Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11077
HistoryMay 09, 2017 - 12:00 a.m.

KLA11077 Multiple vulnerabilities in Microsoft Products (ESU)

2017-05-0900:00:00
Kaspersky Lab
threats.kaspersky.com
54

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.589

Percentile

97.8%

JSON

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  2. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
  3. A denial of service vulnerability in Windows SMB can be exploited remotely via specially crafted requests to cause denial of service.
  4. A security feature bypass vulnerability in Internet Explorer can be exploited remotely via specially crafted to bypass security restrictions.
  5. A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code.
  6. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to cause denial of service.
  7. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  8. An elevation of privilege vulnerability in Windows COM can be exploited remotely to gain privileges.
  9. An information disclosure vulnerability in Windows SMB can be exploited remotely via specially crafted packet to obtain sensitive information.
  10. An elevation of privilege vulnerability in Windows COM can be exploited remotely via specially crafted application to gain privileges.
  11. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to execute arbitrary code.
  12. An elevation of privilege vulnerability in Dxgkrnl.sys can be exploited remotely via specially crafted application to cause denial of service.
  13. A denial of service vulnerability in Windows DNS Server can be exploited remotely to cause denial of service.
  14. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
  15. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to cause denial of service.
  16. An information disclosure vulnerability in Microsoft ActiveX can be exploited remotely to obtain sensitive information.
  17. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.

Original advisories

CVE-2017-0220

CVE-2017-0222

CVE-2017-0280

CVE-2017-0064

CVE-2017-0272

CVE-2017-0246

CVE-2017-0278

CVE-2017-0279

CVE-2017-0190

CVE-2017-0214

CVE-2017-0273

CVE-2017-0270

CVE-2017-0271

CVE-2017-0276

CVE-2017-0277

CVE-2017-0274

CVE-2017-0213

CVE-2017-0238

CVE-2017-0258

CVE-2017-0077

CVE-2017-0175

CVE-2017-0171

CVE-2017-0269

CVE-2017-0268

CVE-2017-0245

CVE-2017-0244

CVE-2017-0242

CVE-2017-0263

CVE-2017-0275

CVE-2017-0267

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

Microsoft-Edge

CVE list

CVE-2017-0238 critical

CVE-2017-0222 critical

CVE-2017-0064 high

CVE-2017-0280 high

CVE-2017-0279 high

CVE-2017-0278 high

CVE-2017-0277 high

CVE-2017-0276 high

CVE-2017-0275 high

CVE-2017-0274 high

CVE-2017-0273 high

CVE-2017-0272 critical

CVE-2017-0271 high

CVE-2017-0270 high

CVE-2017-0269 high

CVE-2017-0268 high

CVE-2017-0267 high

CVE-2017-0263 critical

CVE-2017-0258 warning

CVE-2017-0246 high

CVE-2017-0245 warning

CVE-2017-0244 high

CVE-2017-0242 high

CVE-2017-0220 warning

CVE-2017-0214 high

CVE-2017-0213 high

CVE-2017-0190 warning

CVE-2017-0175 warning

CVE-2017-0171 high

CVE-2017-0077 critical

KB list

4018271

4019264

4019263

4019149

4018885

4019206

4018821

4018927

4018556

4019204

4018466

4018196

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 for 32-bit SystemsInternet Explorer 9Windows 10 for x64-based SystemsWindows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2012Windows Server 2008 for 32-bit Systems Service Pack 2Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsInternet Explorer 11Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2016Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows RT 8.1Windows 10 Version 1703 for x64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1511 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1511 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Internet Explorer 10Windows 10 Version 1703 for 32-bit SystemsWindows Server 2012 R2

References

Related

mskb 17
openvas 13
nessus 11
kaspersky 1
prion 26
nvd 24
cvelist 24
cve 23
trendmicroblog 1
thn 1
qualysblog 1
attackerkb 2
zdt 4
exploitdb 4
ics 1
checkpoint_advisories 7
mscve 19
symantec 18
cisa_kev 1
ptsecurity 1
mskb
mskb
May 9, 2017—KB4019263 (Security-only update)
2017-05-09 07:00:00
May 9, 2017—KB4019264 (Monthly Rollup)
2017-05-09 07:00:00
May 9, 2017—KB4019214 (Security-only update)
2017-05-09 07:00:00
openvas
openvas
Microsoft Windows Monthly Rollup (KB4019264)
2017-05-10 00:00:00
Microsoft Windows Monthly Rollup (KB4019214)
2017-05-10 00:00:00
Microsoft SMB Multiple Vulnerabilities (KB4018466)
2017-05-10 00:00:00
nessus
nessus
Windows 2008 May 2017 Multiple Security Updates
2017-05-09 00:00:00
Windows Server 2012 May 2017 Security Updates
2017-05-09 00:00:00
Microsoft Windows SMBv1 Multiple Vulnerabilities
2017-05-26 00:00:00
kaspersky
kaspersky
KLA11009 Multiple vulnerabilities in Microsoft Windows
2017-05-09 00:00:00
prion
prion
Information disclosure
2017-05-12 14:29:00
Information disclosure
2017-05-12 14:29:00
Information disclosure
2017-05-12 14:29:00
nvd
nvd
CVE-2017-0276
2017-05-12 14:29:06
CVE-2017-0274
2017-05-12 14:29:06
CVE-2017-0268
2017-05-12 14:29:05
cvelist
cvelist
CVE-2017-0268
2017-05-12 14:00:00
CVE-2017-0275
2017-05-12 14:00:00
CVE-2017-0274
2017-05-12 14:00:00
cve
cve
CVE-2017-0271
2017-05-12 14:29:05
CVE-2017-0275
2017-05-12 14:29:06
CVE-2017-0274
2017-05-12 14:29:06
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 8, 2017
2017-05-12 16:47:57
thn
thn
Microsoft Issues Patches for Another Four Zero-Day Vulnerabilities
2017-05-09 23:37:00
qualysblog
qualysblog
Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1
2017-05-09 18:06:52
attackerkb
attackerkb
CVE-2017-0213
2017-05-12 00:00:00
CVE-2017-0263
2017-05-12 00:00:00
zdt
zdt
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd
2017-05-16 00:00:00
Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Exploit
2018-04-17 00:00:00
Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes
2017-05-16 00:00:00
exploitdb
exploitdb
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys
2017-05-15 00:00:00
Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation
2018-03-26 00:00:00
Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token
2017-05-15 00:00:00
ics
ics
Philips Intellispace Portal ISP Vulnerabilities
2018-02-27 12:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Server SMBv1 Information Disclosure (CVE-2017-0271)
2017-06-20 00:00:00
Microsoft Windows SMB Server SMBv1 Out of Bounds Read (CVE-2017-0267)
2017-06-08 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2017-0246)
2017-05-09 00:00:00
mscve
mscve
Windows SMB Denial of Service Vulnerability
2017-05-09 07:00:00
Windows Kernel Information Disclosure Vulnerability
2017-05-09 07:00:00
Windows SMB Information Disclosure Vulnerability
2017-05-09 07:00:00
symantec
symantec
Microsoft Windows Kernel CVE-2017-0258 Local Information Disclosure Vulnerability
2017-05-09 00:00:00
Microsoft Windows SMB Server CVE-2017-0276 Information Disclosure Vulnerability
2017-05-09 00:00:00
Microsoft Windows SMB Server CVE-2017-0280 Remote Denial of Service Vulnerability
2017-05-09 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-02-10 00:00:00
ptsecurity
ptsecurity
PT-2017-13: Elevation of Privilege in Microsoft Windows
2017-07-05 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.589

Percentile

97.8%

JSON
Related for KLA11077
mskb17openvas13nessus11kaspersky1prion26nvd24cvelist24cve23trendmicroblog1thn1qualysblog1attackerkb2zdt4exploitdb4ics1checkpoint_advisories7mscve19symantec18cisa_kev1ptsecurity1