KLA10801
Multiple vulnerabilities in Microsoft Windows
Обновлено: 17/06/2019
Дата обнаружения
10/05/2016
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges or bypass security restrictions.

Below is a complete list of vulnerabilities

  1. An improper memory contents disclosure at Windows Graphics Device Interface (GDI) component can be exploited remotely via a specially designed content to obtain sensitive information;
  2. An improper memory objects handling at Windows GDI components can be exploited remotely via a specially designed content to execute arbitrary code;
  3. An improper memory objects handling at Windows Imaging Component can be exploited remotely via a specially designed content to execute arbitrary code;
  4. An unknown vulnerability at Windows Journal can be exploited remotely via a specially crafted Journal file to execute arbitrary code;
  5. An improper memory objects handling at Windows Shell can be exploited remotely via a specially designed content to execute arbitrary code;
  6. An improper input data validating before loading certain libraries can be exploited by logged in user via a specially crafted application to execute arbitrary code;
  7. An improper certain symbolic links parsing at Windows Kernel can be exploited by logged in user via a specially crafted application to elevate privileges;
  8. An improper memory deallocation can be exploited remotely via a specially crafted RPC requests to elevate privileges;
  9. An improper memory objects handling at Windows kernel-mode driver can be exploited by logged in user via a specially crafted application to elevate privileges;
  10. An unknown vulnerability at Windows kernel can be exploited by logged in user via a specially crafted application to bypass security feature;
  11. An improper memory handling at DirectX Graphics kernel subsystem can be exploited locally via a specially crafted application to elevate privileges;
  12. An unknown vulnerability can be exploited locally via a specially crafted application to bypass security feature;
  13. An improper binding of the mounted USB and user session can be exploited remotely to obtain sensitive information from USB disk;
  14. An unspecified vulnerability in Windows Media Center can be exploited remotely via specially crafted file to execute arbitrary code.

Technical details

To workaround vulnerability (1) you can disable metafile processing. For further instructions you can read MS16-055 Microsoft advisory listed below.

Vulnerability (2) related to Direct3D and another unknown component.

To workaround vulnerability (4) do not open Windows Journal (.jnt) files that you receive from untrusted sources, remove the .jnt file type association, remove Windows Journal by disabling the Windows feature that installs it or deny access to Journal.exe. For further instructions you can read MS16-056 Microsoft advisory listed below.

Vulnerability (8) related to Remote Procedure Call (RPC) Network Data Representation (NDR) Engine.

Vulnerability (10) allows malicious user to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass and to retrieve the memory address of a kernel object.

Vulnerability (11) related to dxgkrnl.sys. It caused by improperly handling of memory objects and incorrectly mapping of kernel memory.

Vulnerability (12) allows malicious user to mark certain kernel-mode pages as Read, Write, Execute (RWX) even with Hypervisor Code Integrity (HVCI) enabled.

Vulnerability (13) exists when a USB disk is mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX.

Пораженные продукты

Windows Vista Service Pack 2 
Windows 7 Service Pack 1 
Windows 8.1
Windows RT 8.1
Windows 10
Windows 10 Version 1511
Windows Server 2008 Service Pack 2 
Windows Server 2008 R2 Service Pack 1 
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016 Technical Preview 5
Windows Media Center

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-0185
CVE-2016-0189
CVE-2016-0187
CVE-2016-0181
CVE-2016-0197
CVE-2016-0196
CVE-2016-0195
CVE-2016-0152
CVE-2016-0168
CVE-2016-0176
CVE-2016-0174
CVE-2016-0175
CVE-2016-0180
CVE-2016-0173
CVE-2016-0170
CVE-2016-0171
CVE-2016-0190
CVE-2016-0184
CVE-2016-0169
CVE-2016-0182
CVE-2016-0178
CVE-2016-0179
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Microsoft Windows Vista
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows 10
CVE-IDS
CVE-2016-01859.3Critical
CVE-2016-01897.6Critical
CVE-2016-01877.6Critical
CVE-2016-01812.1Warning
CVE-2016-01977.2High
CVE-2016-01967.2High
CVE-2016-01959.3Critical
CVE-2016-01527.2High
CVE-2016-01684.3Warning
CVE-2016-01767.2High
CVE-2016-01747.2High
CVE-2016-01752.1Warning
CVE-2016-01807.2High
CVE-2016-01737.2High
CVE-2016-01709.3Critical
CVE-2016-01717.2High
CVE-2016-01902.1Warning
CVE-2016-01849.3Critical
CVE-2016-01694.3Warning
CVE-2016-01829.3Critical
CVE-2016-01789.0Critical
CVE-2016-01799.3Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

3156421
3156059
3156016
3153704
3155784
3156387
3156013
3141083
3156019
3155178
3153171
3156017
3153199
3155413
3158991
3150220