve
cve
CVE-2016-0173
2016-05-11 01:59:00
CVE-2016-0171
2016-05-11 01:59:00
CVE-2016-0174
2016-05-11 01:59:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2016-05-10 07:00:00
Scripting Engine Memory Corruption Vulnerability
2016-05-10 07:00:00
Direct3D Use After Free RCE Vulnerability
2016-05-10 07:00:00
attackerkb
attackerkb
CVE-2016-0189
2016-05-11 00:00:00
CVE-2016-0187
2016-05-11 00:00:00
CVE-2016-0185
2016-05-11 00:00:00
threatpost
threatpost
May 2016 Microsoft Patch Tuesday Security Bulletins
2016-05-10 15:03:31
New Magniber Ransomware Targets South Korea, Asia Pacific
2017-10-21 10:00:04
Neutrino EK Spotted Leveraging Patched IE Zero Day
2016-07-15 16:16:39
checkpoint_advisories
checkpoint_advisories
Microsoft Graphics Component Remote Code Execution (MS16-055: CVE-2016-0184)
2016-05-10 00:00:00
Microsoft Internet Explorer Scripting Engine Memory Corruption (MS16-051: CVE-2016-0187)
2016-05-10 00:00:00
Microsoft Windows Graphics Component Information Disclosure (MS16-055: CVE-2016-0168)
2016-05-10 00:00:00
symantec
symantec
Microsoft Windows Kernel CVE-2016-0180 Local Privilege Escalation Vulnerability
2016-05-10 00:00:00
Microsoft Internet Explorer CVE-2016-0187 Scripting Engine Remote Memory Corruption Vulnerability
2016-05-10 00:00:00
Microsoft Windows CVE-2016-0152 DLL Loading Remote Code Execution Vulnerability
2016-05-10 00:00:00
packetstorm
packetstorm
Internet Explorer 11 VBScript Engine Memory Corruption
2016-08-06 00:00:00
myhack58
myhack58
Nebula exploit package CVE-2016-0189 exploit analysis-exploit warning-the black bar safety net
2017-04-17 00:00:00
Security researchers found that attack kits favorite Flash Player security vulnerabilities-vulnerability warning-the black bar safety net
2016-12-09 00:00:00
For a suspected CVE-2016-0189 the original attack sample debugging-vulnerability warning-the black bar safety net
2019-06-13 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Memory Corruption Vulnerability
2022-03-28 00:00:00
Microsoft Windows Media Center Remote Code Execution Vulnerability
2021-11-03 00:00:00
metasploit
metasploit
Internet Explorer 11 VBScript Engine Memory Corruption
2016-08-01 18:26:35
exploitpack
exploitpack
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)
2016-06-22 00:00:00
Microsoft Windows Media Center - .MCL File Processing Remote Code Execution (MS16-059)
2016-05-12 00:00:00
zdt
zdt
Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)
2016-06-15 00:00:00
Microsoft Windows - gdi32.dll Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAP
2016-05-17 00:00:00
Microsoft Windows - gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055
2016-05-17 00:00:00
seebug
seebug
Internet Explorer 11 VBScript engine memory corruption vulnerability
2016-08-08 00:00:00
The Microsoft DirectX graphics kernel subsystem elevation of privilege vulnerability MS16-062)
2016-11-19 00:00:00
fireeye
fireeye
Magniber Ransomware Wants to Infect Only the Right People
2017-10-19 16:06:00
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
2018-06-28 16:00:00
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
2018-06-28 12:00:00
zdi
zdi
Microsoft Internet Explorer AcquireLineBoxBuilderForLayout Null Array Base Remote Code Execution Vulnerability
2016-05-10 00:00:00
(Pwn2Own) Microsoft Windows dxgkrnl Kernel Driver Buffer Overflow Privilege Escalation Vulnerability
2016-05-10 00:00:00
(Pwn2Own) Microsoft Windows win32kfull.sys Surface Object Use-After-Free Privilege Escalation Vulnerability
2016-05-10 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)
2016-06-22 00:00:00
Microsoft Windows Media Center - '.MCL' File Processing Remote Code Execution (MS16-059)
2016-05-12 00:00:00
Abusing Token Privileges For LPE
2017-08-28 00:00:00
malwarebytes
malwarebytes
Exploit kits: Winter 2018 review
2018-03-29 15:00:00
Magnitude exploit kit switches to GandCrab ransomware
2018-04-17 16:58:26
‘Hidden Bee’ miner delivered via improved drive-by download toolkit
2018-07-26 21:00:22
mmpc
mmpc
Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series
2017-01-23 22:37:34
thn
thn
Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network
2022-11-09 11:01:00
securelist
securelist
The King is dead. Long live the King!
2018-05-09 06:00:56

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for KLA11914
kaspersky3mskb23openvas10nessus10prion20cve20mscve20attackerkb3threatpost10checkpoint_advisories14symantec20packetstorm1myhack583cisa_kev2metasploit1exploitpack2zdt6seebug2fireeye9zdi7exploitdb3malwarebytes7mmpc1thn1securelist1