Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
2. A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
3. An information disclosure vulnerability in Windows Search can be exploited remotely via specially crafted to obtain sensitive information.
4. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
5. A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to execute arbitrary code.
6. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
7. An information disclosure vulnerability in Windows Uniscribe can be exploited remotely via specially crafted document to obtain sensitive information.
8. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
9. An elevation of privilege vulnerability in Hypervisor Code Integrity can be exploited remotely to gain privileges.
10. An elevation of privilege vulnerability in Windows COM Session can be exploited remotely via specially crafted application to obtain sensitive information.
11. A remote code execution vulnerability in Windows Search can be exploited remotely via specially crafted messages to execute arbitrary code.
12. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted cabinet to execute arbitrary code.
13. An elevation of privilege vulnerability in Windows TDX can be exploited remotely via specially crafted application to gain privileges.
14. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
15. A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
16. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
17. A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted to execute arbitrary code.

Первичный источник обнаружения

• CVE-2017-8485
  CVE-2017-8484
  CVE-2017-8481
  CVE-2017-8480
  CVE-2017-8469
  CVE-2017-8482
  CVE-2017-8464
  CVE-2017-8544
  CVE-2017-8462
  CVE-2017-0289
  CVE-2017-0288
  CVE-2017-8528
  CVE-2017-8529
  CVE-2017-0283
  CVE-2017-0282
  CVE-2017-0287
  CVE-2017-0286
  CVE-2017-0285
  CVE-2017-0284
  CVE-2017-8483
  CVE-2017-8517
  CVE-2017-0193
  CVE-2017-8471
  CVE-2017-0298
  CVE-2017-8478
  CVE-2017-8479
  CVE-2017-8543
  CVE-2017-8492
  CVE-2017-8490
  CVE-2017-8491
  CVE-2017-8470
  CVE-2017-8489
  CVE-2017-8472
  CVE-2017-8473
  CVE-2017-8553
  CVE-2017-8475
  CVE-2017-8476
  CVE-2017-8488
  CVE-2017-0294
  CVE-2017-0296
  CVE-2017-0297
  CVE-2017-8534
  CVE-2017-8477
  CVE-2017-8531
  CVE-2017-0299
  CVE-2017-8533
  CVE-2017-8532
  CVE-2017-8527
  CVE-2017-8519
  CVE-2017-0260
  CVE-2017-0300
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Silverlight
• Microsoft-Lync
• Microsoft-Office
• Microsoft-Lync-2010-Attendee
• Microsoft-Word
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Edge

Список CVE

• CVE-2017-8543
  critical
• CVE-2017-0284
  warning
• CVE-2017-8479
  warning
• CVE-2017-0299
  warning
• CVE-2017-8485
  warning
• CVE-2017-0193
  critical
• CVE-2017-8478
  warning
• CVE-2017-8488
  warning
• CVE-2017-8528
  critical
• CVE-2017-8475
  warning
• CVE-2017-8476
  warning
• CVE-2017-8470
  warning
• CVE-2017-8464
  critical
• CVE-2017-8480
  warning
• CVE-2017-8489
  warning
• CVE-2017-0285
  warning
• CVE-2017-0300
  warning
• CVE-2017-8534
  high
• CVE-2017-8491
  warning
• CVE-2017-8471
  warning
• CVE-2017-8477
  warning
• CVE-2017-8462
  warning
• CVE-2017-0294
  critical
• CVE-2017-8472
  warning
• CVE-2017-8482
  warning
• CVE-2017-8492
  warning
• CVE-2017-8490
  warning
• CVE-2017-8483
  warning
• CVE-2017-0283
  critical
• CVE-2017-8484
  warning
• CVE-2017-8481
  warning
• CVE-2017-0282
  warning
• CVE-2017-0260
  critical
• CVE-2017-8469
  high
• CVE-2017-0297
  warning
• CVE-2017-0296
  critical
• CVE-2017-8473
  warning
• CVE-2017-8517
  critical
• CVE-2017-8519
  critical
• CVE-2017-8529
  high
• CVE-2017-0286
  warning
• CVE-2017-0287
  warning
• CVE-2017-0288
  warning
• CVE-2017-0289
  warning
• CVE-2017-8527
  critical
• CVE-2017-8531
  high
• CVE-2017-8532
  high
• CVE-2017-8533
  high
• CVE-2017-0298
  high
• CVE-2017-8544
  high
• CVE-2017-8553
  warning

Список KB

• 4022719
• 4021558
• 4022722
• 4024402
• 4022008
• 4021903
• 4021923
• 4022013
• 4022010
• 4018106
• 4022887
• 4022884
• 4022883
• 3217845
• 4034679
• 4034664
• 4034741
• 4036586
• 4503292
• 4503269

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com