Описание
Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges.
Below is a complete list of vulnerabilities:
- An improper check of a buffer length (prior to copying memory to the buffer) can be exploited remotely to gain privileges;
- An incorrect permission enforcement done by Windows Kernel API can be exploited remotely via a specially designed application to gain privileges;
- An improper handling of objects in memory in Windows Transaction Manager can be exploited remotely via a specially designed application to gain privileges;
- An improper handling of registry objects in memory in Windows Kernel API can be exploited remotely via a specially designed application to gain privileges.
Technical details
Vulnerability (1) can be exploited only is malicious user has an access to the target system and have proper permissions to copy a file to a shared drive or folder.
Первичный источник обнаружения
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows-Vista-2
- Microsoft-Windows-Server-2012
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
Список CVE
- CVE-2017-0102 critical
- CVE-2017-0103 high
- CVE-2017-0101 critical
- CVE-2017-0050 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!