KLA11009 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows SMB can be exploited remotely via specially crafted packet to obtain sensitive information.
2. A denial of service vulnerability in Windows DNS Server can be exploited remotely to cause denial of service.
3. A denial of service vulnerability in Windows SMB can be exploited remotely via specially crafted requests to cause denial of service.
4. A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code.
5. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
6. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
7. An elevation of privilege vulnerability in Windows COM can be exploited remotely via specially crafted application to gain privileges.
8. An elevation of privilege vulnerability in Windows COM can be exploited remotely to gain privileges.
9. An elevation of privilege vulnerability in Windows Hyper-V vSMB can be exploited remotely to gain privileges.
10. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
11. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to cause denial of service.
12. An elevation of privilege vulnerability in Dxgkrnl.sys can be exploited remotely via specially crafted application to cause denial of service.
13. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.

Original advisories

CVE-2017-0280

CVE-2017-0274

CVE-2017-0272

CVE-2017-0279

CVE-2017-0273

CVE-2017-0276

CVE-2017-0278

CVE-2017-0213

CVE-2017-0212

CVE-2017-0270

CVE-2017-0245

CVE-2017-0171

CVE-2017-0259

CVE-2017-0246

CVE-2017-0277

CVE-2017-0258

CVE-2017-0269

CVE-2017-0267

CVE-2017-0077

CVE-2017-0190

CVE-2017-0275

CVE-2017-0271

CVE-2017-0214

CVE-2017-0263

CVE-2017-0268

CVE-2017-0220

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/44478

https://www.exploit-db.com/exploits/42007

https://www.exploit-db.com/exploits/42006

https://www.exploit-db.com/exploits/42008

https://www.exploit-db.com/exploits/42009

https://www.exploit-db.com/exploits/42021

https://www.exploit-db.com/exploits/42020

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2017-0280 high

CVE-2017-0279 high

CVE-2017-0278 high

CVE-2017-0277 high

CVE-2017-0276 warning

CVE-2017-0275 warning

CVE-2017-0274 warning

CVE-2017-0273 warning

CVE-2017-0272 critical

CVE-2017-0271 warning

CVE-2017-0270 warning

CVE-2017-0269 warning

CVE-2017-0268 warning

CVE-2017-0267 warning

CVE-2017-0263 high

CVE-2017-0259 warning

CVE-2017-0258 warning

CVE-2017-0246 high

CVE-2017-0245 warning

CVE-2017-0220 warning

CVE-2017-0214 warning

CVE-2017-0213 warning

CVE-2017-0212 high

CVE-2017-0190 warning

CVE-2017-0171 warning

CVE-2017-0077 high

KB list

4038788

4016871

4019474

4019215

4019216

4019473

4019472

4019213

4019214

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Windows 7 for 32-bit Systems Service Pack 1Windows 10 Version 1511 for 32-bit SystemsWindows 10 Version 1703 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1511 for x64-based SystemsWindows 8.1 for 32-bit systemsWindows Server 2012Windows RT 8.1Windows 10 Version 1607 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for 32-bit SystemsWindows Server 2012 R2Windows 10 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows 10 Version 1703 for 32-bit SystemsWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows 8.1 for x64-based systemsWindows Server 2016 (Server Core installation)