Дата обнаружения
|
13/06/2017 |
Уровень угрозы
|
Critical |
Описание
|
Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges. Below is a complete list of vulnerabilities:
Technical details Vulnerabilities (2) occur in case the Windows kernel fails to initialize a memory adress in a proper way and can cause security bypass called KASLR (Kernel Address Space Layout Randomization) bypass. NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative. |
Пораженные продукты
|
Microsoft Windows 7 Service Pack 1 |
Решение
|
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) |
Первичный источник обнаружения
|
CVE-2017-8478 CVE-2017-8479 CVE-2017-8474 CVE-2017-8476 CVE-2017-8477 CVE-2017-0300 CVE-2017-8481 CVE-2017-8480 CVE-2017-8482 CVE-2017-8485 CVE-2017-8484 CVE-2017-8489 CVE-2017-0299 CVE-2017-0297 CVE-2017-8469 CVE-2017-8468 CVE-2017-8465 CVE-2017-8462 CVE-2017-8494 CVE-2017-8492 CVE-2017-8490 CVE-2017-8491 CVE-2017-8479 CVE-2017-0299 CVE-2017-8485 CVE-2017-8478 CVE-2017-8476 CVE-2017-8494 CVE-2017-8480 CVE-2017-8489 CVE-2017-0300 CVE-2017-8491 CVE-2017-8477 CVE-2017-8462 CVE-2017-8482 CVE-2017-8492 CVE-2017-8490 CVE-2017-8484 CVE-2017-8481 CVE-2017-8468 CVE-2017-8469 CVE-2017-8474 CVE-2017-8465 CVE-2017-0297 |
Оказываемое влияние
?
|
ACE
[?]
OSI
[?]
DoS
[?]
PE
[?]
|
Связанные продукты
|
Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10 |
CVE-IDS
|
CVE-2017-84790.0Unknown
CVE-2017-02990.0Unknown CVE-2017-84850.0Unknown CVE-2017-84780.0Unknown CVE-2017-84760.0Unknown CVE-2017-84940.0Unknown CVE-2017-84800.0Unknown CVE-2017-84890.0Unknown CVE-2017-03000.0Unknown CVE-2017-84910.0Unknown CVE-2017-84770.0Unknown CVE-2017-84620.0Unknown CVE-2017-84820.0Unknown CVE-2017-84920.0Unknown CVE-2017-84900.0Unknown CVE-2017-84840.0Unknown CVE-2017-84810.0Unknown CVE-2017-84680.0Unknown CVE-2017-84690.0Unknown CVE-2017-84740.0Unknown CVE-2017-84650.0Unknown CVE-2017-02970.0Unknown |
Microsoft official advisories
|
Microsoft Security Update Guide |
KB list
|
4022719 |
Эксплуатация
|
The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/42232 https://www.exploit-db.com/exploits/42219 https://www.exploit-db.com/exploits/42228 https://www.exploit-db.com/exploits/42231 https://www.exploit-db.com/exploits/42229 https://www.exploit-db.com/exploits/42233 https://www.exploit-db.com/exploits/42213 https://www.exploit-db.com/exploits/42244 https://www.exploit-db.com/exploits/42215 https://www.exploit-db.com/exploits/42230 https://www.exploit-db.com/exploits/42218 https://www.exploit-db.com/exploits/42220 https://www.exploit-db.com/exploits/42216 https://www.exploit-db.com/exploits/42214 https://www.exploit-db.com/exploits/42210 |