Kaspersky Threats

Дата обнаружения

11/10/2016

Уровень угрозы

Critical

Описание

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

An improper memory objects handling at Microsoft Video Control can be exploited remotely via a specially designed file or application to execute arbitrary code;
An improper memory objects handling at kernel-mode driver ca be exploited by logged in attacker via a specially designed application to gain privileges;
An improper memory objects handling at Windows Transaction Manager can be exploited by logged in attacker via a specially designed application to gain privileges;
Lack of registry access restrictions at Windows Kernel API can be exploited by logged in attacker via a specially designed application to obtain sensitive information;
Lack of input sanitization at Windows Diagnostics Hub Standard Collector Service can be exploited by logged in attacker to gain privileges;
An improper memory objects handling at Internet Messaging API can be exploited remotely via a specially designed content to obtain sensitive information.

Пораженные продукты

Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows 10 1511, 1607

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения