CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.0%
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, perform cross-site scripting attack.
Below is a complete list of vulnerabilities:
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2016-3207 critical
CVE-2016-3206 critical
CVE-2016-3205 critical
CVE-2016-3213 critical
CVE-2016-3212 high
CVE-2016-3211 critical
CVE-2016-0199 critical
CVE-2016-0200 critical
CVE-2016-3220 critical
CVE-2016-3218 critical
CVE-2016-3216 warning
CVE-2016-3299 high
CVE-2016-3236 critical
CVE-2016-3228 critical
CVE-2016-3225 critical
CVE-2016-3223 critical
CVE-2016-3221 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
support.microsoft.com/kb/3159398
support.microsoft.com/kb/3160005
support.microsoft.com/kb/3161561
support.microsoft.com/kb/3161664
support.microsoft.com/kb/3161949
support.microsoft.com/kb/3164033
support.microsoft.com/kb/3164035
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0199
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0200
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3205
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3206
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3207
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3211
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3212
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3213
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3216
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3218
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3220
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3221
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3223
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3225
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3228
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3236
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-3299
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.0%