ID CVE-2017-0109 Type cve Reporter cve@mitre.org Modified 2017-07-17T13:18:00
Description
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075.
{"id": "CVE-2017-0109", "bulletinFamily": "NVD", "title": "CVE-2017-0109", "description": "Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka \"Hyper-V Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0075.", "published": "2017-03-17T00:59:00", "modified": "2017-07-17T13:18:00", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0109", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/96644", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0109", "http://www.securitytracker.com/id/1037999"], "cvelist": ["CVE-2017-0109"], "type": "cve", "lastseen": "2020-10-03T13:07:29", "edition": 3, "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-96644"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0109"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810624"]}, {"type": "kaspersky", "idList": ["KLA10979", "KLA11902", "KLA10975"]}, {"type": "mskb", "idList": ["KB4013082"]}, {"type": "nessus", "idList": ["SMB_NT_MS17-008.NASL"]}], "modified": "2020-10-03T13:07:29", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2020-10-03T13:07:29", "rev": 2}, "vulnersScore": 7.5}, "cpe": ["cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_vista:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "affectedSoftware": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1607"}, {"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "r2"}, {"cpeName": "microsoft:windows_7", "name": "microsoft windows 7", "operator": "eq", "version": "*"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "*"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "r2"}, {"cpeName": "microsoft:windows_vista", "name": "microsoft windows vista", "operator": "eq", "version": "*"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "*"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1511"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 6.0}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"], "cwe": ["CWE-20"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"symantec": [{"lastseen": "2018-03-14T22:40:52", "bulletinFamily": "software", "cvelist": ["CVE-2017-0109"], "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial of service condition.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 for x64-based Systems \n * Microsoft Windows Vista x64 Edition Service Pack 2 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-03-14T00:00:00", "published": "2017-03-14T00:00:00", "id": "SMNTC-96644", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/96644", "type": "symantec", "title": "Microsoft Windows Hyper-V CVE-2017-0109 Remote Code Execution Vulnerability", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mscve": [{"lastseen": "2020-08-07T11:48:20", "bulletinFamily": "microsoft", "cvelist": ["CVE-2017-0109"], "description": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.\n\nAn attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.\n\nThe security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.\n\nThe following [mitigating factors](<https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation>) may be helpful in your situation: Customers who have not enabled the Hyper-V role are not affected.\n", "edition": 3, "modified": "2017-03-14T07:00:00", "id": "MS:CVE-2017-0109", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0109", "published": "2017-03-14T07:00:00", "title": "Windows Hyper-V Remote Code Execution Vulnerability", "type": "mscve", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-17T12:37:48", "bulletinFamily": "info", "cvelist": ["CVE-2017-0098", "CVE-2017-0099", "CVE-2017-0051", "CVE-2017-0021", "CVE-2017-0096", "CVE-2017-0075", "CVE-2017-0109", "CVE-2017-0097", "CVE-2017-0095", "CVE-2017-0076", "CVE-2017-0074"], "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information.\n\n### *Affected products*:\nWindows Server 2016 \nWindows Server 2012 (Server Core installation) \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 R2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Vista x64 Edition Service Pack 2 \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2016 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0051](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0051>) \n[CVE-2017-0021](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0021>) \n[CVE-2017-0095](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0095>) \n[CVE-2017-0096](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0096>) \n[CVE-2017-0097](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0097>) \n[CVE-2017-0098](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0098>) \n[CVE-2017-0099](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0099>) \n[CVE-2017-0109](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0109>) \n[CVE-2017-0074](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0074>) \n[CVE-2017-0075](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0075>) \n[CVE-2017-0076](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0076>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2017-0051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0051>)2.9Warning \n[CVE-2017-0021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0021>)7.7Critical \n[CVE-2017-0095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0095>)7.9Critical \n[CVE-2017-0096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096>)2.3Warning \n[CVE-2017-0097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097>)2.3Warning \n[CVE-2017-0098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0098>)2.9Warning \n[CVE-2017-0099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099>)2.3Warning \n[CVE-2017-0109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109>)7.4High \n[CVE-2017-0074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0074>)2.3Warning \n[CVE-2017-0075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075>)7.4High \n[CVE-2017-0076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076>)2.9Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4012217](<http://support.microsoft.com/kb/4012217>) \n[4012216](<http://support.microsoft.com/kb/4012216>) \n[4012606](<http://support.microsoft.com/kb/4012606>) \n[4013198](<http://support.microsoft.com/kb/4013198>) \n[4013429](<http://support.microsoft.com/kb/4013429>) \n[3211306](<http://support.microsoft.com/kb/3211306>) \n[4012214](<http://support.microsoft.com/kb/4012214>) \n[4012213](<http://support.microsoft.com/kb/4012213>)", "edition": 44, "modified": "2020-09-10T00:00:00", "published": "2017-03-14T00:00:00", "id": "KLA10975", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10975", "title": "\r KLA10975Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:53:03", "bulletinFamily": "info", "cvelist": ["CVE-2017-0099", "CVE-2017-0008", "CVE-2017-0101", "CVE-2017-0118", "CVE-2017-0084", "CVE-2017-0117", "CVE-2017-0001", "CVE-2017-0055", "CVE-2017-0073", "CVE-2017-0045", "CVE-2017-0102", "CVE-2017-0125", "CVE-2017-0090", "CVE-2017-0104", "CVE-2017-0089", "CVE-2017-0091", "CVE-2017-0115", "CVE-2017-0096", "CVE-2017-0121", "CVE-2017-0040", "CVE-2017-0050", "CVE-2017-0144", "CVE-2017-0060", "CVE-2017-0116", "CVE-2017-0009", "CVE-2017-0120", "CVE-2017-0025", "CVE-2017-0075", "CVE-2017-0086", "CVE-2017-0124", "CVE-2017-0109", "CVE-2017-0148", "CVE-2017-0119", "CVE-2017-0126", "CVE-2017-0130", "CVE-2017-0113", "CVE-2017-0097", "CVE-2017-0147", "CVE-2017-0112", "CVE-2017-0083", "CVE-2017-0042", "CVE-2017-0047", "CVE-2017-0056", "CVE-2017-0087", "CVE-2017-0123", "CVE-2017-0092", "CVE-2017-0085", "CVE-2017-0103", "CVE-2017-0043", "CVE-2017-0061", "CVE-2017-0014", "CVE-2017-0100", "CVE-2017-0122", "CVE-2017-0063", "CVE-2017-0005", "CVE-2017-0088", "CVE-2017-0128", "CVE-2017-0072", "CVE-2017-0114", "CVE-2017-0146", "CVE-2017-0076", "CVE-2017-0111", "CVE-2017-0038", "CVE-2017-0143", "CVE-2017-0149", "CVE-2017-0108", "CVE-2017-0059", "CVE-2017-0039", "CVE-2017-0062", "CVE-2017-0145", "CVE-2017-0022", "CVE-2017-0127"], "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service.\n\n### *Exploitation*:\nThis vulnerability can be exploited by the following malware:\n\n### *Affected products*:\nMicrosoft Silverlight 5 when installed on Microsoft Windows (x64-based) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Vista x64 Edition Service Pack 2 \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nSkype for Business 2016 (64-bit) \nWindows 8.1 for x64-based systems \nWindows 8.1 for 32-bit systems \nWindows Vista Service Pack 2 \nMicrosoft XML Core Services 3.0 \nMicrosoft Lync 2013 Service Pack 1 (64-bit) \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nMicrosoft Lync Basic 2013 Service Pack 1 (64-bit) \nWindows Server 2016 \nMicrosoft Lync 2010 Attendee (admin level install) \nSkype for Business 2016 Basic (32-bit) \nMicrosoft Live Meeting 2007 Add-in \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows RT 8.1 \nSkype for Business 2016 (32-bit) \nMicrosoft Lync 2010 Attendee (user level install) \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Lync 2010 (64-bit) \nMicrosoft Office Word Viewer \nMicrosoft Live Meeting 2007 Console \nMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based) \nMicrosoft Office 2007 Service Pack 3 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nSkype for Business 2016 Basic (64-bit) \nMicrosoft Lync Basic 2013 Service Pack 1 (32-bit) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nInternet Explorer 10 \nMicrosoft Lync 2010 (32-bit) \nMicrosoft Silverlight 5 when installed on Microsoft Windows (32-bit) \nWindows Server 2012 R2 \nMicrosoft Lync 2013 Service Pack 1 (32-bit)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0108](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0108>) \n[CVE-2017-0109](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0109>) \n[CVE-2017-0072](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0072>) \n[CVE-2017-0100](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0100>) \n[CVE-2017-0101](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0101>) \n[CVE-2017-0102](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0102>) \n[CVE-2017-0143](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0143>) \n[CVE-2017-0104](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0104>) \n[CVE-2017-0022](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0022>) \n[CVE-2017-0001](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0001>) \n[CVE-2017-0145](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0145>) \n[CVE-2017-0120](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0120>) \n[CVE-2017-0147](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0147>) \n[CVE-2017-0005](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0005>) \n[CVE-2017-0127](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0127>) \n[CVE-2017-0124](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0124>) \n[CVE-2017-0125](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0125>) \n[CVE-2017-0009](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0009>) \n[CVE-2017-0008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0008>) \n[CVE-2017-0047](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0047>) \n[CVE-2017-0060](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0060>) \n[CVE-2017-0148](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0148>) \n[CVE-2017-0061](<https://nvd.nist.gov/vuln/detail/CVE-2017-0061>) \n[CVE-2017-0043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0043>) \n[CVE-2017-0042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0042>) \n[CVE-2017-0045](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0045>) \n[CVE-2017-0119](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0119>) \n[CVE-2017-0062](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0062>) \n[CVE-2017-0149](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0149>) \n[CVE-2017-0099](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0099>) \n[CVE-2017-0144](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0144>) \n[CVE-2017-0040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0040>) \n[CVE-2017-0090](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0090>) \n[CVE-2017-0091](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0091>) \n[CVE-2017-0096](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0096>) \n[CVE-2017-0097](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0097>) \n[CVE-2017-0038](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0038>) \n[CVE-2017-0039](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0039>) \n[CVE-2017-0103](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0103>) \n[CVE-2017-0063](<https://nvd.nist.gov/vuln/detail/CVE-2017-0063>) \n[CVE-2017-0118](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0118>) \n[CVE-2017-0117](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0117>) \n[CVE-2017-0116](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0116>) \n[CVE-2017-0115](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0115>) \n[CVE-2017-0114](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0114>) \n[CVE-2017-0113](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0113>) \n[CVE-2017-0112](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0112>) \n[CVE-2017-0111](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0111>) \n[CVE-2017-0092](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0092>) \n[CVE-2017-0076](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0076>) \n[CVE-2017-0014](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0014>) \n[CVE-2017-0059](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0059>) \n[CVE-2017-0056](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0056>) \n[CVE-2017-0055](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0055>) \n[CVE-2017-0050](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0050>) \n[CVE-2017-0123](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0123>) \n[CVE-2017-0122](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0122>) \n[CVE-2017-0073](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0073>) \n[CVE-2017-0075](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0075>) \n[CVE-2017-0025](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0025>) \n[CVE-2017-0146](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0146>) \n[CVE-2017-0128](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0128>) \n[CVE-2017-0089](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0089>) \n[CVE-2017-0088](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0088>) \n[CVE-2017-0121](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0121>) \n[CVE-2017-0130](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0130>) \n[CVE-2017-0126](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0126>) \n[CVE-2017-0083](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0083>) \n[CVE-2017-0085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0085>) \n[CVE-2017-0084](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0084>) \n[CVE-2017-0087](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0087>) \n[CVE-2017-0086](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0086>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-0042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0042>)0.0Unknown \n[CVE-2017-0096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096>)0.0Unknown \n[CVE-2017-0097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097>)0.0Unknown \n[CVE-2017-0099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099>)0.0Unknown \n[CVE-2017-0109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109>)0.0Unknown \n[CVE-2017-0075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075>)0.0Unknown \n[CVE-2017-0076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076>)0.0Unknown \n[CVE-2017-0055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0055>)0.0Unknown \n[CVE-2017-0102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102>)0.0Unknown \n[CVE-2017-0103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103>)0.0Unknown \n[CVE-2017-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101>)0.0Unknown \n[CVE-2017-0050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050>)0.0Unknown \n[CVE-2017-0056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0056>)0.0Unknown \n[CVE-2017-0043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0043>)0.0Unknown \n[CVE-2017-0045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0045>)0.0Unknown \n[CVE-2017-0022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022>)0.0Unknown \n[CVE-2017-0143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143>)0.0Unknown \n[CVE-2017-0144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144>)0.0Unknown \n[CVE-2017-0145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145>)0.0Unknown \n[CVE-2017-0146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146>)0.0Unknown \n[CVE-2017-0147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147>)0.0Unknown \n[CVE-2017-0148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148>)0.0Unknown \n[CVE-2017-0014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014>)0.0Unknown \n[CVE-2017-0060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0060>)0.0Unknown \n[CVE-2017-0061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0061>)0.0Unknown \n[CVE-2017-0062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0062>)0.0Unknown \n[CVE-2017-0063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0063>)0.0Unknown \n[CVE-2017-0025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0025>)0.0Unknown \n[CVE-2017-0073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0073>)0.0Unknown \n[CVE-2017-0108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0108>)0.0Unknown \n[CVE-2017-0038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038>)0.0Unknown \n[CVE-2017-0001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0001>)0.0Unknown \n[CVE-2017-0005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0005>)0.0Unknown \n[CVE-2017-0047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0047>)0.0Unknown \n[CVE-2017-0072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0072>)0.0Unknown \n[CVE-2017-0083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0083>)0.0Unknown \n[CVE-2017-0084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0084>)0.0Unknown \n[CVE-2017-0085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0085>)0.0Unknown \n[CVE-2017-0086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0086>)0.0Unknown \n[CVE-2017-0087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0087>)0.0Unknown \n[CVE-2017-0088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0088>)0.0Unknown \n[CVE-2017-0089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0089>)0.0Unknown \n[CVE-2017-0090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0090>)0.0Unknown \n[CVE-2017-0091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0091>)0.0Unknown \n[CVE-2017-0092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0092>)0.0Unknown \n[CVE-2017-0111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0111>)0.0Unknown \n[CVE-2017-0112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0112>)0.0Unknown \n[CVE-2017-0113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0113>)0.0Unknown \n[CVE-2017-0114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0114>)0.0Unknown \n[CVE-2017-0115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0115>)0.0Unknown \n[CVE-2017-0116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0116>)0.0Unknown \n[CVE-2017-0117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0117>)0.0Unknown \n[CVE-2017-0118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0118>)0.0Unknown \n[CVE-2017-0119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0119>)0.0Unknown \n[CVE-2017-0120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0120>)0.0Unknown \n[CVE-2017-0121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0121>)0.0Unknown \n[CVE-2017-0122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0122>)0.0Unknown \n[CVE-2017-0123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0123>)0.0Unknown \n[CVE-2017-0124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0124>)0.0Unknown \n[CVE-2017-0125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0125>)0.0Unknown \n[CVE-2017-0126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0126>)0.0Unknown \n[CVE-2017-0127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0127>)0.0Unknown \n[CVE-2017-0128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0128>)0.0Unknown \n[CVE-2017-0009](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0009>)0.0Unknown \n[CVE-2017-0059](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0059>)0.0Unknown \n[CVE-2017-0130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0130>)0.0Unknown \n[CVE-2017-0149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0149>)0.0Unknown \n[CVE-2017-0008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0008>)0.0Unknown \n[CVE-2017-0040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0040>)0.0Unknown \n[CVE-2017-0100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0100>)0.0Unknown \n[CVE-2017-0104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0104>)0.0Unknown \n[CVE-2017-0039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0039>)0.0Unknown\n\n### *KB list*:\n[4012204](<http://support.microsoft.com/kb/4012204>) \n[4012215](<http://support.microsoft.com/kb/4012215>) \n[3211306](<http://support.microsoft.com/kb/3211306>) \n[4012212](<http://support.microsoft.com/kb/4012212>) \n[4012598](<http://support.microsoft.com/kb/4012598>) \n[4012583](<http://support.microsoft.com/kb/4012583>) \n[3217587](<http://support.microsoft.com/kb/3217587>) \n[4012021](<http://support.microsoft.com/kb/4012021>) \n[4012373](<http://support.microsoft.com/kb/4012373>) \n[4012497](<http://support.microsoft.com/kb/4012497>) \n[4017018](<http://support.microsoft.com/kb/4017018>) \n[4012584](<http://support.microsoft.com/kb/4012584>) \n[3218362](<http://support.microsoft.com/kb/3218362>) \n[4011981](<http://support.microsoft.com/kb/4011981>) \n[3217882](<http://support.microsoft.com/kb/3217882>) \n[3214051](<http://support.microsoft.com/kb/3214051>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2017-03-14T00:00:00", "id": "KLA11902", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11902", "title": "\r KLA11902Multiple vulnerabilities in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-03T07:12:30", "bulletinFamily": "info", "cvelist": ["CVE-2017-0098", "CVE-2017-0099", "CVE-2017-0008", "CVE-2017-0101", "CVE-2017-0078", "CVE-2017-0118", "CVE-2017-0051", "CVE-2017-0084", "CVE-2017-0117", "CVE-2017-0081", "CVE-2017-0001", "CVE-2017-0080", "CVE-2017-0055", "CVE-2017-0073", "CVE-2017-0045", "CVE-2017-0102", "CVE-2017-0125", "CVE-2017-0021", "CVE-2017-0090", "CVE-2017-0104", "CVE-2017-0089", "CVE-2017-0091", "CVE-2017-0115", "CVE-2017-0096", "CVE-2017-0024", "CVE-2017-0121", "CVE-2017-0050", "CVE-2017-0144", "CVE-2017-0060", "CVE-2017-0116", "CVE-2017-0082", "CVE-2017-0120", "CVE-2017-0007", "CVE-2017-0025", "CVE-2017-0075", "CVE-2017-0086", "CVE-2017-0016", "CVE-2017-0124", "CVE-2017-0109", "CVE-2017-0148", "CVE-2017-0119", "CVE-2017-0126", "CVE-2017-0130", "CVE-2017-0113", "CVE-2017-0097", "CVE-2017-0147", "CVE-2017-0112", "CVE-2017-0083", "CVE-2017-0047", "CVE-2017-0057", "CVE-2017-0095", "CVE-2017-0056", "CVE-2017-0087", "CVE-2017-0079", "CVE-2017-0123", "CVE-2017-0092", "CVE-2017-0026", "CVE-2017-0085", "CVE-2017-0103", "CVE-2017-0043", "CVE-2017-0061", "CVE-2017-0014", "CVE-2017-0100", "CVE-2017-0122", "CVE-2017-0063", "CVE-2017-0005", "CVE-2017-0088", "CVE-2017-0128", "CVE-2017-0072", "CVE-2017-0114", "CVE-2017-0146", "CVE-2017-0076", "CVE-2017-0111", "CVE-2017-0074", "CVE-2017-0038", "CVE-2017-0143", "CVE-2017-0108", "CVE-2017-0039", "CVE-2017-0062", "CVE-2017-0145", "CVE-2017-0022", "CVE-2017-0127"], "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service.\n\n### *Affected products*:\nMicrosoft Windows Vista Service Pack 2 \nMicrosoft Windows 7 Service Pack 1 \nMicrosoft Windows 8.1 \nMicrosoft Windows RT 8.1 \nMicrosoft Windows 10 \nMicrosoft Windows Server 2008 Service Pack 2 \nMicrosoft Windows Server 2008 R2 Service Pack 1 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS17-012](<https://technet.microsoft.com/library/security/MS17-012>) \n[CVE-2017-0051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0051>) \n[CVE-2017-0021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021>) \n[CVE-2017-0095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0095>) \n[CVE-2017-0096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096>) \n[CVE-2017-0097](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097>) \n[CVE-2017-0098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098>) \n[CVE-2017-0099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0099>) \n[CVE-2017-0109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0109>) \n[CVE-2017-0074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0074>) \n[CVE-2017-0075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075>) \n[CVE-2017-0076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076>) \n[CVE-2017-0055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0055>) \n[CVE-2017-0102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0102>) \n[CVE-2017-0103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103>) \n[CVE-2017-0101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101>) \n[CVE-2017-0050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050>) \n[CVE-2017-0056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056>) \n[CVE-2017-0024](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0024>) \n[CVE-2017-0026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026>) \n[CVE-2017-0078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078>) \n[CVE-2017-0079](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0079>) \n[CVE-2017-0080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080>) \n[CVE-2017-0081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081>) \n[CVE-2017-0082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082>) \n[CVE-2017-0043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0043>) \n[CVE-2017-0045](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045>) \n[CVE-2017-0022](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022>) \n[CVE-2017-0143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143>) \n[CVE-2017-0144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144>) \n[CVE-2017-0145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145>) \n[CVE-2017-0146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0146>) \n[CVE-2017-0147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147>) \n[CVE-2017-0148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0148>) \n[CVE-2017-0014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014>) \n[CVE-2017-0060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060>) \n[CVE-2017-0061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061>) \n[CVE-2017-0062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0062>) \n[CVE-2017-0063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063>) \n[CVE-2017-0025](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0025>) \n[CVE-2017-0073](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073>) \n[CVE-2017-0108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108>) \n[CVE-2017-0038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038>) \n[CVE-2017-0001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0001>) \n[CVE-2017-0005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0005>) \n[CVE-2017-0047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0047>) \n[CVE-2017-0072](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072>) \n[CVE-2017-0083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083>) \n[CVE-2017-0084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084>) \n[CVE-2017-0085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0085>) \n[CVE-2017-0086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0086>) \n[CVE-2017-0087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0087>) \n[CVE-2017-0088](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088>) \n[CVE-2017-0089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089>) \n[CVE-2017-0090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090>) \n[CVE-2017-0091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0091>) \n[CVE-2017-0092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092>) \n[CVE-2017-0111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111>) \n[CVE-2017-0112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0112>) \n[CVE-2017-0113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0113>) \n[CVE-2017-0114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0114>) \n[CVE-2017-0115](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0115>) \n[CVE-2017-0116](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116>) \n[CVE-2017-0117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117>) \n[CVE-2017-0118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118>) \n[CVE-2017-0119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0119>) \n[CVE-2017-0120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0120>) \n[CVE-2017-0121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121>) \n[CVE-2017-0122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0122>) \n[CVE-2017-0123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123>) \n[CVE-2017-0124](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124>) \n[CVE-2017-0125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0125>) \n[CVE-2017-0126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0126>) \n[CVE-2017-0127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0127>) \n[CVE-2017-0128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0128>) \n[CVE-2017-0130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130>) \n[CVE-2017-0008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008>) \n[CVE-2017-0057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0057>) \n[CVE-2017-0100](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0100>) \n[CVE-2017-0104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0104>) \n[CVE-2017-0007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007>) \n[CVE-2017-0016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016>) \n[CVE-2017-0039](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2017-0051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0051>)2.9Warning \n[CVE-2017-0021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0021>)7.7Critical \n[CVE-2017-0095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0095>)7.9Critical \n[CVE-2017-0096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096>)2.3Warning \n[CVE-2017-0097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097>)2.3Warning \n[CVE-2017-0098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0098>)2.9Warning \n[CVE-2017-0099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099>)2.3Warning \n[CVE-2017-0109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109>)7.4High \n[CVE-2017-0074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0074>)2.3Warning \n[CVE-2017-0075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075>)7.4High \n[CVE-2017-0076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076>)2.9Warning \n[CVE-2017-0055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0055>)4.3Warning \n[CVE-2017-0102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102>)4.6Warning \n[CVE-2017-0103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103>)4.4Warning \n[CVE-2017-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101>)6.8High \n[CVE-2017-0050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050>)7.2High \n[CVE-2017-0056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0056>)7.2High \n[CVE-2017-0024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0024>)7.2High \n[CVE-2017-0026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0026>)7.2High \n[CVE-2017-0078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0078>)7.2High \n[CVE-2017-0079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0079>)7.2High \n[CVE-2017-0080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0080>)7.2High \n[CVE-2017-0081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0081>)7.2High \n[CVE-2017-0082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0082>)7.2High \n[CVE-2017-0043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0043>)2.9Warning \n[CVE-2017-0045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0045>)4.3Warning \n[CVE-2017-0022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022>)4.3Warning \n[CVE-2017-0143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143>)9.3Critical \n[CVE-2017-0144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144>)9.3Critical \n[CVE-2017-0145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145>)9.3Critical \n[CVE-2017-0146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146>)9.3Critical \n[CVE-2017-0147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147>)4.3Warning \n[CVE-2017-0148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148>)9.3Critical \n[CVE-2017-0014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014>)7.6Critical \n[CVE-2017-0060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0060>)1.9Warning \n[CVE-2017-0061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0061>)2.6Warning \n[CVE-2017-0062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0062>)1.9Warning \n[CVE-2017-0063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0063>)4.3Warning \n[CVE-2017-0025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0025>)7.2High \n[CVE-2017-0073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0073>)4.3Warning \n[CVE-2017-0108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0108>)9.3Critical \n[CVE-2017-0038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038>)4.3Warning \n[CVE-2017-0001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0001>)7.2High \n[CVE-2017-0005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0005>)6.9High \n[CVE-2017-0047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0047>)7.2High \n[CVE-2017-0072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0072>)9.3Critical \n[CVE-2017-0083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0083>)9.3Critical \n[CVE-2017-0084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0084>)9.3Critical \n[CVE-2017-0085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0085>)4.3Warning \n[CVE-2017-0086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0086>)9.3Critical \n[CVE-2017-0087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0087>)9.3Critical \n[CVE-2017-0088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0088>)9.3Critical \n[CVE-2017-0089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0089>)9.3Critical \n[CVE-2017-0090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0090>)9.3Critical \n[CVE-2017-0091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0091>)4.3Warning \n[CVE-2017-0092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0092>)4.3Warning \n[CVE-2017-0111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0111>)4.3Warning \n[CVE-2017-0112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0112>)4.3Warning \n[CVE-2017-0113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0113>)4.3Warning \n[CVE-2017-0114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0114>)4.3Warning \n[CVE-2017-0115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0115>)4.3Warning \n[CVE-2017-0116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0116>)4.3Warning \n[CVE-2017-0117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0117>)4.3Warning \n[CVE-2017-0118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0118>)4.3Warning \n[CVE-2017-0119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0119>)4.3Warning \n[CVE-2017-0120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0120>)4.3Warning \n[CVE-2017-0121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0121>)4.3Warning \n[CVE-2017-0122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0122>)4.3Warning \n[CVE-2017-0123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0123>)4.3Warning \n[CVE-2017-0124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0124>)4.3Warning \n[CVE-2017-0125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0125>)4.3Warning \n[CVE-2017-0126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0126>)4.3Warning \n[CVE-2017-0127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0127>)4.3Warning \n[CVE-2017-0128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0128>)4.3Warning \n[CVE-2017-0130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0130>)7.6Critical \n[CVE-2017-0008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0008>)4.3Warning \n[CVE-2017-0057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0057>)4.3Warning \n[CVE-2017-0100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0100>)4.4Warning \n[CVE-2017-0104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0104>)9.3Critical \n[CVE-2017-0007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0007>)2.1Warning \n[CVE-2017-0016](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0016>)7.1High \n[CVE-2017-0039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0039>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4012217](<http://support.microsoft.com/kb/4012217>) \n[4012215](<http://support.microsoft.com/kb/4012215>) \n[4012216](<http://support.microsoft.com/kb/4012216>) \n[4012606](<http://support.microsoft.com/kb/4012606>) \n[4013198](<http://support.microsoft.com/kb/4013198>) \n[4013429](<http://support.microsoft.com/kb/4013429>) \n[3211306](<http://support.microsoft.com/kb/3211306>) \n[4012212](<http://support.microsoft.com/kb/4012212>) \n[4012214](<http://support.microsoft.com/kb/4012214>) \n[4012213](<http://support.microsoft.com/kb/4012213>) \n[4012598](<http://support.microsoft.com/kb/4012598>) \n[4012583](<http://support.microsoft.com/kb/4012583>) \n[3217587](<http://support.microsoft.com/kb/3217587>) \n[4012021](<http://support.microsoft.com/kb/4012021>) \n[4012373](<http://support.microsoft.com/kb/4012373>) \n[4012497](<http://support.microsoft.com/kb/4012497>) \n[4017018](<http://support.microsoft.com/kb/4017018>) \n[4012584](<http://support.microsoft.com/kb/4012584>) \n[3218362](<http://support.microsoft.com/kb/3218362>) \n[3205715](<http://support.microsoft.com/kb/3205715>) \n[4011981](<http://support.microsoft.com/kb/4011981>) \n[3217882](<http://support.microsoft.com/kb/3217882>)\n\n### *Exploitation*:\nThis vulnerability can be exploited by the following malware:", "edition": 45, "modified": "2020-11-30T00:00:00", "published": "2017-03-14T00:00:00", "id": "KLA10979", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10979", "title": "\r KLA10979Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:45:42", "bulletinFamily": "microsoft", "cvelist": ["CVE-2017-0098", "CVE-2017-0099", "CVE-2017-0051", "CVE-2017-0021", "CVE-2017-0096", "CVE-2017-0075", "CVE-2017-0109", "CVE-2017-0097", "CVE-2017-0095", "CVE-2017-0076", "CVE-2017-0074"], "description": "<html><body><p>Resolves a vulnerability in Windows that could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. </p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.<br/>To learn more about the vulnerability, see <a href=\"https://technet.microsoft.com/library/security/MS17-008\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS17-008</a>. </div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><span class=\"text-base\">Important </span><ul class=\"sbody-free_list\"><li>All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-3\" target=\"_self\">2919355</a> to be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-4\" target=\"_self\">2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates. </li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>. </li></ul></div><h2>Additional information about this security update</h2><div class=\"kb-moreinformation-section section\"><br/><div>The following articles contain more information about this security update as it relates to individual product versions. These articles may contain known issue information. </div><br/><br/><ul id=\"info1_list1\"><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/3211306\" managed-link=\"\" target=\"\"> 3211306</a> MS17-008: Description of the security update for Hyper-V: March 14, 2017</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012216\" managed-link=\"\" target=\"\"> 4012216</a> March 2017 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012213\" managed-link=\"\" target=\"\"> 4012213</a> March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012217\" managed-link=\"\" target=\"\"> 4012217</a> March 2017 Security Monthly Quality Rollup for Windows Server 2012</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012214\" managed-link=\"\" target=\"\"> 4012214</a> March 2017 Security Only Quality Update for Windows Server 2012</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012215\" managed-link=\"\" target=\"\"> 4012215</a> March 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012212\" managed-link=\"\" target=\"\"> 4012212</a> March 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4013429\" managed-link=\"\" target=\"\"> 4013429</a> March 13, 2017\u2014KB4013429 (OS Build 933)</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012606\" managed-link=\"\" target=\"\"> 4012606</a> March 14, 2017\u2014KB4012606 (OS Build 17312)</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4013198\" managed-link=\"\" target=\"\"> 4013198</a> March 14, 2017\u2014KB4013198 (OS Build 830)</li></ul></div><h2>Security update deployment</h2><span><h3><strong>Windows Vista (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software. </p><table class=\"table\"><tbody><tr><td width=\"26%\"><p><strong>Security update file names</strong></p></td><td width=\"73%\"><p>For all supported x64-based editions of Windows Vista:<br/><strong>Windows6.0-KB3211306-x64.msu</strong></p></td></tr><tr><td width=\"26%\"><p><strong>Installation switches</strong></p></td><td width=\"73%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"26%\"><p><strong>Restart requirement</strong></p></td><td width=\"73%\"><p>A system restart is required after you apply this security update. </p></td></tr><tr><td width=\"26%\"><p><strong>Removal information</strong></p></td><td width=\"73%\"><p>WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <strong>Control Panel</strong>, and then click <strong>Security</strong>. Under \"Windows Update,\" click <strong>View installed updates</strong> and select from the list of updates. </p></td></tr><tr><td width=\"26%\"><p><strong>File information</strong></p></td><td width=\"73%\"><p>See <a href=\"https://support.microsoft.com/kb/3211306\"><u>Microsoft Knowledge Base article 3211306</u></a></p></td></tr><tr><td width=\"26%\"><p><strong>Registry key verification</strong></p></td><td width=\"73%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update. </p></td></tr></tbody></table><p>\u00a0</p><h3><strong>Windows Server 2008 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software. </p><table class=\"table\"><tbody><tr><td width=\"26%\"><p><strong>Security update file names</strong></p></td><td width=\"73%\"><p>For all supported x64-based editions of Windows Server 2008:<br/><strong>Windows6.0-KB3211306-x64.msu</strong></p></td></tr><tr><td width=\"26%\"><p><strong>Installation switches</strong></p></td><td width=\"73%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"26%\"><p><strong>Restart requirement</strong></p></td><td width=\"73%\"><p>A system restart is required after you apply this security update. </p></td></tr><tr><td width=\"26%\"><p><strong>Removal information</strong></p></td><td width=\"73%\"><p>WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <strong>Control Panel</strong>, and then click <strong>Security</strong>. Under \"Windows Update,\" click <strong>View installed updates</strong> and select from the list of updates. </p></td></tr><tr><td width=\"26%\"><p><strong>File information</strong></p></td><td width=\"73%\"><p>See <a href=\"https://support.microsoft.com/kb/3211306\"><u>Microsoft Knowledge Base article 3211306</u></a></p></td></tr><tr><td width=\"26%\"><p><strong>Registry key verification</strong></p></td><td width=\"73%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update. </p></td></tr></tbody></table><p>\u00a0</p><h3><strong>Windows 7 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software. </p><table class=\"table\"><tbody><tr><td width=\"29%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows 7:<br/><strong>indows6.1-KB4012212-x64.msu</strong><br/>Security only</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows 7:<br/><strong>Windows6.1-KB4012215-x64.msu</strong><br/>Monthly rollup</p></td></tr><tr><td width=\"29%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a><u> </u></p></td></tr><tr><td width=\"29%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update. </p></td></tr><tr><td width=\"29%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall </strong>setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, and then under \"Windows Update,\" click <strong>View installed updates</strong> and select from the list of updates. </p></td></tr><tr><td width=\"29%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/4012212\"><u>Microsoft Knowledge Base article 4012212</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012215\"><u>Microsoft Knowledge Base article 4012215</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update. </p></td></tr></tbody></table><p>\u00a0</p><h3><strong>Windows Server 2008 R2 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software. </p><table class=\"table\"><tbody><tr><td width=\"29%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows Server 2008 R2:<br/><strong>Windows6.1-KB4012212-x64.msu</strong><br/>Security only</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows Server 2008 R2:<br/><strong>Windows6.1-KB4012215-x64.msu</strong><br/>Monthly rollup</p></td></tr><tr><td width=\"29%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update. </p></td></tr><tr><td width=\"29%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall</strong> setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, and then under \"Windows Update,\" click <strong>View installed updates</strong> and select from the list of updates. </p></td></tr><tr><td width=\"29%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/4012212\"><u>Microsoft Knowledge Base article 4012212</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012215\"><u>Microsoft Knowledge Base article 4012215</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update. </p></td></tr></tbody></table><p>\u00a0</p><h3><strong>Windows 8.1 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software. </p><table class=\"table\"><tbody><tr><td width=\"29%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows 8.1:<br/><strong>Windows8.1-KB4012213-x64.msu</strong><br/>Security only</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows 8.1:<br/><strong>Windows8.1-KB4012216-x64.msu</strong><br/>Monthly rollup</p></td></tr><tr><td width=\"29%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update. </p></td></tr><tr><td width=\"29%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall</strong> setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, click <strong>Windows Update</strong>, and then under \"See also,\" click <strong>Installed updates</strong> and select from the list of updates. </p></td></tr><tr><td width=\"29%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/4012213\"><u>Microsoft Knowledge Base article 4012213</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012216\"><u>Microsoft Knowledge Base article 4012216</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update. </p></td></tr></tbody></table><p>\u00a0</p><h3><strong>Windows Server 2012 and Windows Server 2012 R2 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software. </p><table class=\"table\"><tbody><tr><td width=\"29%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2012:<br/><strong>Windows8-RT-KB4012214-x64.msu</strong><br/>Security only</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2012:<br/><strong>Windows8-RT-KB4012217-x64.msu</strong><br/>Monthly rollup</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2012 R2:<br/><strong>Windows8.1-KB4012213-x64.msu</strong><br/>Security only</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2012 R2:<br/><strong>Windows8.1-KB4012216-x64.msu</strong><br/>Monthly rollup</p></td></tr><tr><td width=\"29%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update. </p></td></tr><tr><td width=\"29%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall</strong> setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, click <strong>Windows Update</strong>, and then under \"See also,\" click <strong>Installed updates</strong> and select from the list of updates. </p></td></tr><tr><td width=\"29%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/4012214\"><u>Microsoft Knowledge Base article 4012214</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012217\"><u>Microsoft Knowledge Base article 4012217</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012213\"><u>Microsoft Knowledge Base article 4012213</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012216\"><u>Microsoft Knowledge Base article 4012216</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update. </p></td></tr></tbody></table><p>\u00a0</p><h3><strong>Windows 10 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software. </p><table class=\"table\"><tbody><tr><td width=\"30%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows 10:<br/><strong>Windows10.0-KB4012606-x64.msu</strong></p></td></tr><tr><td width=\"30%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows 10 Version 1511:<br/><strong>Windows10.0-KB4013198-x64.msu</strong></p></td></tr><tr><td width=\"30%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows 10 Version 1607:<br/><strong>Windows10.0-KB4013429-x64.msu</strong></p></td></tr><tr><td width=\"30%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"30%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update. </p></td></tr><tr><td width=\"30%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall</strong> setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, click <strong>Windows Update</strong>, and then under \"See also,\" click <strong>Installed updates</strong> and select from the list of updates. </p></td></tr><tr><td width=\"30%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/en-sg/help/12387/windows-10-update-history\" target=\"_self\"><u>Windows 10 and Windows Server 2016 update history</u></a>. </p></td></tr><tr><td width=\"30%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update. </p></td></tr></tbody></table><p>\u00a0</p><h3><strong>Windows Server 2016 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software. </p><table class=\"table\"><tbody><tr><td width=\"30%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2016:<br/><strong>Windows10.0-KB4013429-x64.msu</strong></p></td></tr><tr><td width=\"30%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"30%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update. </p></td></tr><tr><td width=\"30%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall</strong> setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, click <strong>Windows Update</strong>, and then under \"See also,\" click <strong>Installed updates</strong> and select from the list of updates. </p></td></tr><tr><td width=\"30%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/en-sg/help/12387/windows-10-update-history\" target=\"_self\"><u>Windows 10 and Windows Server 2016 update history</u></a>. </p></td></tr><tr><td width=\"30%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update. </p></td></tr></tbody></table></span><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span></span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-15\" target=\"_self\">Windows Update FAQ</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-16\" target=\"_self\">TechNet Security Support and Troubleshooting </a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/en-us/security/default.aspx\" managed-link=\"\" target=\"\">Microsoft Secure</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" target=\"_self\">International Support</a></div><br/></div></div></div><a class=\"bookmark\" id=\"fileinfo\"></a></div></body></html>", "edition": 3, "modified": "2017-03-14T17:40:22", "id": "KB4013082", "href": "https://support.microsoft.com/en-us/help/4013082/", "published": "2017-03-14T00:00:00", "title": "MS17-008: Security update for Windows Hyper-V: March 14, 2017", "type": "mskb", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-09-09T05:02:30", "description": "The remote Windows host is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist due\n to improper validation of vSMB packets. An attacker on a\n guest operating system can exploit these\n vulnerabilities, via a specially crafted application, to\n execute arbitrary code on the host. (CVE-2017-0021,\n CVE-2017-0095)\n\n - Multiple denial of service vulnerabilities exist due to\n improper validation of input from a privileged user on a\n guest operating system. An attacker with a privileged\n account on a guest operating system can exploit these\n vulnerabilities, via a specially crafted application, to\n crash the host machine. (CVE-2017-0051, CVE-2017-0074,\n CVE-2017-0076, CVE-2017-0097, CVE-2017-0098,\n CVE-2017-0099)\n\nNote that customers who have not enabled the Hyper-V role are not\naffected.", "edition": 34, "cvss3": {"score": 7.6, "vector": "AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-15T00:00:00", "title": "MS17-008: Security Update for Windows Hyper-V (4013082)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0098", "CVE-2017-0099", "CVE-2017-0051", "CVE-2017-0021", "CVE-2017-0096", "CVE-2017-0075", "CVE-2017-0109", "CVE-2017-0097", "CVE-2017-0095", "CVE-2017-0076", "CVE-2017-0074"], "modified": "2017-03-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17-008.NASL", "href": "https://www.tenable.com/plugins/nessus/97745", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97745);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/04\");\n\n script_cve_id(\n \"CVE-2017-0021\",\n \"CVE-2017-0051\",\n \"CVE-2017-0074\",\n \"CVE-2017-0075\",\n \"CVE-2017-0076\",\n \"CVE-2017-0095\",\n \"CVE-2017-0096\",\n \"CVE-2017-0097\",\n \"CVE-2017-0098\",\n \"CVE-2017-0099\",\n \"CVE-2017-0109\"\n );\n script_bugtraq_id(\n 96020,\n 96026,\n 96636,\n 96639,\n 96640,\n 96641,\n 96642,\n 96644,\n 96698,\n 96699,\n 96701\n );\n script_xref(name:\"MSFT\", value:\"MS17-008\");\n script_xref(name:\"MSKB\", value:\"3211306\");\n script_xref(name:\"MSKB\", value:\"4012212\");\n script_xref(name:\"MSKB\", value:\"4012213\");\n script_xref(name:\"MSKB\", value:\"4012214\");\n script_xref(name:\"MSKB\", value:\"4012215\");\n script_xref(name:\"MSKB\", value:\"4012216\");\n script_xref(name:\"MSKB\", value:\"4012217\");\n script_xref(name:\"MSKB\", value:\"4012606\");\n script_xref(name:\"MSKB\", value:\"4013198\");\n script_xref(name:\"MSKB\", value:\"4013429\");\n script_xref(name:\"IAVA\", value:\"2017-A-0061\");\n\n script_name(english:\"MS17-008: Security Update for Windows Hyper-V (4013082)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist due\n to improper validation of vSMB packets. An attacker on a\n guest operating system can exploit these\n vulnerabilities, via a specially crafted application, to\n execute arbitrary code on the host. (CVE-2017-0021,\n CVE-2017-0095)\n\n - Multiple denial of service vulnerabilities exist due to\n improper validation of input from a privileged user on a\n guest operating system. An attacker with a privileged\n account on a guest operating system can exploit these\n vulnerabilities, via a specially crafted application, to\n crash the host machine. (CVE-2017-0051, CVE-2017-0074,\n CVE-2017-0076, CVE-2017-0097, CVE-2017-0098,\n CVE-2017-0099)\n\nNote that customers who have not enabled the Hyper-V role are not\naffected.\");\n # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?424a7a83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2008, 7, 2008 R2,\n2012, 8.1, 2012 R2, 10 and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0095\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"wmi_enum_server_features.nbin\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-008';\nkbs = make_list(\n \"3211306\",\n \"4012212\",\n \"4012213\",\n \"4012214\",\n \"4012215\",\n \"4012216\",\n \"4012217\",\n \"4012606\",\n \"4013198\",\n \"4013429\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\narch = get_kb_item_or_exit('SMB/ARCH', exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\nif (arch == \"x86\") audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\n# (Hyper-V ID = 20)\nif (!get_kb_item('WMI/server_feature/20'))\n{\n # could not determine if Hyper-V was enabled via wmi, so now check with registry\n # This is the key for the version of the integration services installer files,\n # which are only on the Hyper-V host.\n # Connect to remote registry.\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n hyperv_reg = get_registry_value(handle:hklm, item:\"SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\Microsoft-Windows-Hyper-V-Hypervisor\\EventMessageFile\");\n RegCloseKey(handle:hklm);\n close_registry(close:TRUE);\n\n if (!hyperv_reg)\n {\n exit(0, \"Systems without the Hyper-V role enabled are not affected by the vulnerability.\");\n }\n}\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"amd64_wvms_pp.inf_31bf3856ad364e35_\", file_pat:\"^vmswitch\\.sys$\", max_recurse:1);\n\nif (\n #key = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\ApplicabilityEvaluationCache\\Package_for_KB3211306~31bf3856ad364e35~amd64~~6.0.1.2\";\n # Vista / Windows Server 2008\n hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19747', '6.0.6002.23906'),\n max_versions:make_list('6.0.6002.24070', '6.0.6003.99999'),\n bulletin:bulletin,\n kb:'3211306') ||\n\n # Windows 7 / Server 2008 R2\n smb_check_rollup(os:\"6.1\", sp:1, rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4012212, 4012215)) ||\n # Windows Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4012214, 4012217)) ||\n # Windows 8.1 / Windows Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4012213, 4012216)) ||\n # Windows 10 / Windows Server 2016\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4012606)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4013198)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4013429))\n )\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-08T13:46:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0098", "CVE-2017-0099", "CVE-2017-0051", "CVE-2017-0021", "CVE-2017-0096", "CVE-2017-0075", "CVE-2017-0109", "CVE-2017-0097", "CVE-2017-0095", "CVE-2017-0076", "CVE-2017-0074"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS17-008.", "modified": "2019-12-20T00:00:00", "published": "2017-03-15T00:00:00", "id": "OPENVAS:1361412562310810624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810624", "type": "openvas", "title": "Microsoft Windows Hyper-V Multiple Vulnerabilities (4013082)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Hyper-V Multiple Vulnerabilities (4013082)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810624\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-0021\", \"CVE-2017-0051\", \"CVE-2017-0074\", \"CVE-2017-0075\",\n \"CVE-2017-0076\", \"CVE-2017-0097\", \"CVE-2017-0099\", \"CVE-2017-0095\",\n \"CVE-2017-0096\", \"CVE-2017-0098\", \"CVE-2017-0109\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-15 10:50:15 +0530 (Wed, 15 Mar 2017)\");\n script_name(\"Microsoft Windows Hyper-V Multiple Vulnerabilities (4013082)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4013082\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS17-008\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS17-008.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists as,\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly validate\n input from a privileged user on a guest operating system.\n\n - Microsoft Hyper-V on a host server fails to properly validate vSMB packet\n data.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct a denial of service attack, execute arbitrary code on\n the target operating system and gain access to potentially sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Vista x64 Edition Service Pack 2\n\n - Microsoft Windows Server 2008 x64 Edition Service Pack 2\n\n - Microsoft Windows 7 x64 Edition Service Pack 1\n\n - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1\n\n - Microsoft Windows 8.1 x64\n\n - Microsoft Windows Server 2012/2012R2\n\n - Microsoft Windows 10 x64\n\n - Microsoft Windows 10 Version 1511 x64\n\n - Microsoft Windows 10 Version 1607 x64\n\n - Microsoft Windows Server 2016 x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVistax64:3, win2008x64:3, win7x64:2, win2008r2:2, win8_1x64:1,\n win2012:1, win2012R2:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nvmmsexe = fetch_file_version(sysPath:sysPath, file_name:\"VMMS.exe\");\nif(!vmssexe){\n exit(0);\n}\n\nhypVer = fetch_file_version(sysPath:sysPath, file_name:\"drivers\\Vmswitch.sys\");\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!hypVer && !edgeVer){\n exit(0);\n}\n\nif(hotfix_check_sp(winVistax64:3, win2008x64:3) > 0 && hypVer)\n{\n if(version_is_less(version:hypVer, test_version:\"6.0.6002.24070\"))\n {\n Vulnerable_range = \"Less than 6.0.6002.24070\";\n VULN1 = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win7x64:2, win2008r2:2) > 0 && hypVer)\n{\n ## GDR info not given\n if(version_is_less(version:hypVer, test_version:\"6.1.7601.23677\"))\n {\n Vulnerable_range = \"Less than 6.1.7601.23677\";\n VULN1 = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8_1x64:1, win2012R2:1) > 0 && hypVer)\n{\n if(version_is_less(version:hypVer, test_version:\"6.3.9600.18589\"))\n {\n Vulnerable_range = \"Less than 6.3.9600.18569\";\n VULN1 = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win2012:1) > 0 && hypVer)\n{\n if(version_is_less(version:hypVer, test_version:\"6.2.9200.22086\"))\n {\n Vulnerable_range = \"Less than 6.2.9200.22086\";\n VULN1 = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1, win2016:1) > 0 && edgeVer)\n{\n if(version_is_less(version:edgeVer, test_version:\"11.0.10240.17319\"))\n {\n Vulnerable_range = \"Less than 11.0.10240.17319\";\n VULN2 = TRUE ;\n }\n\n else if(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.838\"))\n {\n Vulnerable_range = \"11.0.10586.0 - 11.0.10586.839\";\n VULN2 = TRUE ;\n }\n\n else if(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.952\"))\n {\n Vulnerable_range = \"11.0.14393.0 - 11.0.14393.952\";\n VULN2 = TRUE ;\n }\n}\n\nif(VULN1)\n{\n report = 'File checked: ' + sysPath + \"\\System32\\drivers\\Vmswitch.sys\" + '\\n' +\n 'File version: ' + hypVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nif(VULN2)\n{\n report = 'File checked: ' + sysPath + \"\\system32\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}]}
