Multiple vulnerabilites in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in WPAD can be exploited remotely to gain privileges.
2. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
3. A remote code execution vulnerability in Windows NetLogon Memory Corruption can be exploited remotely via specially crafted to execute arbitrary code.
4. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
5. An elevation of privilege vulnerability in Windows SMB Server can be exploited remotely via specially crafted application to gain privileges.
6. An elevation of privilege vulnerability in Group Policy can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
8. An elevation of privilege vulnerability in OpenType Font Driver can be exploited remotely via specially crafted application to gain privileges.
9. A cross-site scripting (XSS) in Microsoft Internet Explorer can be exploited remotely via specially crafted content to execute arbitrary code.
10. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
11. An elevation of privilege vulnerability in Windows WPAD Proxy Discovery can be exploited remotely to gain privileges.
12. An elevation of privilege vulnerability in NetBIOS can be exploited remotely to gain privileges.

Первичный источник обнаружения

• CVE-2016-3207
  CVE-2016-3206
  CVE-2016-3205
  CVE-2016-3213
  CVE-2016-3212
  CVE-2016-3211
  CVE-2016-0199
  CVE-2016-0200
  CVE-2016-3220
  CVE-2016-3218
  CVE-2016-3216
  CVE-2016-3299
  CVE-2016-3236
  CVE-2016-3228
  CVE-2016-3225
  CVE-2016-3223
  CVE-2016-3221
  CVE-2016-3201
  CVE-2016-3227
  CVE-2016-3215
  CVE-2016-3232
  CVE-2016-3203
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Windows-Server
• Microsoft-Windows-Vista-2
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2016-3207
  unknown
• CVE-2016-3206
  unknown
• CVE-2016-3205
  unknown
• CVE-2016-3215
  unknown
• CVE-2016-3213
  unknown
• CVE-2016-3212
  unknown
• CVE-2016-3211
  unknown
• CVE-2016-3203
  unknown
• CVE-2016-3201
  unknown
• CVE-2016-0199
  unknown
• CVE-2016-0200
  unknown
• CVE-2016-3220
  unknown
• CVE-2016-3218
  unknown
• CVE-2016-3216
  unknown
• CVE-2016-3299
  unknown
• CVE-2016-3236
  unknown
• CVE-2016-3232
  unknown
• CVE-2016-3228
  unknown
• CVE-2016-3227
  unknown
• CVE-2016-3225
  unknown
• CVE-2016-3223
  unknown
• CVE-2016-3221
  unknown

Список KB

• 3162343
• 3161561
• 3159398
• 3161949
• 3161664
• 3164033
• 3164035
• 3164294
• 3157569
• 3161951
• 3160005

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com