KLA10856 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

1. An improper embedded fonts handling can be exploited remotely via a specially designed content to execute arbitrary code;
2. An improper memory objects handling can be exploited by logged in attacker via a specially designed application to gain privileges;
3. An improper boot manager load can be exploited by administer-rights attacker or locally via a specially designed boot manager to bypass security restrictions;
4. An improper secure communication channel handling at Netlogon can be exploited from adjacent network via a specially designed application to gain privileges;
5. An improper password change handling at Kerberos can be exploited from adjacent network via man-in-the-middle attack to gain privileges;
6. An improper memory objects handling at Windows PDF library can be exploited remotely via a specially designed content to execute arbitrary code;
7. An improper secure connection handling at Universal Outlook can be exploited remotely to obtain sensitive information;

Technical details

To mitigate vulnerability №3 configure BitLocker to use Trusted Platform Module (TPM)+PIN protection or disable Secure Boot integrity protection of BitLocker

To mitigate vulnerability №6 remove Microsoft Edge from the PDF reader default file type association (for Windows 10 only)

Original advisories

CVE-2016-3319

CVE-2016-3320

CVE-2016-3312

CVE-2016-3311

CVE-2016-3310

CVE-2016-3309

CVE-2016-3308

CVE-2016-3304

CVE-2016-3303

CVE-2016-3301

CVE-2016-3300

CVE-2016-3237

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2016-3319 critical

CVE-2016-3320 warning

CVE-2016-3312 warning

CVE-2016-3311 high

CVE-2016-3310 high

CVE-2016-3309 high

CVE-2016-3308 high

CVE-2016-3304 critical

CVE-2016-3303 critical

CVE-2016-3301 critical

CVE-2016-3300 high

CVE-2016-3237 high

KB list

3175887

3176495

3176492

3176493

3177725

3178034

3172729

3177108

3192441

3194798

3192440

3185331

3185332

3192393

3192392

3167679

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Microsoft Windows Vista Service Pack 2Microsoft Windows Server 2008 Service Pack 2Microsoft Windows 7 Service Pack 1Microsof windows Server 2008 R2 Service Pack 1Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows RT 8.1Microsoft Windows 10