9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
Low
0.974 High
EPSS
Percentile
100.0%
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions, cause denial of service.
Below is a complete list of vulnerabilities:
This vulnerability can be exploited by the following malware:
https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/
https://threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/
https://threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/
https://threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/
The following public exploits exists for this vulnerability:
https://www.exploit-db.com/exploits/42995
https://www.exploit-db.com/exploits/41894
https://www.exploit-db.com/exploits/41934
https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/
https://threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/
https://threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/
https://threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/
https://www.exploit-db.com/exploits/41879
https://www.exploit-db.com/exploits/41901
https://www.exploit-db.com/exploits/41880
https://www.exploit-db.com/exploits/41902
CVE-2017-0199 critical
CVE-2017-0058 warning
CVE-2017-0155 high
CVE-2017-0156 high
CVE-2017-0159 warning
CVE-2017-0164 warning
CVE-2017-0165 high
CVE-2017-0166 critical
CVE-2017-0167 warning
CVE-2017-0188 warning
CVE-2017-0189 high
CVE-2017-0191 warning
CVE-2017-0192 warning
CVE-2017-0211 warning
CVE-2017-0158 critical
CVE-2013-6629 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/4014652
support.microsoft.com/kb/4014793
support.microsoft.com/kb/4014794
support.microsoft.com/kb/4015067
support.microsoft.com/kb/4015068
support.microsoft.com/kb/4015195
support.microsoft.com/kb/4015217
support.microsoft.com/kb/4015219
support.microsoft.com/kb/4015221
support.microsoft.com/kb/4015380
support.microsoft.com/kb/4015383
support.microsoft.com/kb/4015547
support.microsoft.com/kb/4015548
support.microsoft.com/kb/4015550
support.microsoft.com/kb/4015551
support.microsoft.com/kb/4015583
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2013-6629
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0058
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0155
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0156
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0158
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0159
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0164
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0165
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0166
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0167
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0188
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0189
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0191
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0192
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0199
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0211
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/
threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/
threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/
threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/
threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/
threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/
threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/
threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/
www.exploit-db.com/exploits/41879
www.exploit-db.com/exploits/41880
www.exploit-db.com/exploits/41894
www.exploit-db.com/exploits/41901
www.exploit-db.com/exploits/41902
www.exploit-db.com/exploits/41934
www.exploit-db.com/exploits/42995
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
Low
0.974 High
EPSS
Percentile
100.0%