Kaspersky Threats

Erkennungsdatum

?

05/10/2016

Schweregrad

?

Kritisch

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges or bypass security restrictions.

Below is a complete list of vulnerabilities

An improper memory contents disclosure at Windows Graphics Device Interface (GDI) component can be exploited remotely via a specially designed content to obtain sensitive information;
An improper memory objects handling at Windows GDI components can be exploited remotely via a specially designed content to execute arbitrary code;
An improper memory objects handling at Windows Imaging Component can be exploited remotely via a specially designed content to execute arbitrary code;
An unknown vulnerability at Windows Journal can be exploited remotely via a specially crafted Journal file to execute arbitrary code;
An improper memory objects handling at Windows Shell can be exploited remotely via a specially designed content to execute arbitrary code;
An improper input data validating before loading certain libraries can be exploited by logged in user via a specially crafted application to execute arbitrary code;
An improper certain symbolic links parsing at Windows Kernel can be exploited by logged in user via a specially crafted application to elevate privileges;
An improper memory deallocation can be exploited remotely via a specially crafted RPC requests to elevate privileges;
An improper memory objects handling at Windows kernel-mode driver can be exploited by logged in user via a specially crafted application to elevate privileges;
An unknown vulnerability at Windows kernel can be exploited by logged in user via a specially crafted application to bypass security feature;
An improper memory handling at DirectX Graphics kernel subsystem can be exploited locally via a specially crafted application to elevate privileges;
An unknown vulnerability can be exploited locally via a specially crafted application to bypass security feature;
An improper binding of the mounted USB and user session can be exploited remotely to obtain sensitive information from USB disk;
An unspecified vulnerability in Windows Media Center can be exploited remotely via specially crafted file to execute arbitrary code.

Technical details

To workaround vulnerability (1) you can disable metafile processing. For further instructions you can read MS16-055 Microsoft advisory listed below.

Vulnerability (2) related to Direct3D and another unknown component.

To workaround vulnerability (4) do not open Windows Journal (.jnt) files that you receive from untrusted sources, remove the .jnt file type association, remove Windows Journal by disabling the Windows feature that installs it or deny access to Journal.exe. For further instructions you can read MS16-056 Microsoft advisory listed below.

Vulnerability (8) related to Remote Procedure Call (RPC) Network Data Representation (NDR) Engine.

Vulnerability (10) allows malicious user to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass and to retrieve the memory address of a kernel object.

Vulnerability (11) related to dxgkrnl.sys. It caused by improperly handling of memory objects and incorrectly mapping of kernel memory.

Vulnerability (12) allows malicious user to mark certain kernel-mode pages as Read, Write, Execute (RWX) even with Hypervisor Code Integrity (HVCI) enabled.

Vulnerability (13) exists when a USB disk is mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX.

Beeinträchtigte Produkte

Windows Vista Service Pack 2
Windows 7 Service Pack 1
Windows 8.1
Windows RT 8.1
Windows 10
Windows 10 Version 1511
Windows Server 2008 Service Pack 2
Windows Server 2008 R2 Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016 Technical Preview 5
Windows Media Center

Lösung

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Ursprüngliche Informationshinweise

CVE-2016-0185
CVE-2016-0189
CVE-2016-0187
CVE-2016-0181
CVE-2016-0197
CVE-2016-0196
CVE-2016-0195
CVE-2016-0152
CVE-2016-0168
CVE-2016-0176
CVE-2016-0174
CVE-2016-0175
CVE-2016-0180
CVE-2016-0173
CVE-2016-0170
CVE-2016-0171
CVE-2016-0190
CVE-2016-0184
CVE-2016-0169
CVE-2016-0182
CVE-2016-0178
CVE-2016-0179

Folgen

?

ACE

[?]

OSI

[?]

SB

[?]

PE

[?]

CVE-IDS

?

Offizielle Informationshinweise von Microsoft

Microsoft Sicherheitsupdate-Guide

KB-Liste

3156421
3156059
3156016
3153704
3155784
3156387
3156013
3141083
3156019
3155178
3153171
3156017
3153199
3155413
3158991
3150220

Link zum Original

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken

Erkennungsdatum ?	05/10/2016
Schweregrad ?	Kritisch
Beschreibung	Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges or bypass security restrictions. Below is a complete list of vulnerabilities An improper memory contents disclosure at Windows Graphics Device Interface (GDI) component can be exploited remotely via a specially designed content to obtain sensitive information; An improper memory objects handling at Windows GDI components can be exploited remotely via a specially designed content to execute arbitrary code; An improper memory objects handling at Windows Imaging Component can be exploited remotely via a specially designed content to execute arbitrary code; An unknown vulnerability at Windows Journal can be exploited remotely via a specially crafted Journal file to execute arbitrary code; An improper memory objects handling at Windows Shell can be exploited remotely via a specially designed content to execute arbitrary code; An improper input data validating before loading certain libraries can be exploited by logged in user via a specially crafted application to execute arbitrary code; An improper certain symbolic links parsing at Windows Kernel can be exploited by logged in user via a specially crafted application to elevate privileges; An improper memory deallocation can be exploited remotely via a specially crafted RPC requests to elevate privileges; An improper memory objects handling at Windows kernel-mode driver can be exploited by logged in user via a specially crafted application to elevate privileges; An unknown vulnerability at Windows kernel can be exploited by logged in user via a specially crafted application to bypass security feature; An improper memory handling at DirectX Graphics kernel subsystem can be exploited locally via a specially crafted application to elevate privileges; An unknown vulnerability can be exploited locally via a specially crafted application to bypass security feature; An improper binding of the mounted USB and user session can be exploited remotely to obtain sensitive information from USB disk; An unspecified vulnerability in Windows Media Center can be exploited remotely via specially crafted file to execute arbitrary code. Technical details To workaround vulnerability (1) you can disable metafile processing. For further instructions you can read MS16-055 Microsoft advisory listed below. Vulnerability (2) related to Direct3D and another unknown component. To workaround vulnerability (4) do not open Windows Journal (.jnt) files that you receive from untrusted sources, remove the .jnt file type association, remove Windows Journal by disabling the Windows feature that installs it or deny access to Journal.exe. For further instructions you can read MS16-056 Microsoft advisory listed below. Vulnerability (8) related to Remote Procedure Call (RPC) Network Data Representation (NDR) Engine. Vulnerability (10) allows malicious user to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass and to retrieve the memory address of a kernel object. Vulnerability (11) related to dxgkrnl.sys. It caused by improperly handling of memory objects and incorrectly mapping of kernel memory. Vulnerability (12) allows malicious user to mark certain kernel-mode pages as Read, Write, Execute (RWX) even with Hypervisor Code Integrity (HVCI) enabled. Vulnerability (13) exists when a USB disk is mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX.
Beeinträchtigte Produkte	Windows Vista Service Pack 2 Windows 7 Service Pack 1 Windows 8.1 Windows RT 8.1 Windows 10 Windows 10 Version 1511 Windows Server 2008 Service Pack 2 Windows Server 2008 R2 Service Pack 1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Technical Preview 5 Windows Media Center
Lösung	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Ursprüngliche Informationshinweise	CVE-2016-0185 CVE-2016-0189 CVE-2016-0187 CVE-2016-0181 CVE-2016-0197 CVE-2016-0196 CVE-2016-0195 CVE-2016-0152 CVE-2016-0168 CVE-2016-0176 CVE-2016-0174 CVE-2016-0175 CVE-2016-0180 CVE-2016-0173 CVE-2016-0170 CVE-2016-0171 CVE-2016-0190 CVE-2016-0184 CVE-2016-0169 CVE-2016-0182 CVE-2016-0178 CVE-2016-0179
Folgen ?	ACE [?] OSI [?] SB [?] PE [?]
CVE-IDS ?	CVE-2016-01859.3Critical CVE-2016-01897.6Critical CVE-2016-01877.6Critical CVE-2016-01812.1Critical CVE-2016-01977.2Critical CVE-2016-01967.2Critical CVE-2016-01959.3Critical CVE-2016-01527.2Critical CVE-2016-01684.3Critical CVE-2016-01767.2Critical CVE-2016-01747.2Critical CVE-2016-01752.1Critical CVE-2016-01807.2Critical CVE-2016-01737.2Critical CVE-2016-01709.3Critical CVE-2016-01717.2Critical CVE-2016-01902.1Critical CVE-2016-01849.3Critical CVE-2016-01694.3Critical CVE-2016-01829.3Critical CVE-2016-01789.0Critical CVE-2016-01799.3Critical
Offizielle Informationshinweise von Microsoft	Microsoft Sicherheitsupdate-Guide
KB-Liste	3156421 3156059 3156016 3153704 3155784 3156387 3156013 3141083 3156019 3155178 3153171 3156017 3153199 3155413 3158991 3150220
	Link zum Original
	Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken

KLA10801Multiple vulnerabilities in Microsoft Windows

KLA10801
Multiple vulnerabilities in Microsoft Windows