Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA11046
Detect Date:
06/13/2017
Updated:
09/29/2020

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in Device Guard Code Integrity Policy can be exploited remotely to bypass security restrictions.
  2. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  3. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  4. A remote code execution vulnerability in Windows Search can be exploited remotely via specially crafted messages to execute arbitrary code.
  5. An information disclosure vulnerability in Windows PDF can be exploited remotely via specially crafted to obtain sensitive information.
  6. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  7. A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to execute arbitrary code.
  8. A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
  9. An information disclosure vulnerability in Windows Uniscribe can be exploited remotely via specially crafted document to obtain sensitive information.
  10. An elevation of privilege vulnerability in Hypervisor Code Integrity can be exploited remotely to gain privileges.
  11. A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
  12. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted cabinet to execute arbitrary code.
  13. An elevation of privilege vulnerability in Windows TDX can be exploited remotely via specially crafted application to gain privileges.
  14. A remote code execution vulnerability in Microsoft Windows can be exploited remotely via specially crafted to execute arbitrary code.
  15. A remote code execution vulnerability in Windows PDF can be exploited remotely via specially crafted to execute arbitrary code.

Original advisories

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42235

https://www.exploit-db.com/exploits/42212

https://www.exploit-db.com/exploits/42223

https://www.exploit-db.com/exploits/42429

https://www.exploit-db.com/exploits/42382

https://www.exploit-db.com/exploits/42236

https://www.exploit-db.com/exploits/42224

https://www.exploit-db.com/exploits/42225

https://www.exploit-db.com/exploits/42243

https://www.exploit-db.com/exploits/42234

https://www.exploit-db.com/exploits/42237

https://www.exploit-db.com/exploits/42226

https://www.exploit-db.com/exploits/42239

https://www.exploit-db.com/exploits/42241

https://www.exploit-db.com/exploits/42240

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2017-8543
    critical
  • CVE-2017-0219
    warning
  • CVE-2017-0284
    warning
  • CVE-2017-0218
    warning
  • CVE-2017-0215
    warning
  • CVE-2017-0193
    warning
  • CVE-2017-8488
    unknown
  • CVE-2017-8528
    critical
  • CVE-2017-8460
    warning
  • CVE-2017-8475
    warning
  • CVE-2017-8470
    warning
  • CVE-2017-8466
    high
  • CVE-2017-8464
    critical
  • CVE-2017-0291
    critical
  • CVE-2017-0216
    warning
  • CVE-2017-0292
    critical
  • CVE-2017-0285
    warning
  • CVE-2017-8471
    warning
  • CVE-2017-0173
    warning
  • CVE-2017-0294
    critical
  • CVE-2017-8472
    warning
  • CVE-2017-8483
    unknown
  • CVE-2017-0283
    unknown
  • CVE-2017-0282
    warning
  • CVE-2017-0296
    high
  • CVE-2017-8473
    warning
  • CVE-2017-0287
    warning
  • CVE-2017-0288
    warning
  • CVE-2017-0289
    warning
  • CVE-2017-8527
    critical
  • CVE-2017-8531
    warning
  • CVE-2017-8532
    warning
  • CVE-2017-8533
    warning

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
11 July 2024
Securelist
When spear phishing met mass phishing
09 July 2024
Securelist
Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK
08 July 2024
Securelist
CloudSorcerer – A new APT targeting Russian government entities
25 June 2024
Securelist
Cybersecurity in the SMB space — a growing threat
24 June 2024
Securelist
XZ backdoor: Hook analysis
18 June 2024
Securelist
Analysis of user password strength
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.