Kaspersky Threats

Detect date

?

11/08/2016

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
A remote code execution vulnerability in Windows can be exploited remotely to execute arbitrary code.
An information disclosure vulnerability in Open Type Font can be exploited remotely via specially crafted to obtain sensitive information.
An information disclosure vulnerability in Windows Bowser.sys can be exploited remotely via specially crafted application to obtain sensitive information.
An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
A remote code execution vulnerability in Microsoft Video Control can be exploited remotely via specially crafted file to execute arbitrary code.
An information disclosure vulnerability in Microsoft Browser can be exploited remotely to obtain sensitive information.
A memory corruption vulnerability in Windows Animation Manager can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows IME can be exploited remotely via specially crafted application to gain privileges.
An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
An elevation of privilege vulnerability in Windows NTLM can be exploited remotely via specially crafted application to gain privileges.
An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted application to obtain sensitive information.
A denial of service vulnerability in Local Security Authority Subsystem Service can be exploited remotely via specially crafted request to cause denial of service.
A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/40793

https://www.exploit-db.com/exploits/40786

https://www.exploit-db.com/exploits/41015

https://www.exploit-db.com/exploits/40745

https://www.exploit-db.com/exploits/40823

https://www.exploit-db.com/exploits/40744

https://www.exploit-db.com/exploits/40766

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1511 for 32-bit Systems
Windows Vista Service Pack 2
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1511 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2012
Windows RT 8.1
Windows 10 Version 1607 for x64-based Systems
Windows 10 for 32-bit Systems
Internet Explorer 9
Windows Server 2012 (Server Core installation)
Windows Server 2016
Microsoft Windows Hyperlink Object Library
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2012 R2
Windows Server 2016 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Internet Explorer 10
Internet Explorer 11
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 8.1 for x64-based systems
Microsoft Edge (EdgeHTML-based)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-7216
CVE-2016-7214
CVE-2016-7215
CVE-2016-7212
CVE-2016-7210
CVE-2016-7218
CVE-2016-3340
CVE-2016-3342
CVE-2016-3343
CVE-2016-7195
CVE-2016-7248
CVE-2016-7199
CVE-2016-7198
CVE-2016-7246
CVE-2016-7205
CVE-2016-7221
CVE-2016-7227
CVE-2016-7202
CVE-2016-3333
CVE-2016-3332
CVE-2016-3335
CVE-2016-3334
CVE-2016-3338
CVE-2016-0026
CVE-2016-7184
CVE-2016-7238
CVE-2016-7239
CVE-2016-7237
CVE-2016-7256
CVE-2016-7255

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

PE

[?]

Detect date ?	11/08/2016
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges. A remote code execution vulnerability in Windows can be exploited remotely to execute arbitrary code. An information disclosure vulnerability in Open Type Font can be exploited remotely via specially crafted to obtain sensitive information. An information disclosure vulnerability in Windows Bowser.sys can be exploited remotely via specially crafted application to obtain sensitive information. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code. A remote code execution vulnerability in Microsoft Video Control can be exploited remotely via specially crafted file to execute arbitrary code. An information disclosure vulnerability in Microsoft Browser can be exploited remotely to obtain sensitive information. A memory corruption vulnerability in Windows Animation Manager can be exploited remotely to execute arbitrary code. An elevation of privilege vulnerability in Windows IME can be exploited remotely via specially crafted application to gain privileges. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. An elevation of privilege vulnerability in Windows NTLM can be exploited remotely via specially crafted application to gain privileges. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted application to obtain sensitive information. A denial of service vulnerability in Local Security Authority Subsystem Service can be exploited remotely via specially crafted request to cause denial of service. A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40793 https://www.exploit-db.com/exploits/40786 https://www.exploit-db.com/exploits/41015 https://www.exploit-db.com/exploits/40745 https://www.exploit-db.com/exploits/40823 https://www.exploit-db.com/exploits/40744 https://www.exploit-db.com/exploits/40766 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Windows 7 for 32-bit Systems Service Pack 1 Windows 10 Version 1511 for 32-bit Systems Windows Vista Service Pack 2 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows 10 Version 1511 for x64-based Systems Windows 8.1 for 32-bit systems Windows Server 2012 Windows RT 8.1 Windows 10 Version 1607 for x64-based Systems Windows 10 for 32-bit Systems Internet Explorer 9 Windows Server 2012 (Server Core installation) Windows Server 2016 Microsoft Windows Hyperlink Object Library Windows 10 Version 1607 for 32-bit Systems Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows 10 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Internet Explorer 10 Internet Explorer 11 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows 8.1 for x64-based systems Microsoft Edge (EdgeHTML-based)
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-7216 CVE-2016-7214 CVE-2016-7215 CVE-2016-7212 CVE-2016-7210 CVE-2016-7218 CVE-2016-3340 CVE-2016-3342 CVE-2016-3343 CVE-2016-7195 CVE-2016-7248 CVE-2016-7199 CVE-2016-7198 CVE-2016-7246 CVE-2016-7205 CVE-2016-7221 CVE-2016-7227 CVE-2016-7202 CVE-2016-3333 CVE-2016-3332 CVE-2016-3335 CVE-2016-3334 CVE-2016-3338 CVE-2016-0026 CVE-2016-7184 CVE-2016-7238 CVE-2016-7239 CVE-2016-7237 CVE-2016-7256 CVE-2016-7255
Impacts ?	ACE [?] OSI [?] DoS [?] PE [?]
Related products	Microsoft Internet Explorer Microsoft Windows Microsoft Windows Server Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10 Microsoft Edge
CVE-IDS ?	CVE-2016-72392.6Warning CVE-2016-72272.6Warning CVE-2016-71957.6Critical CVE-2016-71987.6Critical CVE-2016-71992.6Warning CVE-2016-72027.6Critical CVE-2016-72569.3Critical CVE-2016-72557.2High CVE-2016-72489.3Critical CVE-2016-72467.2High CVE-2016-72387.2High CVE-2016-72376.8High CVE-2016-00269.3Critical CVE-2016-33329.3Critical CVE-2016-33339.3Critical CVE-2016-33349.3Critical CVE-2016-33359.3Critical CVE-2016-33389.3Critical CVE-2016-33409.3Critical CVE-2016-33429.3Critical CVE-2016-33439.3Critical CVE-2016-71849.3Critical CVE-2016-72059.3Critical CVE-2016-72104.3Warning CVE-2016-72129.3Critical CVE-2016-72142.1Warning CVE-2016-72157.2High CVE-2016-72162.1Warning CVE-2016-72181.9Warning CVE-2016-72217.2High
KB list	3181707 3193418 3194371 3196718 3197867 3197868 3198234 3198483 3198510 3203859 3197655 3203621
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11832Multiple vulnerabilities in Microsoft Products (ESU)

KLA11832
Multiple vulnerabilities in Microsoft Products (ESU)