Kaspersky LabKLA11901KLA11901 OSI vulnerability in Microsoft Products (ESU)
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
20.3%
An information disclosure vulnerability was found in Microsoft Products (Extended Support Update). Malicious users can exploit this vulnerability to obtain sensitive information.
Original advisories
Related products
CVE list
CVE-2017-8554 warning
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows Server 2008 for 32-bit Systems Service Pack 2Windows 8.1 for x64-based systemsWindows Server 2012Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2016Windows RT 8.1Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows 10 Version 1703 for x64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1511 for 32-bit SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1511 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 1703 for 32-bit SystemsWindows Server 2012 R2
References
support.microsoft.com/kb/4022719
support.microsoft.com/kb/4022722
support.microsoft.com/kb/4022887
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8554
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
20.3%