Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10985
HistoryMar 14, 2017 - 12:00 a.m.

KLA10985 Privilege escalation vulnerabilities in Windows kernel-mode drivers

2017-03-1400:00:00
Kaspersky Lab
threats.kaspersky.com
29

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Multiple cases of improper handling of objects in memory have been found in the Windows kernel-mode (Win32k) driver. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a specially designed application by an attacker who has already logged on to the system.

Original advisories

MS17-018

CVE-2017-0056

CVE-2017-0024

CVE-2017-0026

CVE-2017-0078

CVE-2017-0079

CVE-2017-0080

CVE-2017-0081

CVE-2017-0082

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2017-0056 high

CVE-2017-0024 high

CVE-2017-0026 high

CVE-2017-0078 high

CVE-2017-0079 high

CVE-2017-0080 high

CVE-2017-0081 high

CVE-2017-0082 high

KB list

4012217

4012215

4012216

4012606

4013198

4013429

4012212

4012214

4012213

4012497

4013083

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Vista Service Pack 2Windows 7 Service Pack 1Windows 8.1Windows RTWindows 10Windows Server 2008Windows Server 2008 R2Windows Server 2012Windows Server 2012 R2

References

Related

prion 8
cvelist 8
nvd 8
cve 8
nessus 1
mskb 11
openvas 1
checkpoint_advisories 7
symantec 7
mscve 8
kaspersky 2
prion
prion
Privilege escalation
2017-03-17 00:59:00
Privilege escalation
2017-03-17 00:59:00
Privilege escalation
2017-03-17 00:59:00
cvelist
cvelist
CVE-2017-0080
2017-03-17 00:00:00
CVE-2017-0082
2017-03-17 00:00:00
CVE-2017-0078
2017-03-17 00:00:00
nvd
nvd
CVE-2017-0026
2017-03-17 00:59:00
CVE-2017-0079
2017-03-17 00:59:02
CVE-2017-0081
2017-03-17 00:59:02
cve
cve
CVE-2017-0080
2017-03-17 00:59:02
CVE-2017-0078
2017-03-17 00:59:02
CVE-2017-0082
2017-03-17 00:59:02
nessus
nessus
MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083)
2017-03-15 00:00:00
mskb
mskb
MS17-018: Security update for Windows Kernel-Mode Drivers: March 14, 2017
2017-03-14 00:00:00
MS17-018 and MS17-013: Description of the security update for Windows Kernel-Mode Drivers and for Microsoft Graphics Component: March 14, 2017
2017-03-14 07:00:00
March 14, 2017—KB4013198 (OS Build 10586.839)
2017-03-14 07:00:00
openvas
openvas
Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (4013083)
2017-03-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0079; CVE-2017-0078)
2017-03-14 00:00:00
Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0026)
2017-03-14 00:00:00
Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0081)
2017-03-14 00:00:00
symantec
symantec
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0026 Local Privilege Escalation Vulnerability
2017-03-14 00:00:00
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0080 Local Privilege Escalation Vulnerability
2017-03-14 00:00:00
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0024 Local Privilege Escalation Vulnerability
2017-03-14 00:00:00
mscve
mscve
Win32k Elevation of Privilege Vulnerability
2017-03-14 07:00:00
Win32k Elevation of Privilege Vulnerability
2017-03-14 07:00:00
Win32k Elevation of Privilege Vulnerability
2017-03-14 07:00:00
kaspersky
kaspersky
KLA10979 Multiple vulnerabilities in Microsoft Windows
2017-03-14 00:00:00
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
2017-03-14 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for KLA10985
prion8cvelist8nvd8cve8nessus1mskb11openvas1checkpoint_advisories7symantec7mscve8kaspersky2