Multiple vulnerabilities in Microsoft Windows

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Search can be exploited remotely via specially crafted messages to execute arbitrary code.
2. A security feature bypass vulnerability in Device Guard Code Integrity Policy can be exploited remotely to bypass security restrictions.
3. An information disclosure vulnerability in Windows Uniscribe can be exploited remotely via specially crafted document to obtain sensitive information.
4. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
5. An elevation of privilege vulnerability in Hypervisor Code Integrity can be exploited remotely to gain privileges.
6. A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to execute arbitrary code.
7. An information disclosure vulnerability in Windows PDF can be exploited remotely via specially crafted to obtain sensitive information.
8. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
9. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
10. A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
11. A remote code execution vulnerability in Microsoft Windows can be exploited remotely via specially crafted to execute arbitrary code.
12. A remote code execution vulnerability in Windows PDF can be exploited remotely via specially crafted to execute arbitrary code.
13. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted cabinet to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
15. An elevation of privilege vulnerability in Windows TDX can be exploited remotely via specially crafted application to gain privileges.
16. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
17. A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.

Original advisories

• CVE-2017-8543

• CVE-2017-0219
• CVE-2017-0284
• CVE-2017-0218
• CVE-2017-0215
• CVE-2017-8479
• CVE-2017-0299
• CVE-2017-8485
• CVE-2017-0193
• CVE-2017-8478
• CVE-2017-8488
• CVE-2017-8528
• CVE-2017-8460
• CVE-2017-8475
• CVE-2017-8476
• CVE-2017-8470
• CVE-2017-8494
• CVE-2017-8466
• CVE-2017-8464
• CVE-2017-0291
• CVE-2017-0216
• CVE-2017-0292
• CVE-2017-8480
• CVE-2017-8489
• CVE-2017-0285
• CVE-2017-0300
• CVE-2017-8491
• CVE-2017-8471
• CVE-2017-8477
• CVE-2017-8462
• CVE-2017-0173
• CVE-2017-0294
• CVE-2017-8472
• CVE-2017-8482
• CVE-2017-8492
• CVE-2017-8490
• CVE-2017-8483
• CVE-2017-0283
• CVE-2017-8484
• CVE-2017-8481
• CVE-2017-8468
• CVE-2017-0282
• CVE-2017-8469
• CVE-2017-8474
• CVE-2017-8465
• CVE-2017-0297
• CVE-2017-0296
• CVE-2017-8473
• CVE-2017-8531
• CVE-2017-0289
• CVE-2017-0288
• CVE-2017-8527
• CVE-2017-0287
• CVE-2017-8533
• CVE-2017-8532

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Word
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

CVE list

• CVE-2017-8543
  critical
• CVE-2017-0219
  high
• CVE-2017-0284
  warning
• CVE-2017-0218
  high
• CVE-2017-0215
  high
• CVE-2017-8479
  warning
• CVE-2017-0299
  warning
• CVE-2017-8485
  warning
• CVE-2017-0193
  critical
• CVE-2017-8478
  warning
• CVE-2017-8488
  warning
• CVE-2017-8528
  critical
• CVE-2017-8460
  high
• CVE-2017-8475
  warning
• CVE-2017-8476
  warning
• CVE-2017-8470
  warning
• CVE-2017-8494
  high
• CVE-2017-8466
  critical
• CVE-2017-8464
  critical
• CVE-2017-0291
  critical
• CVE-2017-0216
  high
• CVE-2017-0292
  critical
• CVE-2017-8480
  warning
• CVE-2017-8489
  warning
• CVE-2017-0285
  warning
• CVE-2017-0300
  warning
• CVE-2017-8491
  warning
• CVE-2017-8471
  warning
• CVE-2017-8477
  warning
• CVE-2017-8462
  warning
• CVE-2017-0173
  high
• CVE-2017-0294
  critical
• CVE-2017-8472
  warning
• CVE-2017-8482
  warning
• CVE-2017-8492
  warning
• CVE-2017-8490
  warning
• CVE-2017-8483
  warning
• CVE-2017-0283
  critical
• CVE-2017-8484
  warning
• CVE-2017-8481
  warning
• CVE-2017-8468
  critical
• CVE-2017-0282
  warning
• CVE-2017-8469
  high
• CVE-2017-8474
  warning
• CVE-2017-8465
  critical
• CVE-2017-0297
  warning
• CVE-2017-0296
  critical
• CVE-2017-8473
  warning
• CVE-2017-0287
  warning
• CVE-2017-0288
  warning
• CVE-2017-0289
  warning
• CVE-2017-8527
  critical
• CVE-2017-8531
  high
• CVE-2017-8532
  high
• CVE-2017-8533
  high

KB list

• 4022726
• 4022714
• 4022724
• 4022727
• 4022715
• 4025342
• 4025339
• 4034668
• 4034674
• 4034681
• 4034658
• 4034660
• 4022725
• 4022717
• 4022718
• 4034666
• 4034665
• 4034672

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com