Kaspersky Threats

Описание

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, cause a denial of service, obtain sensitive information and possibly to write local files.

Below is a complete list of vulnerabilities:

Incorrectly set permissions on folders inside the DEFAULT folder structure can be exploited locally by logging on and tampering wiht the DEFAULT folder contents possible to write local files;
An improper client authentication in Helppane.exe can be exploited locally by using a specially designed application to gain privileges;
An incorrect security feature behaviour while enforcing case sensitivity for certain variable checks can be exploited locally via a specially designed application to bypass security restrictions;
An improper handling of kernel mode requests of some specific types can be exploited via a specially designed request to cause a denial of service;
An improper handling of objects in memory in Windows Search can be exploited via specially designed SMB messages to obtain sensitive information;
An incorrect handling of objects in memory in Windows Kernel can be exploited locally via a specially designed application to obtain sensitive information.

Technical details

Exploiting vulnerability (3) can lead to bypassing UEFI (Unified Extensible Firmware Interface) variable security.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

Первичный источник обнаружения

CVE-2017-0298
CVE-2017-0295
CVE-2017-8493
CVE-2017-8515
CVE-2017-8544
CVE-2017-8554
CVE-2017-8553

Связанные продукты

Список CVE

CVE-2017-0295
warning
CVE-2017-0298
warning
CVE-2017-8493
warning
CVE-2017-8515
warning
CVE-2017-8544
warning
CVE-2017-8553
warning
CVE-2017-8554
warning

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!