Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
2. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted embedded to execute arbitrary code.
3. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
4. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
5. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
6. An implementation vulnerability in Security Account Manager can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Secondary Logon can be exploited remotely via specially crafted application to gain privileges.
8. A denial of service vulnerability in HTTP.sys can be exploited remotely via specially crafted to cause denial of service.
9. A security feature bypass vulnerability in Windows CSRSS can be exploited remotely via specially crafted application to bypass security restrictions.
10. A remote code execution vulnerability in Windows OLE can be exploited remotely via specially crafted file to execute arbitrary code.

Первичный источник обнаружения

• CVE-2016-0143
  CVE-2016-0145
  CVE-2016-0165
  CVE-2016-0167
  CVE-2016-0088
  CVE-2016-0089
  CVE-2016-0090
  CVE-2016-0128
  CVE-2016-0135
  CVE-2016-0150
  CVE-2016-0151
  CVE-2016-0153
  

Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/39712

https://www.exploit-db.com/exploits/39743

https://www.exploit-db.com/exploits/44480

https://www.exploit-db.com/exploits/39740

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Vista-2
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2016-0143
  unknown
• CVE-2016-0145
  unknown
• CVE-2016-0165
  unknown
• CVE-2016-0167
  unknown
• CVE-2016-0088
  unknown
• CVE-2016-0089
  unknown
• CVE-2016-0090
  unknown
• CVE-2016-0128
  unknown
• CVE-2016-0135
  unknown
• CVE-2016-0150
  unknown
• CVE-2016-0151
  unknown
• CVE-2016-0153
  unknown

Список KB

• 3149090
• 3147461
• 3135456
• 3146723
• 3147458
• 3146706
• 3145739
• 4038788
• 4093112

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com