Kaspersky Threats

KLA10922
Multiple vulnerabilities in Microsoft Windows

Updated: 09/29/2020

Detect date ?	12/13/2016
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Windows Graphics Component can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
Affected products	Microsoft Windows Server 2016 Microsoft Windows 7 Microsoft Windows 8.1 Microsoft Windows RT 8.1 Microsoft Windows 10 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-7273 CVE-2016-7272 CVE-2016-7257
Impacts ?	ACE [?] OSI [?]
Related products	Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10
CVE-IDS ?	CVE-2016-72739.3Critical CVE-2016-72729.3Critical CVE-2016-72574.3Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	3205386 3205383 3205401 3205400 3205408 3205409 3206632 3204724 3205638
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.