KLA11048
Multiple vulnerabilities in Windows Kernel

Updated: 09/26/2023
Detect date
?
06/13/2017
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.

Below is a complete list of vulnerabilities:

  1. An improper handling of objects in memory can be exploited locally via a specially designed application to gain privileges;
  2. Multiple vulnerabilities related to an improper handling of memory addresses can be exploited locally via a specially designed application to obtain sensitive information;
  3. Multiple vulnerabilities related to an incorrect handling of objects in memory done by the Windows kernel-mode driver can be exploited locally via a specially designed application to gain privileges;
  4. Multiple vulnerabilities related to an improper initialization of objects in memory can be exploited locally via a specialy designed application to obtain sensitive information;
  5. An improper handling of objects in memory related to proper enforcement of VTLs (virtual trust levels) can be exploited locally via a specially designed application to gain privileges.

Technical details

Vulnerabilities (2) occur in case the Windows kernel fails to initialize a memory adress in a proper way and can cause security bypass called KASLR (Kernel Address Space Layout Randomization) bypass.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Affected products

Microsoft Windows 7 Service Pack 1
Microsoft Windows RT 8.1
Microsoft Windows 8.1 
Microsoft Windows 10 
Microsoft Windows Server 2008 Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-8478
CVE-2017-8479
CVE-2017-8474
CVE-2017-8476
CVE-2017-8477
CVE-2017-0300
CVE-2017-8481
CVE-2017-8480
CVE-2017-8482
CVE-2017-8485
CVE-2017-8484
CVE-2017-8489
CVE-2017-0299
CVE-2017-0297
CVE-2017-8469
CVE-2017-8468
CVE-2017-8465
CVE-2017-8462
CVE-2017-8494
CVE-2017-8492
CVE-2017-8490
CVE-2017-8491
CVE-2017-8479
CVE-2017-0299
CVE-2017-8485
CVE-2017-8478
CVE-2017-8476
CVE-2017-8494
CVE-2017-8480
CVE-2017-8489
CVE-2017-0300
CVE-2017-8491
CVE-2017-8477
CVE-2017-8462
CVE-2017-8482
CVE-2017-8492
CVE-2017-8490
CVE-2017-8484
CVE-2017-8481
CVE-2017-8468
CVE-2017-8469
CVE-2017-8474
CVE-2017-8465
CVE-2017-0297

Impacts
?
OSI 
[?]

PE 
[?]
Related products
Microsoft Windows Server 2012
Microsoft Windows 7
Microsoft Windows Server 2008
Windows RT
Microsoft Windows 10
CVE-IDS
?
CVE-2017-84791.9Warning
CVE-2017-02991.9Warning
CVE-2017-84851.9Warning
CVE-2017-84781.9Warning
CVE-2017-84761.9Warning
CVE-2017-84946.9High
CVE-2017-84801.9Warning
CVE-2017-84891.9Warning
CVE-2017-03001.9Warning
CVE-2017-84911.9Warning
CVE-2017-84771.9Warning
CVE-2017-84621.9Warning
CVE-2017-84821.9Warning
CVE-2017-84921.9Warning
CVE-2017-84901.9Warning
CVE-2017-84841.9Warning
CVE-2017-84811.9Warning
CVE-2017-84687.2High
CVE-2017-84692.1Warning
CVE-2017-84741.9Warning
CVE-2017-84657.2High
CVE-2017-02971.9Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

4022719
4022726
4022714
4022724
4022727
4022715
4022725
4022722
4022717
4022718
4022013
4022887
4034741

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Find out the statistics of the vulnerabilities spreading in your region