Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Print Spooler can be exploited remotely to execute arbitrary code.
2. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely via specially crafted script to gain privileges.
3. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
4. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
5. A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface.
6. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
7. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
8. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
9. A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions.
10. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
11. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.

Первичный источник обнаружения

• CVE-2016-3238
  CVE-2016-3239
  CVE-2016-3248
  CVE-2016-3252
  CVE-2016-3259
  CVE-2016-3286
  CVE-2016-3274
  CVE-2016-3264
  CVE-2016-3249
  CVE-2016-3204
  CVE-2016-3273
  CVE-2016-3245
  CVE-2016-3254
  CVE-2016-3251
  CVE-2016-3241
  CVE-2016-3240
  CVE-2016-3242
  

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Vista-2
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Edge

Список CVE

• CVE-2016-3204
  critical
• CVE-2016-3248
  critical
• CVE-2016-3259
  critical
• CVE-2016-3264
  critical
• CVE-2016-3273
  high
• CVE-2016-3274
  warning
• CVE-2016-3240
  critical
• CVE-2016-3241
  critical
• CVE-2016-3242
  critical
• CVE-2016-3245
  high
• CVE-2016-3238
  critical
• CVE-2016-3239
  critical
• CVE-2016-3249
  high
• CVE-2016-3254
  critical
• CVE-2016-3286
  high
• CVE-2016-3252
  high
• CVE-2016-3251
  warning

Список KB

• 3170455
• 3168965
• 4038779
• 4038777
• 3170106

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com