Kaspersky Threats

Detect date

?

09/13/2016

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Windows. Malicious users can exploit these vulnerabilities to cause denial of service. execute arbitrary code, obtain sensitive information or gain privileges.

Below is a complete list of vulnerabilities

An improper memory objects handling can be exploited by logged in attacker via a specially designed application to gain privileges or obtain sensitive information;
An improper memory objects handling can be exploited remotely via a specially designed file or data to execute arbitrary code or cause denial of service;
An improper permissions handling can be exploited locally via DLL hijack to gain privileges;
An improper NTLM messages request validation can be exploited remotely via a specially designed content to obtain sensitive information;
An improper sessions objects handling can be exploited locally via a specially designed application to gain privileges;
Lack of information access restrictions can be exploited locally via a specially designed application to gain privileges;
Lack of web-content loading restrictions can be exploited by attacker with physical access to execute arbitrary code;
An improper requests handling can be exploited remotely via a specially designed SMB server to execute arbitrary code;
An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information;
An improper memory objects access can be exploited remotely via a specially designed content to execute arbitrary code.

Technical details

Vulnerability (4) can be mitigated via usage of enterprise perimeter firewall.

To exploit vulnerability (8) attacker must be able to establish an authenticated SMBv1 session to the SMBv1 Server. To mitigate this vulnerability you can disable SMBv1. For further instructions take a look at original advisory listed below.

Affected products

Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows 10 1511
Microsoft Windows 10 1607

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-3370
CVE-2016-3374
CVE-2016-3375
CVE-2016-3373
CVE-2016-3368
CVE-2016-3369
CVE-2016-3371
CVE-2016-3372
CVE-2016-3306
CVE-2016-3344
CVE-2016-3345
CVE-2016-3346
CVE-2016-3348
CVE-2016-3349
CVE-2016-3352
CVE-2016-3302
CVE-2016-3354
CVE-2016-3355
CVE-2016-3356
CVE-2016-3305

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

Detect date ?	09/13/2016
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Windows. Malicious users can exploit these vulnerabilities to cause denial of service. execute arbitrary code, obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities An improper memory objects handling can be exploited by logged in attacker via a specially designed application to gain privileges or obtain sensitive information; An improper memory objects handling can be exploited remotely via a specially designed file or data to execute arbitrary code or cause denial of service; An improper permissions handling can be exploited locally via DLL hijack to gain privileges; An improper NTLM messages request validation can be exploited remotely via a specially designed content to obtain sensitive information; An improper sessions objects handling can be exploited locally via a specially designed application to gain privileges; Lack of information access restrictions can be exploited locally via a specially designed application to gain privileges; Lack of web-content loading restrictions can be exploited by attacker with physical access to execute arbitrary code; An improper requests handling can be exploited remotely via a specially designed SMB server to execute arbitrary code; An improper memory objects handling can be exploited remotely via a specially designed content to obtain sensitive information; An improper memory objects access can be exploited remotely via a specially designed content to execute arbitrary code. Technical details Vulnerability (4) can be mitigated via usage of enterprise perimeter firewall. To exploit vulnerability (8) attacker must be able to establish an authenticated SMBv1 session to the SMBv1 Server. To mitigate this vulnerability you can disable SMBv1. For further instructions take a look at original advisory listed below.
Affected products	Microsoft Windows Vista Service Pack 2 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows 7 Service Pack 1 Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows RT 8.1 Microsoft Windows 10 Microsoft Windows 10 1511 Microsoft Windows 10 1607
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-3370 CVE-2016-3374 CVE-2016-3375 CVE-2016-3373 CVE-2016-3368 CVE-2016-3369 CVE-2016-3371 CVE-2016-3372 CVE-2016-3306 CVE-2016-3344 CVE-2016-3345 CVE-2016-3346 CVE-2016-3348 CVE-2016-3349 CVE-2016-3352 CVE-2016-3302 CVE-2016-3354 CVE-2016-3355 CVE-2016-3356 CVE-2016-3305
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?]
Related products	Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10
CVE-IDS ?	CVE-2016-33704.3Warning CVE-2016-33744.3Warning CVE-2016-33757.6Critical CVE-2016-33734.3Warning CVE-2016-33689.0Critical CVE-2016-33697.8Critical CVE-2016-33714.3Warning CVE-2016-33723.6Warning CVE-2016-33064.6Warning CVE-2016-33442.1Warning CVE-2016-33459.0Critical CVE-2016-33467.2High CVE-2016-33489.3Critical CVE-2016-33497.2High CVE-2016-33524.3Warning CVE-2016-33026.2High CVE-2016-33544.3Warning CVE-2016-33557.2High CVE-2016-33569.3Critical CVE-2016-33054.6Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	3178539 3184122 3185911 3187754 3184943 3177186 3184471 3185611 3185614 3189866 3175024 4025342
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40430 https://www.exploit-db.com/exploits/40429 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10870Multiple vulnerabilities in Microsoft Windows

KLA10870
Multiple vulnerabilities in Microsoft Windows