Kaspersky Threats

Дата обнаружения

13/06/2017

Уровень угрозы

Critical

Описание

Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.

Below is a complete list of vulnerabilities:

An improper handling of objects in memory can be exploited locally via a specially designed application to gain privileges;
Multiple vulnerabilities related to an improper handling of memory addresses can be exploited locally via a specially designed application to obtain sensitive information;
Multiple vulnerabilities related to an incorrect handling of objects in memory done by the Windows kernel-mode driver can be exploited locally via a specially designed application to gain privileges;
Multiple vulnerabilities related to an improper initialization of objects in memory can be exploited locally via a specialy designed application to obtain sensitive information;
An improper handling of objects in memory related to proper enforcement of VTLs (virtual trust levels) can be exploited locally via a specially designed application to gain privileges.

Technical details

Vulnerabilities (2) occur in case the Windows kernel fails to initialize a memory adress in a proper way and can cause security bypass called KASLR (Kernel Address Space Layout Randomization) bypass.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Пораженные продукты

Microsoft Windows 7 Service Pack 1
Microsoft Windows RT 8.1
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения