Kaspersky Threats

Detect date

?

06/13/2017

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.

Below is a complete list of vulnerabilities:

An improper handling of objects in memory can be exploited locally via a specially designed application to gain privileges;
Multiple vulnerabilities related to an improper handling of memory addresses can be exploited locally via a specially designed application to obtain sensitive information;
Multiple vulnerabilities related to an incorrect handling of objects in memory done by the Windows kernel-mode driver can be exploited locally via a specially designed application to gain privileges;
Multiple vulnerabilities related to an improper initialization of objects in memory can be exploited locally via a specialy designed application to obtain sensitive information;
An improper handling of objects in memory related to proper enforcement of VTLs (virtual trust levels) can be exploited locally via a specially designed application to gain privileges.

Technical details

Vulnerabilities (2) occur in case the Windows kernel fails to initialize a memory adress in a proper way and can cause security bypass called KASLR (Kernel Address Space Layout Randomization) bypass.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Affected products

Microsoft Windows 7 Service Pack 1
Microsoft Windows RT 8.1
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-8478
CVE-2017-8479
CVE-2017-8474
CVE-2017-8476
CVE-2017-8477
CVE-2017-0300
CVE-2017-8481
CVE-2017-8480
CVE-2017-8482
CVE-2017-8485
CVE-2017-8484
CVE-2017-8489
CVE-2017-0299
CVE-2017-0297
CVE-2017-8469
CVE-2017-8468
CVE-2017-8465
CVE-2017-8462
CVE-2017-8494
CVE-2017-8492
CVE-2017-8490
CVE-2017-8491
CVE-2017-8479
CVE-2017-0299
CVE-2017-8485
CVE-2017-8478
CVE-2017-8476
CVE-2017-8494
CVE-2017-8480
CVE-2017-8489
CVE-2017-0300
CVE-2017-8491
CVE-2017-8477
CVE-2017-8462
CVE-2017-8482
CVE-2017-8492
CVE-2017-8490
CVE-2017-8484
CVE-2017-8481
CVE-2017-8468
CVE-2017-8469
CVE-2017-8474
CVE-2017-8465
CVE-2017-0297

Impacts

?

OSI

[?]

PE

[?]

Related products

Microsoft Windows Server 2012
Microsoft Windows 7
Microsoft Windows Server 2008
Windows RT
Microsoft Windows 10

CVE-IDS

?

Microsoft official advisories

Microsoft Security Update Guide

KB list

4022719
4022726
4022714
4022724
4022727
4022715
4022725
4022722
4022717
4022718
4022013
4022887
4034741

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42232

https://www.exploit-db.com/exploits/42219

https://www.exploit-db.com/exploits/42228

https://www.exploit-db.com/exploits/42231

https://www.exploit-db.com/exploits/42229

https://www.exploit-db.com/exploits/42233

https://www.exploit-db.com/exploits/42213

https://www.exploit-db.com/exploits/42244

https://www.exploit-db.com/exploits/42215

https://www.exploit-db.com/exploits/42230

https://www.exploit-db.com/exploits/42218

https://www.exploit-db.com/exploits/42220

https://www.exploit-db.com/exploits/42216

https://www.exploit-db.com/exploits/42214

https://www.exploit-db.com/exploits/42210

https://www.exploit-db.com/exploits/42242

https://www.exploit-db.com/exploits/42217

Find out the statistics of the vulnerabilities spreading in your region

Detect date ?	06/13/2017
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges. Below is a complete list of vulnerabilities: An improper handling of objects in memory can be exploited locally via a specially designed application to gain privileges; Multiple vulnerabilities related to an improper handling of memory addresses can be exploited locally via a specially designed application to obtain sensitive information; Multiple vulnerabilities related to an incorrect handling of objects in memory done by the Windows kernel-mode driver can be exploited locally via a specially designed application to gain privileges; Multiple vulnerabilities related to an improper initialization of objects in memory can be exploited locally via a specialy designed application to obtain sensitive information; An improper handling of objects in memory related to proper enforcement of VTLs (virtual trust levels) can be exploited locally via a specially designed application to gain privileges. Technical details Vulnerabilities (2) occur in case the Windows kernel fails to initialize a memory adress in a proper way and can cause security bypass called KASLR (Kernel Address Space Layout Randomization) bypass. NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.
Affected products	Microsoft Windows 7 Service Pack 1 Microsoft Windows RT 8.1 Microsoft Windows 8.1 Microsoft Windows 10 Microsoft Windows Server 2008 Pack 2 Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2017-8478 CVE-2017-8479 CVE-2017-8474 CVE-2017-8476 CVE-2017-8477 CVE-2017-0300 CVE-2017-8481 CVE-2017-8480 CVE-2017-8482 CVE-2017-8485 CVE-2017-8484 CVE-2017-8489 CVE-2017-0299 CVE-2017-0297 CVE-2017-8469 CVE-2017-8468 CVE-2017-8465 CVE-2017-8462 CVE-2017-8494 CVE-2017-8492 CVE-2017-8490 CVE-2017-8491 CVE-2017-8479 CVE-2017-0299 CVE-2017-8485 CVE-2017-8478 CVE-2017-8476 CVE-2017-8494 CVE-2017-8480 CVE-2017-8489 CVE-2017-0300 CVE-2017-8491 CVE-2017-8477 CVE-2017-8462 CVE-2017-8482 CVE-2017-8492 CVE-2017-8490 CVE-2017-8484 CVE-2017-8481 CVE-2017-8468 CVE-2017-8469 CVE-2017-8474 CVE-2017-8465 CVE-2017-0297
Impacts ?	OSI [?] PE [?]
Related products	Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10
CVE-IDS ?	CVE-2017-84791.9Warning CVE-2017-02991.9Warning CVE-2017-84851.9Warning CVE-2017-84781.9Warning CVE-2017-84761.9Warning CVE-2017-84946.9High CVE-2017-84801.9Warning CVE-2017-84891.9Warning CVE-2017-03001.9Warning CVE-2017-84911.9Warning CVE-2017-84771.9Warning CVE-2017-84621.9Warning CVE-2017-84821.9Warning CVE-2017-84921.9Warning CVE-2017-84901.9Warning CVE-2017-84841.9Warning CVE-2017-84811.9Warning CVE-2017-84687.2High CVE-2017-84692.1Warning CVE-2017-84741.9Warning CVE-2017-84657.2High CVE-2017-02971.9Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	4022719 4022726 4022714 4022724 4022727 4022715 4022725 4022722 4022717 4022718 4022013 4022887 4034741
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/42232 https://www.exploit-db.com/exploits/42219 https://www.exploit-db.com/exploits/42228 https://www.exploit-db.com/exploits/42231 https://www.exploit-db.com/exploits/42229 https://www.exploit-db.com/exploits/42233 https://www.exploit-db.com/exploits/42213 https://www.exploit-db.com/exploits/42244 https://www.exploit-db.com/exploits/42215 https://www.exploit-db.com/exploits/42230 https://www.exploit-db.com/exploits/42218 https://www.exploit-db.com/exploits/42220 https://www.exploit-db.com/exploits/42216 https://www.exploit-db.com/exploits/42214 https://www.exploit-db.com/exploits/42210 https://www.exploit-db.com/exploits/42242 https://www.exploit-db.com/exploits/42217
	Find out the statistics of the vulnerabilities spreading in your region

KLA11048Multiple vulnerabilities in Windows Kernel

KLA11048
Multiple vulnerabilities in Windows Kernel