Kaspersky Threats

Detect date

?

04/12/2016

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted embedded to execute arbitrary code.
An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
An implementation vulnerability in Security Account Manager can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Secondary Logon can be exploited remotely via specially crafted application to gain privileges.
A denial of service vulnerability in HTTP.sys can be exploited remotely via specially crafted to cause denial of service.
A security feature bypass vulnerability in Windows CSRSS can be exploited remotely via specially crafted application to bypass security restrictions.
A remote code execution vulnerability in Windows OLE can be exploited remotely via specially crafted file to execute arbitrary code.

Affected products

Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows Vista Service Pack 2
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2012
Windows RT 8.1
Windows 10 for 32-bit Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows 10 Version 1709 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 Version 1709 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1703 for 32-bit Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 8.1 for x64-based systems

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-0143
CVE-2016-0145
CVE-2016-0165
CVE-2016-0167
CVE-2016-0088
CVE-2016-0089
CVE-2016-0090
CVE-2016-0128
CVE-2016-0135
CVE-2016-0150
CVE-2016-0151
CVE-2016-0153

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

Detect date ?	04/12/2016
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted embedded to execute arbitrary code. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information. An implementation vulnerability in Security Account Manager can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Secondary Logon can be exploited remotely via specially crafted application to gain privileges. A denial of service vulnerability in HTTP.sys can be exploited remotely via specially crafted to cause denial of service. A security feature bypass vulnerability in Windows CSRSS can be exploited remotely via specially crafted application to bypass security restrictions. A remote code execution vulnerability in Windows OLE can be exploited remotely via specially crafted file to execute arbitrary code.
Affected products	Windows 7 for 32-bit Systems Service Pack 1 Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows Vista Service Pack 2 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows 10 Version 1511 for x64-based Systems Windows 8.1 for 32-bit systems Windows Server 2012 Windows RT 8.1 Windows 10 for 32-bit Systems Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows 10 Version 1709 for 32-bit Systems Windows 10 for x64-based Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows 10 Version 1709 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows 10 Version 1703 for 32-bit Systems Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows 8.1 for x64-based systems
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-0143 CVE-2016-0145 CVE-2016-0165 CVE-2016-0167 CVE-2016-0088 CVE-2016-0089 CVE-2016-0090 CVE-2016-0128 CVE-2016-0135 CVE-2016-0150 CVE-2016-0151 CVE-2016-0153
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?]
Related products	Microsoft Windows Microsoft Windows Server Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10
CVE-IDS ?	CVE-2016-01437.2High CVE-2016-01459.3Critical CVE-2016-01657.2High CVE-2016-01677.2High CVE-2016-00887.2High CVE-2016-00892.1Warning CVE-2016-00902.1Warning CVE-2016-01285.8High CVE-2016-01357.2High CVE-2016-01507.8Critical CVE-2016-01517.2High CVE-2016-01539.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3149090 3147461 3135456 3146723 3147458 3146706 3145739 4038788 4093112
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/39712 https://www.exploit-db.com/exploits/39743 https://www.exploit-db.com/exploits/44480 https://www.exploit-db.com/exploits/39740 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.