Продукты:
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Уязвимости Угрозы
Главная Уязвимости

Multiple vulnerabilities in Microsoft Windows

Kaspersky ID:
KLA11046
Дата обнаружения:
13/06/2017
Обновлено:
22/07/2020

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in Device Guard Code Integrity Policy can be exploited remotely to bypass security restrictions.
  2. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  3. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  4. A remote code execution vulnerability in Windows Search can be exploited remotely via specially crafted messages to execute arbitrary code.
  5. An information disclosure vulnerability in Windows PDF can be exploited remotely via specially crafted to obtain sensitive information.
  6. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  7. A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to execute arbitrary code.
  8. A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
  9. An information disclosure vulnerability in Windows Uniscribe can be exploited remotely via specially crafted document to obtain sensitive information.
  10. An elevation of privilege vulnerability in Hypervisor Code Integrity can be exploited remotely to gain privileges.
  11. A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
  12. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted cabinet to execute arbitrary code.
  13. An elevation of privilege vulnerability in Windows TDX can be exploited remotely via specially crafted application to gain privileges.
  14. A remote code execution vulnerability in Microsoft Windows can be exploited remotely via specially crafted to execute arbitrary code.
  15. A remote code execution vulnerability in Windows PDF can be exploited remotely via specially crafted to execute arbitrary code.

Первичный источник обнаружения

Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42235

https://www.exploit-db.com/exploits/42212

https://www.exploit-db.com/exploits/42223

https://www.exploit-db.com/exploits/42429

https://www.exploit-db.com/exploits/42382

https://www.exploit-db.com/exploits/42236

https://www.exploit-db.com/exploits/42224

https://www.exploit-db.com/exploits/42225

https://www.exploit-db.com/exploits/42243

https://www.exploit-db.com/exploits/42234

https://www.exploit-db.com/exploits/42237

https://www.exploit-db.com/exploits/42226

https://www.exploit-db.com/exploits/42239

https://www.exploit-db.com/exploits/42241

https://www.exploit-db.com/exploits/42240

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2017-8543
    unknown
  • CVE-2017-0219
    unknown
  • CVE-2017-0284
    unknown
  • CVE-2017-0218
    unknown
  • CVE-2017-0215
    unknown
  • CVE-2017-0193
    unknown
  • CVE-2017-8488
    unknown
  • CVE-2017-8528
    unknown
  • CVE-2017-8460
    unknown
  • CVE-2017-8475
    unknown
  • CVE-2017-8470
    unknown
  • CVE-2017-8466
    unknown
  • CVE-2017-8464
    unknown
  • CVE-2017-0291
    unknown
  • CVE-2017-0216
    unknown
  • CVE-2017-0292
    unknown
  • CVE-2017-0285
    unknown
  • CVE-2017-8471
    unknown
  • CVE-2017-0173
    unknown
  • CVE-2017-0294
    unknown
  • CVE-2017-8472
    unknown
  • CVE-2017-8483
    unknown
  • CVE-2017-0283
    unknown
  • CVE-2017-0282
    unknown
  • CVE-2017-0296
    unknown
  • CVE-2017-8473
    unknown
  • CVE-2017-0287
    unknown
  • CVE-2017-0288
    unknown
  • CVE-2017-0289
    unknown
  • CVE-2017-8527
    unknown
  • CVE-2017-8531
    unknown
  • CVE-2017-8532
    unknown
  • CVE-2017-8533
    unknown

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Related articles
19 April 2024
Securelist
Managed Detection and Response — отчет за 2023 год
18 April 2024
Securelist
Реагирование на инциденты: аналитический отчет за 2023 год
18 April 2024
Securelist
История с бэкдором в XZ — первоначальный анализ
17 April 2024
Securelist
SoumniBot: уникальные техники нового банкера для Android
16 April 2024
Securelist
Билдер LockBit и целевые шифровальщики
20 March 2024
Securelist
Зловреды для Android на любой вкус
Нашли неточность в описании этой уязвимости?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Нашли новую угрозу или уязвимость?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Продукты
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Select language
Sorting
Kaspersky ID
Уязвимость
Detect date
Уровень угрозы
Confirm changes?
Your message has been sent successfully.