Kaspersky Threats

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Windows Graphics Component can be exploited remotely via specially crafted website to execute arbitrary code.
A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to execute arbitrary code.
An elevation of privilege vulnerability in Windows COM Session can be exploited remotely via specially crafted application to gain privileges.
An elevation of privilege vulnerability in Windows Transaction Manager can be exploited remotely via specially crafted application to gain privileges.
An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code.
A memory corruption vulnerability in iSNS Server can be exploited remotely via specially crafted application to execute arbitrary code.
An information disclosure vulnerability in Microsoft XML Core Services can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.
An information disclosure vulnerability in Windows Uniscribe can be exploited remotely via specially crafted document to obtain sensitive information.
An information disclosure vulnerability in Windows SMB can be exploited remotely via specially crafted packet to obtain sensitive information.
An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
An information disclosure vulnerability in The Color Management Module (ICM32.dll) can be exploited remotely via specially crafted webpage to obtain sensitive information.
An information disclosure vulnerability in Windows Active Directory Federation Services can be exploited remotely via specially crafted request to obtain sensitive information.
An information disclosure vulnerability in Windows DirectShow can be exploited remotely via specially crafted content to obtain sensitive information.
A information disclosure vulnerability in Windows DVD Maker can be exploited remotely via specially crafted to obtain sensitive information.
A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
A denial of service vulnerability in Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
A remote code execution vulnerability in Windows DLL Loading can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Registry can be exploited remotely via specially crafted application to gain privileges.
An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
An elevation of privilege vulnerability in Microsoft IIS Server XSS can be exploited remotely via specially crafted request to gain privileges.
An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to obtain sensitive information.

Original advisories

CVE-2017-0042
CVE-2017-0096
CVE-2017-0097
CVE-2017-0099
CVE-2017-0109
CVE-2017-0075
CVE-2017-0076
CVE-2017-0055
CVE-2017-0102
CVE-2017-0103
CVE-2017-0101
CVE-2017-0050
CVE-2017-0056
CVE-2017-0043
CVE-2017-0045
CVE-2017-0022
CVE-2017-0143
CVE-2017-0144
CVE-2017-0145
CVE-2017-0146
CVE-2017-0147
CVE-2017-0148
CVE-2017-0014
CVE-2017-0060
CVE-2017-0061
CVE-2017-0062
CVE-2017-0063
CVE-2017-0025
CVE-2017-0073
CVE-2017-0108
CVE-2017-0038
CVE-2017-0001
CVE-2017-0005
CVE-2017-0047
CVE-2017-0072
CVE-2017-0083
CVE-2017-0084
CVE-2017-0085
CVE-2017-0086
CVE-2017-0087
CVE-2017-0088
CVE-2017-0089
CVE-2017-0090
CVE-2017-0091
CVE-2017-0092
CVE-2017-0111
CVE-2017-0112
CVE-2017-0113
CVE-2017-0114
CVE-2017-0115
CVE-2017-0116
CVE-2017-0117
CVE-2017-0118
CVE-2017-0119
CVE-2017-0120
CVE-2017-0121
CVE-2017-0122
CVE-2017-0123
CVE-2017-0124
CVE-2017-0125
CVE-2017-0126
CVE-2017-0127
CVE-2017-0128
CVE-2017-0009
CVE-2017-0059
CVE-2017-0130
CVE-2017-0149
CVE-2017-0008
CVE-2017-0040
CVE-2017-0100
CVE-2017-0104
CVE-2017-0039
CVE-2017-0023
CVE-2017-0057
CVE-2017-0079
CVE-2017-0074
CVE-2017-0016
CVE-2017-0078
CVE-2017-0081

Exploitation

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/

https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/

Public exploits exist for this vulnerability.

CVE list

CVE-2017-0042
warning
CVE-2017-0096
warning
CVE-2017-0097
high
CVE-2017-0099
high
CVE-2017-0109
critical
CVE-2017-0074
high
CVE-2017-0075
critical
CVE-2017-0076
high
CVE-2017-0055
high
CVE-2017-0102
critical
CVE-2017-0103
high
CVE-2017-0101
critical
CVE-2017-0050
critical
CVE-2017-0056
critical
CVE-2017-0078
critical
CVE-2017-0079
critical
CVE-2017-0081
critical
CVE-2017-0043
high
CVE-2017-0045
high
CVE-2017-0022
high
CVE-2017-0143
critical
CVE-2017-0144
critical
CVE-2017-0145
critical
CVE-2017-0146
critical
CVE-2017-0147
critical
CVE-2017-0148
critical
CVE-2017-0014
critical
CVE-2017-0060
high
CVE-2017-0061
high
CVE-2017-0062
warning
CVE-2017-0063
high
CVE-2017-0025
critical
CVE-2017-0073
warning
CVE-2017-0108
critical
CVE-2017-0038
high
CVE-2017-0001
critical
CVE-2017-0005
critical
CVE-2017-0047
critical
CVE-2017-0072
critical
CVE-2017-0083
critical
CVE-2017-0084
critical
CVE-2017-0085
warning
CVE-2017-0086
critical
CVE-2017-0087
critical
CVE-2017-0088
critical
CVE-2017-0089
critical
CVE-2017-0090
critical
CVE-2017-0091
warning
CVE-2017-0092
warning
CVE-2017-0111
warning
CVE-2017-0112
warning
CVE-2017-0113
warning
CVE-2017-0114
warning
CVE-2017-0115
warning
CVE-2017-0116
warning
CVE-2017-0117
warning
CVE-2017-0118
warning
CVE-2017-0119
warning
CVE-2017-0120
warning
CVE-2017-0121
warning
CVE-2017-0122
warning
CVE-2017-0123
warning
CVE-2017-0124
warning
CVE-2017-0125
warning
CVE-2017-0126
warning
CVE-2017-0127
warning
CVE-2017-0128
warning
CVE-2017-0009
warning
CVE-2017-0023
critical
CVE-2017-0059
warning
CVE-2017-0130
critical
CVE-2017-0149
critical
CVE-2017-0008
warning
CVE-2017-0040
critical
CVE-2017-0057
warning
CVE-2017-0100
critical
CVE-2017-0104
critical
CVE-2017-0016
high
CVE-2017-0039
critical

KB list

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Multiple vulnerabilities in Microsoft Products (ESU)