Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11046
HistoryJun 13, 2017 - 12:00 a.m.

KLA11046 Multiple vulnerabilities in Microsoft Windows

2017-06-1300:00:00
Kaspersky Lab
threats.kaspersky.com
77

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

8.9 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in Device Guard Code Integrity Policy can be exploited remotely to bypass security restrictions.
  2. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  3. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  4. A remote code execution vulnerability in Windows Search can be exploited remotely via specially crafted messages to execute arbitrary code.
  5. An information disclosure vulnerability in Windows PDF can be exploited remotely via specially crafted to obtain sensitive information.
  6. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  7. A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to execute arbitrary code.
  8. A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
  9. An information disclosure vulnerability in Windows Uniscribe can be exploited remotely via specially crafted document to obtain sensitive information.
  10. An elevation of privilege vulnerability in Hypervisor Code Integrity can be exploited remotely to gain privileges.
  11. A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
  12. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted cabinet to execute arbitrary code.
  13. An elevation of privilege vulnerability in Windows TDX can be exploited remotely via specially crafted application to gain privileges.
  14. A remote code execution vulnerability in Microsoft Windows can be exploited remotely via specially crafted to execute arbitrary code.
  15. A remote code execution vulnerability in Windows PDF can be exploited remotely via specially crafted to execute arbitrary code.

Original advisories

CVE-2017-0219

CVE-2017-0218

CVE-2017-0215

CVE-2017-0216

CVE-2017-0173

CVE-2017-8483

CVE-2017-8466

CVE-2017-8543

CVE-2017-8488

CVE-2017-8460

CVE-2017-0289

CVE-2017-0288

CVE-2017-8528

CVE-2017-8527

CVE-2017-0283

CVE-2017-0282

CVE-2017-0287

CVE-2017-0285

CVE-2017-0284

CVE-2017-0193

CVE-2017-8464

CVE-2017-8470

CVE-2017-8471

CVE-2017-8472

CVE-2017-8473

CVE-2017-8475

CVE-2017-0294

CVE-2017-0296

CVE-2017-0291

CVE-2017-0292

CVE-2017-8531

CVE-2017-8533

CVE-2017-8532

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42235

https://www.exploit-db.com/exploits/42212

https://www.exploit-db.com/exploits/42223

https://www.exploit-db.com/exploits/42429

https://www.exploit-db.com/exploits/42382

https://www.exploit-db.com/exploits/42236

https://www.exploit-db.com/exploits/42224

https://www.exploit-db.com/exploits/42225

https://www.exploit-db.com/exploits/42243

https://www.exploit-db.com/exploits/42234

https://www.exploit-db.com/exploits/42237

https://www.exploit-db.com/exploits/42226

https://www.exploit-db.com/exploits/42239

https://www.exploit-db.com/exploits/42241

https://www.exploit-db.com/exploits/42240

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Word

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2017-8543 critical

CVE-2017-0219 warning

CVE-2017-0284 warning

CVE-2017-0218 warning

CVE-2017-0215 warning

CVE-2017-0193 warning

CVE-2017-8488 unknown

CVE-2017-8528 critical

CVE-2017-8460 warning

CVE-2017-8475 warning

CVE-2017-8470 warning

CVE-2017-8466 high

CVE-2017-8464 critical

CVE-2017-0291 critical

CVE-2017-0216 warning

CVE-2017-0292 critical

CVE-2017-0285 warning

CVE-2017-8471 warning

CVE-2017-0173 warning

CVE-2017-0294 critical

CVE-2017-8472 warning

CVE-2017-8483 unknown

CVE-2017-0283 unknown

CVE-2017-0282 warning

CVE-2017-0296 high

CVE-2017-8473 warning

CVE-2017-0287 warning

CVE-2017-0288 warning

CVE-2017-0289 warning

CVE-2017-8527 critical

CVE-2017-8531 warning

CVE-2017-8532 warning

CVE-2017-8533 warning

KB list

4022714

4022727

4022715

4025342

4025339

4034668

4034674

4034681

4034658

4034660

4034666

4034665

4034672

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows Server 2008 for 32-bit Systems Service Pack 2Windows 8.1 for x64-based systemsWindows Server 2012Windows Server 2008 for x64-based Systems Service Pack 2Microsoft Word 2013 Service Pack 1 (32-bit editions)Windows Server 2016Windows RT 8.1Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows 10 Version 1703 for x64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1511 for 32-bit SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1511 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 1703 for 32-bit SystemsWindows Server 2012 R2

References

Related

openvas 19
mskb 20
cve 30
prion 29
cvelist 29
kaspersky 4
nvd 29
rapid7community 1
nessus 10
myhack58 1
talosblog 1
trendmicroblog 2
qualysblog 1
threatpost 1
symantec 11
zdt 5
seebug 2
canvas 1
zdi 3
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4022884)
2017-06-14 00:00:00
Microsoft Office Multiple Vulnerabilities (KB3191844)
2017-06-14 00:00:00
Microsoft Office Multiple Vulnerabilities (KB3191837)
2017-06-14 00:00:00
mskb
mskb
Security update for Windows Server 2008: June 13, 2017
2017-06-13 07:00:00
Security update 2017-06-13
2017-06-13 07:00:00
Description of the security update for Office 2010: June 13, 2017
2017-06-13 07:00:00
cve
cve
CVE-2017-8532
2017-06-15 01:29:04
CVE-2017-0286
2017-06-15 01:29:02
CVE-2017-0288
2017-06-15 01:29:02
prion
prion
Information disclosure
2017-06-15 01:29:00
Security feature bypass
2017-06-15 01:29:00
Security feature bypass
2017-06-15 01:29:00
cvelist
cvelist
CVE-2017-8531
2017-06-15 01:00:00
CVE-2017-8532
2017-06-15 01:00:00
CVE-2017-0218
2017-06-15 01:00:00
kaspersky
kaspersky
KLA11039 Multiple vulnerabilities in Microsoft Windows
2019-06-13 00:00:00
KLA11842 Multiple vulnerabilities in Microsoft Products (ESU)
2017-06-13 00:00:00
KLA11049 Multiple vulnerabilities in Microsoft Office
2017-06-13 00:00:00
nvd
nvd
CVE-2017-0286
2017-06-15 01:29:02
CVE-2017-0288
2017-06-15 01:29:02
CVE-2017-0289
2017-06-15 01:29:02
rapid7community
rapid7community
Patch Tuesday - June 2017
2017-06-14 12:04:23
nessus
nessus
Windows 8.1 and Windows Server 2012 R2 June 2017 Security Updates
2017-06-13 00:00:00
Windows Server 2012 June 2017 Security Updates
2017-06-13 00:00:00
Security Update for Microsoft Office Products (June 2017)
2017-06-14 00:00:00
myhack58
myhack58
【Major vulnerability warning】Windows two critical remote code execution vulnerability-vulnerability warning-the black bar safety net
2017-06-14 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - June 2017
2017-06-13 13:48:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 12, 2017
2017-06-16 12:00:40
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 3, 2017
2017-07-07 15:45:09
qualysblog
qualysblog
Microsoft Fixes 94 Security Issues in Massive June Update
2017-06-13 18:28:02
threatpost
threatpost
Microsoft Patches Two Critical Vulnerabilities Under Attack
2017-06-13 16:23:28
symantec
symantec
Microsoft Windows Uniscribe CVE-2017-8528 Remote Code Execution Vulnerability
2017-06-13 00:00:00
Microsoft Windows Cursor CVE-2017-8466 Local Privilege Escalation Vulnerability
2017-06-13 00:00:00
Microsoft Windows Graphics Component CVE-2017-8531 Information Disclosure Vulnerability
2017-06-13 00:00:00
zdt
zdt
Microsoft Windows - win32k!NtGdiGetRealizationInfo Kernel Stack Memory Disclosure Exploit
2017-06-28 00:00:00
Microsoft Windows - LNK Shortcut File Code Execution Exploit
2017-07-26 00:00:00
Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure Exploit
2017-06-28 00:00:00
seebug
seebug
Microsoft Windows Kernel 'Win32k.sys' Local Information Disclosure Vulnerability(CVE-2017-8471)
2017-06-27 00:00:00
Windows Kernel stack memory disclosure in win32k!ClientPrinterThunk(CVE-2017-8475)
2017-06-27 00:00:00
canvas
canvas
Immunity Canvas: SPECIAL_LNK
2017-06-15 01:29:00
zdi
zdi
Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2017-06-13 00:00:00
(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability
2017-06-13 00:00:00
Microsoft Windows DirectWrite Integer Overflow Information Disclosure Vulnerability
2019-06-20 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

8.9 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON
Related for KLA11046
openvas19mskb20cve30prion29cvelist29kaspersky4nvd29rapid7community1nessus10myhack581talosblog1trendmicroblog2qualysblog1threatpost1symantec11zdt5seebug2canvas1zdi3