Kaspersky Threats

CVSS

?

10.0

Detect date

?

02/09/2016

Severity

?

Critical

Description

Microsoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10757.

Technical details

To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from running on Internet Explorer via Group Policy, prevent Adobe FP from running in Office 2010, prevent ActiveX controls from running in Office 2007 & 2010, set security zones settings to “High” to block kind of content, configure IE to prompt before running kind of content, use IE Trusted sites zone. For further instructions you can read original Microsoft advisory listed below.

Affected products

Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT
Windows 8.1 for 32-bit Systems
Windows 8.1 for 64-bit Systems
Windows Server 2012 R2
Windows RT 8.1
Windows 10 for 32-bit Systems
Windows 10 for 64-bit Systems

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-0985
CVE-2016-0983
CVE-2016-0984
CVE-2016-0981
CVE-2016-0982
CVE-2016-0964
CVE-2016-0965
CVE-2016-0966
CVE-2016-0967
CVE-2016-0968
CVE-2016-0969
CVE-2016-0970
CVE-2016-0972
CVE-2016-0971
CVE-2016-0976
CVE-2016-0975
CVE-2016-0974
CVE-2016-0973
CVE-2016-0980
CVE-2016-0979
CVE-2016-0978
CVE-2016-0977

Impacts

?

ACE

[?]

DoS

[?]

SB

[?]

CVSS ?	10.0
Detect date ?	02/09/2016
Severity ?	Critical
Description	Microsoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10757. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from running on Internet Explorer via Group Policy, prevent Adobe FP from running in Office 2010, prevent ActiveX controls from running in Office 2007 & 2010, set security zones settings to “High” to block kind of content, configure IE to prompt before running kind of content, use IE Trusted sites zone. For further instructions you can read original Microsoft advisory listed below.
Affected products	Windows 8 for 32-bit Systems Windows 8 for 64-bit Systems Windows Server 2012 Windows RT Windows 8.1 for 32-bit Systems Windows 8.1 for 64-bit Systems Windows Server 2012 R2 Windows RT 8.1 Windows 10 for 32-bit Systems Windows 10 for 64-bit Systems
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-0985 CVE-2016-0983 CVE-2016-0984 CVE-2016-0981 CVE-2016-0982 CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0972 CVE-2016-0971 CVE-2016-0976 CVE-2016-0975 CVE-2016-0974 CVE-2016-0973 CVE-2016-0980 CVE-2016-0979 CVE-2016-0978 CVE-2016-0977
Impacts ?	ACE [?] DoS [?] SB [?]
Related products	Microsoft Windows
CVE-IDS ?	CVE-2016-0985 CVE-2016-0983 CVE-2016-0984 CVE-2016-0981 CVE-2016-0982 CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0972 CVE-2016-0971 CVE-2016-0976 CVE-2016-0975 CVE-2016-0974 CVE-2016-0973 CVE-2016-0980 CVE-2016-0979 CVE-2016-0978 CVE-2016-0977
Microsoft official advisories	Microsoft Security Update Guide
KB list	3135782