KLA11048
Multiple vulnerabilities in Windows Kernel

Обновлено: 18/06/2020
Дата обнаружения
13/06/2017
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.

Below is a complete list of vulnerabilities:

  1. An improper handling of objects in memory can be exploited locally via a specially designed application to gain privileges;
  2. Multiple vulnerabilities related to an improper handling of memory addresses can be exploited locally via a specially designed application to obtain sensitive information;
  3. Multiple vulnerabilities related to an incorrect handling of objects in memory done by the Windows kernel-mode driver can be exploited locally via a specially designed application to gain privileges;
  4. Multiple vulnerabilities related to an improper initialization of objects in memory can be exploited locally via a specialy designed application to obtain sensitive information;
  5. An improper handling of objects in memory related to proper enforcement of VTLs (virtual trust levels) can be exploited locally via a specially designed application to gain privileges.

Technical details

Vulnerabilities (2) occur in case the Windows kernel fails to initialize a memory adress in a proper way and can cause security bypass called KASLR (Kernel Address Space Layout Randomization) bypass.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Пораженные продукты

Microsoft Windows 7 Service Pack 1
Microsoft Windows RT 8.1
Microsoft Windows 8.1 
Microsoft Windows 10 
Microsoft Windows Server 2008 Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2017-8478
CVE-2017-8479
CVE-2017-8474
CVE-2017-8476
CVE-2017-8477
CVE-2017-0300
CVE-2017-8481
CVE-2017-8480
CVE-2017-8482
CVE-2017-8485
CVE-2017-8484
CVE-2017-8489
CVE-2017-0299
CVE-2017-0297
CVE-2017-8469
CVE-2017-8468
CVE-2017-8465
CVE-2017-8462
CVE-2017-8494
CVE-2017-8492
CVE-2017-8490
CVE-2017-8491
CVE-2017-8479
CVE-2017-0299
CVE-2017-8485
CVE-2017-8478
CVE-2017-8476
CVE-2017-8494
CVE-2017-8480
CVE-2017-8489
CVE-2017-0300
CVE-2017-8491
CVE-2017-8477
CVE-2017-8462
CVE-2017-8482
CVE-2017-8492
CVE-2017-8490
CVE-2017-8484
CVE-2017-8481
CVE-2017-8468
CVE-2017-8469
CVE-2017-8474
CVE-2017-8465
CVE-2017-0297
Оказываемое влияние
?
OSI 
[?]

PE 
[?]
Связанные продукты
Microsoft Windows Server 2012
Microsoft Windows 7
Microsoft Windows Server 2008
Windows RT
Microsoft Windows 10
CVE-IDS
CVE-2017-84791.9Warning
CVE-2017-02991.9Warning
CVE-2017-84851.9Warning
CVE-2017-84781.9Warning
CVE-2017-84761.9Warning
CVE-2017-84946.9High
CVE-2017-84801.9Warning
CVE-2017-84891.9Warning
CVE-2017-03001.9Warning
CVE-2017-84911.9Warning
CVE-2017-84771.9Warning
CVE-2017-84621.9Warning
CVE-2017-84821.9Warning
CVE-2017-84921.9Warning
CVE-2017-84901.9Warning
CVE-2017-84841.9Warning
CVE-2017-84811.9Warning
CVE-2017-84687.2High
CVE-2017-84692.1Warning
CVE-2017-84741.9Warning
CVE-2017-84657.2High
CVE-2017-02971.9Warning