9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
9.3 High
AI Score
Confidence
High
0.974 High
EPSS
Percentile
99.9%
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service.
Below is a complete list of vulnerabilities:
Technical details
Vulnerability (2) is related to the implementations of the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client.
Vulnerability (3) can be exploited by an attacker who has an access to the local system and has an ability to run a malicious application.
Vulnerability (5) can be exploited in case a DCOM object in Helppane.exe is configured to run as the interactive user.
Vulnerability (6) occurs when iSNS Server service fails to validate input from the client in a proper way.
This vulnerability can be exploited by the following malware:
https://threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/
https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/
Public exploits exist for this vulnerability.
CVE-2017-0051 high
CVE-2017-0021 critical
CVE-2017-0095 critical
CVE-2017-0096 warning
CVE-2017-0097 high
CVE-2017-0098 high
CVE-2017-0099 high
CVE-2017-0109 critical
CVE-2017-0074 high
CVE-2017-0075 critical
CVE-2017-0076 high
CVE-2017-0055 high
CVE-2017-0102 critical
CVE-2017-0103 high
CVE-2017-0101 critical
CVE-2017-0050 critical
CVE-2017-0056 critical
CVE-2017-0024 critical
CVE-2017-0026 critical
CVE-2017-0078 critical
CVE-2017-0079 critical
CVE-2017-0080 critical
CVE-2017-0081 critical
CVE-2017-0082 critical
CVE-2017-0043 high
CVE-2017-0045 high
CVE-2017-0022 warning
CVE-2017-0143 critical
CVE-2017-0144 critical
CVE-2017-0145 critical
CVE-2017-0146 critical
CVE-2017-0147 high
CVE-2017-0148 critical
CVE-2017-0014 critical
CVE-2017-0060 high
CVE-2017-0061 high
CVE-2017-0062 warning
CVE-2017-0063 high
CVE-2017-0025 critical
CVE-2017-0073 warning
CVE-2017-0108 critical
CVE-2017-0038 high
CVE-2017-0001 critical
CVE-2017-0005 high
CVE-2017-0047 critical
CVE-2017-0072 critical
CVE-2017-0083 critical
CVE-2017-0084 critical
CVE-2017-0085 warning
CVE-2017-0086 critical
CVE-2017-0087 critical
CVE-2017-0088 critical
CVE-2017-0089 critical
CVE-2017-0090 critical
CVE-2017-0091 warning
CVE-2017-0092 warning
CVE-2017-0111 warning
CVE-2017-0112 warning
CVE-2017-0113 warning
CVE-2017-0114 warning
CVE-2017-0115 warning
CVE-2017-0116 warning
CVE-2017-0117 warning
CVE-2017-0118 warning
CVE-2017-0119 warning
CVE-2017-0120 warning
CVE-2017-0121 warning
CVE-2017-0122 warning
CVE-2017-0123 warning
CVE-2017-0124 warning
CVE-2017-0125 warning
CVE-2017-0126 warning
CVE-2017-0127 warning
CVE-2017-0128 warning
CVE-2017-0130 critical
CVE-2017-0008 warning
CVE-2017-0057 warning
CVE-2017-0100 critical
CVE-2017-0104 critical
CVE-2017-0007 high
CVE-2017-0016 high
CVE-2017-0039 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/3205715
support.microsoft.com/kb/3211306
support.microsoft.com/kb/3217587
support.microsoft.com/kb/3217882
support.microsoft.com/kb/3218362
support.microsoft.com/kb/4011981
support.microsoft.com/kb/4012021
support.microsoft.com/kb/4012212
support.microsoft.com/kb/4012213
support.microsoft.com/kb/4012214
support.microsoft.com/kb/4012215
support.microsoft.com/kb/4012216
support.microsoft.com/kb/4012217
support.microsoft.com/kb/4012373
support.microsoft.com/kb/4012497
support.microsoft.com/kb/4012583
support.microsoft.com/kb/4012584
support.microsoft.com/kb/4012598
support.microsoft.com/kb/4012606
support.microsoft.com/kb/4013198
support.microsoft.com/kb/4013429
support.microsoft.com/kb/4017018
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0001
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0005
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0024
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0025
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0043
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0047
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0051
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0055
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0057
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0062
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0074
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0079
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0085
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0086
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0087
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0091
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0095
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0099
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0100
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0102
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0104
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0109
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0112
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0113
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0114
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0115
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0119
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0120
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0122
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0125
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0126
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0127
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0128
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0146
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0148
statistics.securelist.com/
technet.microsoft.com/library/security/MS17-012
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Windows-RT/
threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/
threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
9.3 High
AI Score
Confidence
High
0.974 High
EPSS
Percentile
99.9%