Kaspersky Threats

Detect date

?

02/09/2016

Severity

?

High

Description

Microsoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10757.

Technical details

To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from running on Internet Explorer via Group Policy, prevent Adobe FP from running in Office 2010, prevent ActiveX controls from running in Office 2007 & 2010, set security zones settings to “High” to block kind of content, configure IE to prompt before running kind of content, use IE Trusted sites zone. For further instructions you can read original Microsoft advisory listed below.

Affected products

Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT
Windows 8.1 for 32-bit Systems
Windows 8.1 for 64-bit Systems
Windows Server 2012 R2
Windows RT 8.1
Windows 10 for 32-bit Systems
Windows 10 for 64-bit Systems

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-0985
CVE-2016-0983
CVE-2016-0984
CVE-2016-0981
CVE-2016-0982
CVE-2016-0964
CVE-2016-0965
CVE-2016-0966
CVE-2016-0967
CVE-2016-0968
CVE-2016-0969
CVE-2016-0970
CVE-2016-0972
CVE-2016-0971
CVE-2016-0976
CVE-2016-0975
CVE-2016-0974
CVE-2016-0973
CVE-2016-0980
CVE-2016-0979
CVE-2016-0978
CVE-2016-0977

Impacts

?

ACE

[?]

DoS

[?]

SB

[?]

Related products

Microsoft Windows

CVE-IDS

?

Microsoft official advisories

Microsoft Security Update Guide

KB list

3135782

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/39461

https://www.exploit-db.com/exploits/39462

https://www.exploit-db.com/exploits/39467

https://www.exploit-db.com/exploits/39460

https://www.exploit-db.com/exploits/39466

https://www.exploit-db.com/exploits/39465

https://www.exploit-db.com/exploits/39463

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Detect date ?	02/09/2016
Severity ?	High
Description	Microsoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10757. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from running on Internet Explorer via Group Policy, prevent Adobe FP from running in Office 2010, prevent ActiveX controls from running in Office 2007 & 2010, set security zones settings to “High” to block kind of content, configure IE to prompt before running kind of content, use IE Trusted sites zone. For further instructions you can read original Microsoft advisory listed below.
Affected products	Windows 8 for 32-bit Systems Windows 8 for 64-bit Systems Windows Server 2012 Windows RT Windows 8.1 for 32-bit Systems Windows 8.1 for 64-bit Systems Windows Server 2012 R2 Windows RT 8.1 Windows 10 for 32-bit Systems Windows 10 for 64-bit Systems
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-0985 CVE-2016-0983 CVE-2016-0984 CVE-2016-0981 CVE-2016-0982 CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0972 CVE-2016-0971 CVE-2016-0976 CVE-2016-0975 CVE-2016-0974 CVE-2016-0973 CVE-2016-0980 CVE-2016-0979 CVE-2016-0978 CVE-2016-0977
Impacts ?	ACE [?] DoS [?] SB [?]
Related products	Microsoft Windows
CVE-IDS ?	CVE-2016-09859.3Critical CVE-2016-098310.0Critical CVE-2016-098410.0Critical CVE-2016-098110.0Critical CVE-2016-098210.0Critical CVE-2016-096410.0Critical CVE-2016-096510.0Critical CVE-2016-096610.0Critical CVE-2016-096710.0Critical CVE-2016-096810.0Critical CVE-2016-096910.0Critical CVE-2016-097010.0Critical CVE-2016-097210.0Critical CVE-2016-097110.0Critical CVE-2016-097610.0Critical CVE-2016-09759.3Critical CVE-2016-097410.0Critical CVE-2016-09739.3Critical CVE-2016-098010.0Critical CVE-2016-097910.0Critical CVE-2016-097810.0Critical CVE-2016-097710.0Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3135782
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/39461 https://www.exploit-db.com/exploits/39462 https://www.exploit-db.com/exploits/39467 https://www.exploit-db.com/exploits/39460 https://www.exploit-db.com/exploits/39466 https://www.exploit-db.com/exploits/39465 https://www.exploit-db.com/exploits/39463 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.