Multiple vulnerabilities in Windows Kernel

Description

Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.

Below is a complete list of vulnerabilities:

1. An improper handling of objects in memory can be exploited locally via a specially designed application to gain privileges;
2. Multiple vulnerabilities related to an improper handling of memory addresses can be exploited locally via a specially designed application to obtain sensitive information;
3. Multiple vulnerabilities related to an incorrect handling of objects in memory done by the Windows kernel-mode driver can be exploited locally via a specially designed application to gain privileges;
4. Multiple vulnerabilities related to an improper initialization of objects in memory can be exploited locally via a specialy designed application to obtain sensitive information;
5. An improper handling of objects in memory related to proper enforcement of VTLs (virtual trust levels) can be exploited locally via a specially designed application to gain privileges.

---

Technical details

Vulnerabilities (2) occur in case the Windows kernel fails to initialize a memory adress in a proper way and can cause security bypass called KASLR (Kernel Address Space Layout Randomization) bypass.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Original advisories

• CVE-2017-8478

• CVE-2017-8479
• CVE-2017-8474
• CVE-2017-8476
• CVE-2017-8477
• CVE-2017-0300
• CVE-2017-8481
• CVE-2017-8480
• CVE-2017-8482
• CVE-2017-8485
• CVE-2017-8484
• CVE-2017-8489
• CVE-2017-0299
• CVE-2017-0297
• CVE-2017-8469
• CVE-2017-8468
• CVE-2017-8465
• CVE-2017-8462
• CVE-2017-8494
• CVE-2017-8492
• CVE-2017-8490
• CVE-2017-8491
• CVE-2017-8479
• CVE-2017-0299
• CVE-2017-8485
• CVE-2017-8478
• CVE-2017-8476
• CVE-2017-8494
• CVE-2017-8480
• CVE-2017-8489
• CVE-2017-0300
• CVE-2017-8491
• CVE-2017-8477
• CVE-2017-8462
• CVE-2017-8482
• CVE-2017-8492
• CVE-2017-8490
• CVE-2017-8484
• CVE-2017-8481
• CVE-2017-8468
• CVE-2017-8469
• CVE-2017-8474
• CVE-2017-8465
• CVE-2017-0297

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

CVE list

• CVE-2017-8479
  warning
• CVE-2017-0299
  warning
• CVE-2017-8485
  warning
• CVE-2017-8478
  warning
• CVE-2017-8476
  warning
• CVE-2017-8494
  high
• CVE-2017-8480
  warning
• CVE-2017-8489
  warning
• CVE-2017-0300
  warning
• CVE-2017-8491
  warning
• CVE-2017-8477
  warning
• CVE-2017-8462
  warning
• CVE-2017-8482
  warning
• CVE-2017-8492
  warning
• CVE-2017-8490
  warning
• CVE-2017-8484
  warning
• CVE-2017-8481
  warning
• CVE-2017-8468
  high
• CVE-2017-8469
  warning
• CVE-2017-8474
  warning
• CVE-2017-8465
  high
• CVE-2017-0297
  warning

KB list

• 4022719
• 4022726
• 4022714
• 4022724
• 4022727
• 4022715
• 4022725
• 4022722
• 4022717
• 4022718
• 4022013
• 4022887
• 4034741

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com