Multiple vulnerabilities in Windows Kernel

Описание

Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.

Below is a complete list of vulnerabilities:

1. An improper handling of objects in memory can be exploited locally via a specially designed application to gain privileges;
2. Multiple vulnerabilities related to an improper handling of memory addresses can be exploited locally via a specially designed application to obtain sensitive information;
3. Multiple vulnerabilities related to an incorrect handling of objects in memory done by the Windows kernel-mode driver can be exploited locally via a specially designed application to gain privileges;
4. Multiple vulnerabilities related to an improper initialization of objects in memory can be exploited locally via a specialy designed application to obtain sensitive information;
5. An improper handling of objects in memory related to proper enforcement of VTLs (virtual trust levels) can be exploited locally via a specially designed application to gain privileges.

---

Technical details

Vulnerabilities (2) occur in case the Windows kernel fails to initialize a memory adress in a proper way and can cause security bypass called KASLR (Kernel Address Space Layout Randomization) bypass.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Первичный источник обнаружения

• CVE-2017-8478
  CVE-2017-8479
  CVE-2017-8474
  CVE-2017-8476
  CVE-2017-8477
  CVE-2017-0300
  CVE-2017-8481
  CVE-2017-8480
  CVE-2017-8482
  CVE-2017-8485
  CVE-2017-8484
  CVE-2017-8489
  CVE-2017-0299
  CVE-2017-0297
  CVE-2017-8469
  CVE-2017-8468
  CVE-2017-8465
  CVE-2017-8462
  CVE-2017-8494
  CVE-2017-8492
  CVE-2017-8490
  CVE-2017-8491
  CVE-2017-8479
  CVE-2017-0299
  CVE-2017-8485
  CVE-2017-8478
  CVE-2017-8476
  CVE-2017-8494
  CVE-2017-8480
  CVE-2017-8489
  CVE-2017-0300
  CVE-2017-8491
  CVE-2017-8477
  CVE-2017-8462
  CVE-2017-8482
  CVE-2017-8492
  CVE-2017-8490
  CVE-2017-8484
  CVE-2017-8481
  CVE-2017-8468
  CVE-2017-8469
  CVE-2017-8474
  CVE-2017-8465
  CVE-2017-0297
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2017-8479
  warning
• CVE-2017-0299
  warning
• CVE-2017-8485
  warning
• CVE-2017-8478
  warning
• CVE-2017-8476
  warning
• CVE-2017-8494
  high
• CVE-2017-8480
  warning
• CVE-2017-8489
  warning
• CVE-2017-0300
  warning
• CVE-2017-8491
  warning
• CVE-2017-8477
  warning
• CVE-2017-8462
  warning
• CVE-2017-8482
  warning
• CVE-2017-8492
  warning
• CVE-2017-8490
  warning
• CVE-2017-8484
  warning
• CVE-2017-8481
  warning
• CVE-2017-8468
  high
• CVE-2017-8469
  warning
• CVE-2017-8474
  warning
• CVE-2017-8465
  high
• CVE-2017-0297
  warning

Список KB

• 4022719
• 4022726
• 4022714
• 4022724
• 4022727
• 4022715
• 4022725
• 4022722
• 4022717
• 4022718
• 4022013
• 4022887
• 4034741

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com