KLA10975 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
2. A remote code execution vulnerability in Hyper-V vSMB can be exploited remotely via specially crafted application to execute arbitrary code.
3. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
4. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.

Original advisories

CVE-2017-0051

CVE-2017-0021

CVE-2017-0095

CVE-2017-0096

CVE-2017-0097

CVE-2017-0098

CVE-2017-0099

CVE-2017-0109

CVE-2017-0074

CVE-2017-0075

CVE-2017-0076

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Microsoft-Windows-10

CVE list

CVE-2017-0051 warning

CVE-2017-0021 critical

CVE-2017-0095 critical

CVE-2017-0096 warning

CVE-2017-0097 warning

CVE-2017-0098 warning

CVE-2017-0099 warning

CVE-2017-0109 high

CVE-2017-0074 warning

CVE-2017-0075 high

CVE-2017-0076 warning

KB list

4012217

4012216

4012606

4013198

4013429

3211306

4012214

4012213

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• Windows Server 2016Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1511 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2012Windows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Vista x64 Edition Service Pack 2Windows 10 Version 1607 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 8.1 for x64-based systemsWindows Server 2016 (Server Core installation)