DATABASE RESOURCES PRICING ABOUT US

{"id": "MS:CVE-2017-0102", "bulletinFamily": "microsoft", "title": "Windows Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists when Windows fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.\n\nTo exploit the vulnerability, an attacker would first need access to the target system and have the ability to copy a file to a shared folder or drive.\n\nThe security update addresses the vulnerability by correcting the way that Windows validates the buffer lengths.\n", "published": "2017-03-14T07:00:00", "modified": "2017-03-14T07:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0102", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2017-0102"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-26T18:28:16", "edition": 1, "viewCount": 5, "enchantments": {"backreferences": {"references": [{"idList": ["KB4012213"], "type": "mskb"}, {"idList": ["OPENVAS:1361412562310810814"], "type": "openvas"}, {"idList": ["RAPID7COMMUNITY:D6095B3BBE1704D4062E19C249D178EC"], "type": "rapid7community"}, {"idList": ["CVE-2017-0102"], "type": "cve"}, {"idList": ["SMNTC-96627"], "type": "symantec"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["KLA10984", "KLA10979"], "type": "kaspersky"}, {"idList": ["SMB_NT_MS17-017.NASL"], "type": "nessus"}]}, "dependencies": {"references": [{"idList": ["OPENVAS:1361412562310810814"], "type": "openvas"}, {"idList": ["RAPID7COMMUNITY:D6095B3BBE1704D4062E19C249D178EC"], "type": "rapid7community"}, {"idList": ["CVE-2017-0102"], "type": "cve"}, {"idList": ["SMNTC-96627"], "type": "symantec"}, {"idList": ["KLA11902", "KLA10984", "KLA10979"], "type": "kaspersky"}, {"idList": ["SMB_NT_MS17-017.NASL"], "type": "nessus"}], "rev": 4}, "exploitation": null, "score": {"value": 3.6, "vector": "NONE"}, "vulnersScore": 3.6}, "_state": {"dependencies": 1666809388, "score": 1666809538}, "_internal": {"score_hash": "23a36486c0212bd06d2f006d17fd6c65"}, "kbList": ["KB3213986", "KB4012214", "KB4012217", "KB4012212", "KB4012215", "KB4012213", "KB3210721", "KB4012606", "KB4012216", "KB3205409", "KB3210720", "KB3205401", "KB4013198", "KBMS16-110, 3187754", "KB4011981", "KB3212646", "KB4013429"], "msrc": "", "mscve": "CVE-2017-0102", "msAffectedSoftware": [{"kb": "KB4013429", "kbSupersedence": "KB3213986", "msplatform": "", "name": "windows server 2016", "operator": "", "version": ""}, {"kb": "KB4012606", "kbSupersedence": "KB3210720", "msplatform": "", "name": "windows 10 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4013429", "kbSupersedence": "KB3213986", "msplatform": "", "name": "windows 10 version 1607 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4012215", "kbSupersedence": "KB3212646", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4012215", "kbSupersedence": "KB3212646", "msplatform": "", "name": "windows server 2008 r2 for itanium-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4011981", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for itanium-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4013198", "kbSupersedence": "KB3210721", "msplatform": "", "name": "windows 10 version 1511 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4012213", "kbSupersedence": "", "msplatform": "", "name": "windows 8.1 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4011981", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4013429", "kbSupersedence": "KB3213986", "msplatform": "", "name": "windows 10 version 1607 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4012215", "kbSupersedence": "KB3212646", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4013198", "kbSupersedence": "KB3210721", "msplatform": "", "name": "windows 10 version 1511 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4012213", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 r2", "operator": "", "version": ""}, {"kb": "KB4013429", "kbSupersedence": "KB3213986", "msplatform": "", "name": "windows server 2016 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4012217", "kbSupersedence": "KB3205409", "msplatform": "", "name": "windows server 2012", "operator": "", "version": ""}, {"kb": "KB4012213", "kbSupersedence": "", "msplatform": "", "name": "windows 8.1 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4012215", "kbSupersedence": "KB3212646", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4011981", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4012212", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4012212", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4011981", "kbSupersedence": "", "msplatform": "", "name": "windows vista service pack 2", "operator": "", "version": ""}, {"kb": "KB4012212", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4012216", "kbSupersedence": "KB3205401", "msplatform": "", "name": "windows 8.1 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4012214", "kbSupersedence": "KBMS16-110, 3187754", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4012216", "kbSupersedence": "KB3205401", "msplatform": "", "name": "windows 8.1 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4012216", "kbSupersedence": "KB3205401", "msplatform": "", "name": "windows server 2012 r2", "operator": "", "version": ""}, {"kb": "KB4012212", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4012216", "kbSupersedence": "KB3205401", "msplatform": "", "name": "windows rt 8.1", "operator": "", "version": ""}, {"kb": "KB4012214", "kbSupersedence": "KBMS16-110, 3187754", "msplatform": "", "name": "windows server 2012", "operator": "", "version": ""}, {"kb": "KB4011981", "kbSupersedence": "", "msplatform": "", "name": "windows vista x64 edition service pack 2", "operator": "", "version": ""}, {"kb": "KB4012606", "kbSupersedence": "KB3210720", "msplatform": "", "name": "windows 10 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4012212", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for itanium-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4011981", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4012217", "kbSupersedence": "KB3205409", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4012213", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 r2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4011981", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4012215", "kbSupersedence": "KB3212646", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4012216", "kbSupersedence": "KB3205401", "msplatform": "", "name": "windows server 2012 r2 (server core installation)", "operator": "", "version": ""}], "vendorCvss": {"baseScore": "6.3", "temporalScore": "5.7", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C"}}

{"symantec": [{"lastseen": "2021-06-08T19:05:21", "bulletinFamily": "software", "cvelist": ["CVE-2017-0102"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 for x64-based Systems \n * Microsoft Windows Vista Service Pack 2 \n * Microsoft Windows Vista x64 Edition SP2 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "modified": "2017-03-14T00:00:00", "id": "SMNTC-96627", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/96627", "published": "2017-03-14T00:00:00", "type": "symantec", "title": "Microsoft Windows CVE-2017-0102 Local Privilege Escalation Vulnerability", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T11:48:45", "description": "Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate buffer lengths, aka \"Windows Elevation of Privilege Vulnerability.\"", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-17T00:59:00", "type": "cve", "title": "CVE-2017-0102", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0102"], "modified": "2017-07-12T01:29:00", "cpe": ["cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_vista:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2017-0102", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0102", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-11T14:21:29", "description": "The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0050)\n\n - An elevation of privilege vulnerability exists in the Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0101)\n\n - An elevation of privilege vulnerability exists due to a failure to check the length of a buffer prior to copying memory. A local attacker can exploit this, by copying a file to a shared folder or drive, to gain elevated privileges. (CVE-2017-0102)\n\n - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0103)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-14T00:00:00", "type": "nessus", "title": "MS17-017: Security Update for Windows Kernel (4013081)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0050", "CVE-2017-0101", "CVE-2017-0102", "CVE-2017-0103"], "modified": "2022-03-28T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17-017.NASL", "href": "https://www.tenable.com/plugins/nessus/97733", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97733);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2017-0050\",\n \"CVE-2017-0101\",\n \"CVE-2017-0102\",\n \"CVE-2017-0103\"\n );\n script_bugtraq_id(\n 96025,\n 96623,\n 96625,\n 96627\n );\n script_xref(name:\"MSFT\", value:\"MS17-017\");\n script_xref(name:\"MSKB\", value:\"4011981\");\n script_xref(name:\"MSKB\", value:\"4012212\");\n script_xref(name:\"MSKB\", value:\"4012213\");\n script_xref(name:\"MSKB\", value:\"4012214\");\n script_xref(name:\"MSKB\", value:\"4012215\");\n script_xref(name:\"MSKB\", value:\"4012216\");\n script_xref(name:\"MSKB\", value:\"4012217\");\n script_xref(name:\"MSKB\", value:\"4012606\");\n script_xref(name:\"MSKB\", value:\"4013198\");\n script_xref(name:\"MSKB\", value:\"4013429\");\n script_xref(name:\"IAVA\", value:\"2017-A-0068\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"MS17-017: Security Update for Windows Kernel (4013081)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected multiple elevation of privilege\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected by multiple elevation of privilege\nvulnerabilities :\n\n - An elevation of privilege vulnerability exists in the\n Windows Kernel API due to improper enforcement of\n permissions. A local attacker can exploit this, via a\n specially crafted application, to run processes in an\n elevated context. (CVE-2017-0050)\n\n - An elevation of privilege vulnerability exists in the\n Windows Transaction Manager due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run processes in\n an elevated context. (CVE-2017-0101)\n\n - An elevation of privilege vulnerability exists due to a\n failure to check the length of a buffer prior to copying\n memory. A local attacker can exploit this, by copying a\n file to a shared folder or drive, to gain elevated \n privileges. (CVE-2017-0102)\n\n - An elevation of privilege vulnerability exists in the\n Windows Kernel API due to improper handling of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to gain elevated\n privileges. (CVE-2017-0103)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/ms17-017\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista, 2008, 7,\n2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-017';\nkbs = make_list(\n '4011981',\n '4012212',\n '4012213',\n '4012214',\n '4012215',\n '4012216',\n '4012217',\n '4012606',\n '4013198',\n '4013429'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\ndate = \"03_2017\";\nif (\n # Vista / Windows Server 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"ntoskrnl.exe\", version:\"6.0.6002.19741\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4011981\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"ntoskrnl.exe\", version:\"6.0.6002.24065\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4011981\") ||\n # Windows 7 / Server 2008 R2\n smb_check_rollup(os:\"6.1\", sp:1, rollup_date:date, bulletin:bulletin, rollup_kb_list:make_list(4012212, 4012215)) ||\n # Windows 8.1 / Server 2012 R2\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:date, bulletin:bulletin, rollup_kb_list:make_list(4012213, 4012216)) ||\n # Server 2012\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:date, bulletin:bulletin, rollup_kb_list:make_list(4012214, 4012217)) ||\n # Windows 10\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:date, bulletin:bulletin, rollup_kb_list:make_list(4012606)) ||\n # Windows 10 1511\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:date, bulletin:bulletin, rollup_kb_list:make_list(4013198)) ||\n # Windows 10 1607 / Server 2016 x64\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:date, bulletin:bulletin, rollup_kb_list:make_list(4013429))\n )\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:24:09", "description": "This host is missing an important security\n update according to Microsoft Bulletin MS17-017", "cvss3": {}, "published": "2017-03-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Kernel Privilege Escalation Vulnerability (4013081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0101", "CVE-2017-0102", "CVE-2017-0050", "CVE-2017-0103"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310810814", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810814", "sourceData": "#############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Kernel Privilege Escalation Vulnerability (4013081)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810814\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0050\", \"CVE-2017-0101\", \"CVE-2017-0102\", \"CVE-2017-0103\");\n script_bugtraq_id(96025, 96625, 96627, 96623);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-15 12:18:08 +0530 (Wed, 15 Mar 2017)\");\n script_name(\"Microsoft Windows Kernel Privilege Escalation Vulnerability (4013081)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS17-017\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist as,\n\n - Windows kernel API enforces permissions.\n\n - Windows Transaction Manager improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain elevated privileges on a targeted system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows 10 x32/x64\n\n - Microsoft Windows Server 2012/2012R2\n\n - Microsoft Windows 10 Version 1511 x32/x64\n\n - Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Vista x32/x64 Edition Service Pack 2\n\n - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2\n\n - Microsoft Windows 7 x32/x64 Edition Service Pack 1\n\n - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/4013081\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/MS17-017\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS17-017\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2, winVistax64:3,\n win2008x64:3, win2012:1, win2012R2:1, win8_1:1, win8_1x64:1, win10:1,\n win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\nwinVer = fetch_file_version(sysPath:sysPath, file_name:\"System32\\Win32k.sys\");\nadvVer = fetch_file_version(sysPath:sysPath, file_name:\"System32\\advapi32.dll\");\nif(!winVer && !advVer){\n exit(0);\n}\n\n## Extracted patch and checked for version\nif(hotfix_check_sp(winVista:3, winVistax64:3, win2008:3, win2008x64:3) > 0 && advVer)\n{\n if(version_is_less(version:advVer, test_version:\"6.0.6002.19680\"))\n {\n Vulnerable_range1 = \"Less than 6.0.6002.19680\";\n VULN1 = TRUE ;\n }\n\n else if(version_in_range(version:advVer, test_version:\"6.0.6002.24000\", test_version2:\"6.0.6002.24064\"))\n {\n Vulnerable_range1 = \"6.0.6002.24000 - 6.0.6002.24064\";\n VULN1 = TRUE ;\n }\n}\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n ## Presently GDR information is not available.\n if(version_is_less(version:winVer, test_version:\"6.1.7601.23677\"))\n {\n Vulnerable_range = \"Less than 6.1.7601.23677\";\n VULN = TRUE ;\n }\n}\n\n## Win 8.1 and win2012R2\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:winVer, test_version:\"6.3.9600.18603\"))\n {\n Vulnerable_range = \"Less than 6.3.9600.18603\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win2012:1) > 0)\n{\n if(version_is_less(version:winVer, test_version:\"6.2.9200.22097\"))\n {\n Vulnerable_range = \"Less than 6.2.9200.22097\";\n VULN = TRUE;\n }\n}\n\n\nelse if(hotfix_check_sp(win10:1, win10x64:1, win2016:1) > 0)\n{\n if(version_is_less(version:winVer, test_version:\"10.0.10240.16384\"))\n {\n Vulnerable_range = \"Less than 10.0.10240.16384\";\n VULN = TRUE;\n }\n\n else if(winVer && version_in_range(version:winVer, test_version:\"10.0.10586.0\", test_version2:\"10.0.10586.19\"))\n {\n Vulnerable_range = \"10.0.10586.0 - 10.0.10586.19\";\n VULN = TRUE;\n }\n\n else if( winVer && version_in_range(version:winVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.593\"))\n {\n Vulnerable_range = \"10.0.14393.0 - 10.0.14393.593\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\System32\\Win32k.sys\" + '\\n' +\n 'File version: ' + winVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nelse if(VULN1)\n{\n report = 'File checked: ' + sysPath + \"\\System32\\advapi32.dll\" + '\\n' +\n 'File version: ' + advVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range1 + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:18:27", "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges.\n\n### *Affected products*:\nWindows Vista Service Pack 2 \nWindows 7 Service Pack 1 \nWindows 8.1 \nWindows RT \nWindows 10 \nWindows Server 2008 \nWindows Server 2008 R2 \nWindows Server 2012 \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS17-017](<https://technet.microsoft.com/en-us/library/security/ms17-017.aspx>) \n[CVE-2017-0102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0102>) \n[CVE-2017-0103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103>) \n[CVE-2017-0101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101>) \n[CVE-2017-0050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050>) \n\n\n### *Impacts*:\nPE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2017-0102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102>)4.6Warning \n[CVE-2017-0103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103>)4.4Warning \n[CVE-2017-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101>)6.8High \n[CVE-2017-0050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050>)7.2High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4012217](<http://support.microsoft.com/kb/4012217>) \n[4012215](<http://support.microsoft.com/kb/4012215>) \n[4012216](<http://support.microsoft.com/kb/4012216>) \n[4012606](<http://support.microsoft.com/kb/4012606>) \n[4013198](<http://support.microsoft.com/kb/4013198>) \n[4013429](<http://support.microsoft.com/kb/4013429>) \n[4012212](<http://support.microsoft.com/kb/4012212>) \n[4012214](<http://support.microsoft.com/kb/4012214>) \n[4012213](<http://support.microsoft.com/kb/4012213>) \n[4011981](<http://support.microsoft.com/kb/4011981>) \n[4013081](<http://support.microsoft.com/kb/4013081>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-14T00:00:00", "type": "kaspersky", "title": "KLA10984 Privilege escalation vulnerabilities in Windows kernel", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0050", "CVE-2017-0101", "CVE-2017-0102", "CVE-2017-0103"], "modified": "2020-06-18T00:00:00", "id": "KLA10984", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10984/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:05:03", "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service.\n\n### *Exploitation*:\nThis vulnerability can be exploited by the following malware:\n\n### *Affected products*:\nMicrosoft Silverlight 5 when installed on Microsoft Windows (x64-based) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Vista x64 Edition Service Pack 2 \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nSkype for Business 2016 (64-bit) \nWindows 8.1 for x64-based systems \nWindows 8.1 for 32-bit systems \nWindows Vista Service Pack 2 \nMicrosoft XML Core Services 3.0 \nMicrosoft Lync 2013 Service Pack 1 (64-bit) \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nMicrosoft Lync Basic 2013 Service Pack 1 (64-bit) \nWindows Server 2016 \nMicrosoft Lync 2010 Attendee (admin level install) \nSkype for Business 2016 Basic (32-bit) \nMicrosoft Live Meeting 2007 Add-in \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows RT 8.1 \nSkype for Business 2016 (32-bit) \nMicrosoft Lync 2010 Attendee (user level install) \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Lync 2010 (64-bit) \nMicrosoft Office Word Viewer \nMicrosoft Live Meeting 2007 Console \nMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based) \nMicrosoft Office 2007 Service Pack 3 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nSkype for Business 2016 Basic (64-bit) \nMicrosoft Lync Basic 2013 Service Pack 1 (32-bit) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nInternet Explorer 10 \nMicrosoft Lync 2010 (32-bit) \nMicrosoft Silverlight 5 when installed on Microsoft Windows (32-bit) \nWindows Server 2012 R2 \nMicrosoft Lync 2013 Service Pack 1 (32-bit)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0108](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0108>) \n[CVE-2017-0109](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0109>) \n[CVE-2017-0072](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0072>) \n[CVE-2017-0100](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0100>) \n[CVE-2017-0101](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0101>) \n[CVE-2017-0102](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0102>) \n[CVE-2017-0143](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0143>) \n[CVE-2017-0104](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0104>) \n[CVE-2017-0022](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0022>) \n[CVE-2017-0001](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0001>) \n[CVE-2017-0145](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0145>) \n[CVE-2017-0120](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0120>) \n[CVE-2017-0147](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0147>) \n[CVE-2017-0005](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0005>) \n[CVE-2017-0127](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0127>) \n[CVE-2017-0124](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0124>) \n[CVE-2017-0125](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0125>) \n[CVE-2017-0009](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0009>) \n[CVE-2017-0008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0008>) \n[CVE-2017-0047](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0047>) \n[CVE-2017-0060](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0060>) \n[CVE-2017-0148](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0148>) \n[CVE-2017-0061](<https://nvd.nist.gov/vuln/detail/CVE-2017-0061>) \n[CVE-2017-0043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0043>) \n[CVE-2017-0042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0042>) \n[CVE-2017-0045](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0045>) \n[CVE-2017-0119](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0119>) \n[CVE-2017-0062](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0062>) \n[CVE-2017-0149](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0149>) \n[CVE-2017-0099](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0099>) \n[CVE-2017-0144](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0144>) \n[CVE-2017-0040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0040>) \n[CVE-2017-0090](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0090>) \n[CVE-2017-0091](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0091>) \n[CVE-2017-0096](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0096>) \n[CVE-2017-0097](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0097>) \n[CVE-2017-0038](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0038>) \n[CVE-2017-0039](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0039>) \n[CVE-2017-0103](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0103>) \n[CVE-2017-0063](<https://nvd.nist.gov/vuln/detail/CVE-2017-0063>) \n[CVE-2017-0118](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0118>) \n[CVE-2017-0117](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0117>) \n[CVE-2017-0116](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0116>) \n[CVE-2017-0115](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0115>) \n[CVE-2017-0114](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0114>) \n[CVE-2017-0113](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0113>) \n[CVE-2017-0112](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0112>) \n[CVE-2017-0111](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0111>) \n[CVE-2017-0092](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0092>) \n[CVE-2017-0076](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0076>) \n[CVE-2017-0014](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0014>) \n[CVE-2017-0059](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0059>) \n[CVE-2017-0056](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0056>) \n[CVE-2017-0055](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0055>) \n[CVE-2017-0050](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0050>) \n[CVE-2017-0123](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0123>) \n[CVE-2017-0122](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0122>) \n[CVE-2017-0073](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0073>) \n[CVE-2017-0075](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0075>) \n[CVE-2017-0025](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0025>) \n[CVE-2017-0146](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0146>) \n[CVE-2017-0128](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0128>) \n[CVE-2017-0089](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0089>) \n[CVE-2017-0088](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0088>) \n[CVE-2017-0121](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0121>) \n[CVE-2017-0130](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0130>) \n[CVE-2017-0126](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0126>) \n[CVE-2017-0083](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0083>) \n[CVE-2017-0085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0085>) \n[CVE-2017-0084](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0084>) \n[CVE-2017-0087](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0087>) \n[CVE-2017-0086](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0086>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-0042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0042>)2.6Warning \n[CVE-2017-0096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096>)2.3Warning \n[CVE-2017-0097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097>)2.3Warning \n[CVE-2017-0099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099>)2.3Warning \n[CVE-2017-0109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109>)7.4High \n[CVE-2017-0075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075>)7.4High \n[CVE-2017-0076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076>)2.9Warning \n[CVE-2017-0055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0055>)4.3Warning \n[CVE-2017-0102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102>)4.6Warning \n[CVE-2017-0103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103>)4.4Warning \n[CVE-2017-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101>)6.8High \n[CVE-2017-0050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050>)7.2High \n[CVE-2017-0056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0056>)7.2High \n[CVE-2017-0043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0043>)2.9Warning \n[CVE-2017-0045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0045>)4.3Warning \n[CVE-2017-0022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022>)4.3Warning \n[CVE-2017-0143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143>)9.3Critical \n[CVE-2017-0144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144>)9.3Critical \n[CVE-2017-0145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145>)9.3Critical \n[CVE-2017-0146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146>)9.3Critical \n[CVE-2017-0147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147>)4.3Warning \n[CVE-2017-0148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148>)9.3Critical \n[CVE-2017-0014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014>)7.6Critical \n[CVE-2017-0060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0060>)1.9Warning \n[CVE-2017-0061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0061>)2.6Warning \n[CVE-2017-0062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0062>)1.9Warning \n[CVE-2017-0063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0063>)4.3Warning \n[CVE-2017-0025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0025>)7.2High \n[CVE-2017-0073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0073>)4.3Warning \n[CVE-2017-0108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0108>)9.3Critical \n[CVE-2017-0038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038>)4.3Warning \n[CVE-2017-0001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0001>)7.2High \n[CVE-2017-0005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0005>)6.9High \n[CVE-2017-0047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0047>)7.2High \n[CVE-2017-0072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0072>)9.3Critical \n[CVE-2017-0083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0083>)9.3Critical \n[CVE-2017-0084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0084>)9.3Critical \n[CVE-2017-0085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0085>)4.3Warning \n[CVE-2017-0086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0086>)9.3Critical \n[CVE-2017-0087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0087>)9.3Critical \n[CVE-2017-0088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0088>)9.3Critical \n[CVE-2017-0089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0089>)9.3Critical \n[CVE-2017-0090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0090>)9.3Critical \n[CVE-2017-0091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0091>)4.3Warning \n[CVE-2017-0092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0092>)4.3Warning \n[CVE-2017-0111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0111>)4.3Warning \n[CVE-2017-0112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0112>)4.3Warning \n[CVE-2017-0113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0113>)4.3Warning \n[CVE-2017-0114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0114>)4.3Warning \n[CVE-2017-0115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0115>)4.3Warning \n[CVE-2017-0116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0116>)4.3Warning \n[CVE-2017-0117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0117>)4.3Warning \n[CVE-2017-0118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0118>)4.3Warning \n[CVE-2017-0119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0119>)4.3Warning \n[CVE-2017-0120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0120>)4.3Warning \n[CVE-2017-0121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0121>)4.3Warning \n[CVE-2017-0122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0122>)4.3Warning \n[CVE-2017-0123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0123>)4.3Warning \n[CVE-2017-0124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0124>)4.3Warning \n[CVE-2017-0125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0125>)4.3Warning \n[CVE-2017-0126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0126>)4.3Warning \n[CVE-2017-0127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0127>)4.3Warning \n[CVE-2017-0128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0128>)4.3Warning \n[CVE-2017-0009](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0009>)4.3Warning \n[CVE-2017-0059](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0059>)4.3Warning \n[CVE-2017-0130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0130>)7.6Critical \n[CVE-2017-0149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0149>)7.6Critical \n[CVE-2017-0008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0008>)4.3Warning \n[CVE-2017-0040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0040>)7.6Critical \n[CVE-2017-0100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0100>)4.4Warning \n[CVE-2017-0104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0104>)9.3Critical \n[CVE-2017-0039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0039>)9.3Critical\n\n### *KB list*:\n[4012204](<http://support.microsoft.com/kb/4012204>) \n[4012215](<http://support.microsoft.com/kb/4012215>) \n[3211306](<http://support.microsoft.com/kb/3211306>) \n[4012212](<http://support.microsoft.com/kb/4012212>) \n[4012598](<http://support.microsoft.com/kb/4012598>) \n[4012583](<http://support.microsoft.com/kb/4012583>) \n[3217587](<http://support.microsoft.com/kb/3217587>) \n[4012021](<http://support.microsoft.com/kb/4012021>) \n[4012373](<http://support.microsoft.com/kb/4012373>) \n[4012497](<http://support.microsoft.com/kb/4012497>) \n[4017018](<http://support.microsoft.com/kb/4017018>) \n[4012584](<http://support.microsoft.com/kb/4012584>) \n[3218362](<http://support.microsoft.com/kb/3218362>) \n[4011981](<http://support.microsoft.com/kb/4011981>) \n[3217882](<http://support.microsoft.com/kb/3217882>) \n[3214051](<http://support.microsoft.com/kb/3214051>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-14T00:00:00", "type": "kaspersky", "title": "KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0001", "CVE-2017-0005", "CVE-2017-0008", "CVE-2017-0009", "CVE-2017-0014", "CVE-2017-0022", "CVE-2017-0025", "CVE-2017-0038", "CVE-2017-0039", "CVE-2017-0040", "CVE-2017-0042", "CVE-2017-0043", "CVE-2017-0045", "CVE-2017-0047", "CVE-2017-0050", "CVE-2017-0055", "CVE-2017-0056", "CVE-2017-0059", "CVE-2017-0060", "CVE-2017-0061", "CVE-2017-0062", "CVE-2017-0063", "CVE-2017-0072", "CVE-2017-0073", "CVE-2017-0075", "CVE-2017-0076", "CVE-2017-0083", "CVE-2017-0084", "CVE-2017-0085", "CVE-2017-0086", "CVE-2017-0087", "CVE-2017-0088", "CVE-2017-0089", "CVE-2017-0090", "CVE-2017-0091", "CVE-2017-0092", "CVE-2017-0096", "CVE-2017-0097", "CVE-2017-0099", "CVE-2017-0100", "CVE-2017-0101", "CVE-2017-0102", "CVE-2017-0103", "CVE-2017-0104", "CVE-2017-0108", "CVE-2017-0109", "CVE-2017-0111", "CVE-2017-0112", "CVE-2017-0113", "CVE-2017-0114", "CVE-2017-0115", "CVE-2017-0116", "CVE-2017-0117", "CVE-2017-0118", "CVE-2017-0119", "CVE-2017-0120", "CVE-2017-0121", "CVE-2017-0122", "CVE-2017-0123", "CVE-2017-0124", "CVE-2017-0125", "CVE-2017-0126", "CVE-2017-0127", "CVE-2017-0128", "CVE-2017-0130", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0146", "CVE-2017-0147", "CVE-2017-0148", "CVE-2017-0149"], "modified": "2022-01-25T00:00:00", "id": "KLA11902", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11902/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-01T00:00:00", "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service.\n\n### *Affected products*:\nMicrosoft Windows Vista Service Pack 2 \nMicrosoft Windows 7 Service Pack 1 \nMicrosoft Windows 8.1 \nMicrosoft Windows RT 8.1 \nMicrosoft Windows 10 \nMicrosoft Windows Server 2008 Service Pack 2 \nMicrosoft Windows Server 2008 R2 Service Pack 1 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS17-012](<https://technet.microsoft.com/library/security/MS17-012>) \n[CVE-2017-0051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0051>) \n[CVE-2017-0021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021>) \n[CVE-2017-0095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0095>) \n[CVE-2017-0096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096>) \n[CVE-2017-0097](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097>) \n[CVE-2017-0098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098>) \n[CVE-2017-0099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0099>) \n[CVE-2017-0109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0109>) \n[CVE-2017-0074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0074>) \n[CVE-2017-0075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075>) \n[CVE-2017-0076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076>) \n[CVE-2017-0055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0055>) \n[CVE-2017-0102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0102>) \n[CVE-2017-0103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103>) \n[CVE-2017-0101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101>) \n[CVE-2017-0050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050>) \n[CVE-2017-0056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056>) \n[CVE-2017-0024](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0024>) \n[CVE-2017-0026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026>) \n[CVE-2017-0078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078>) \n[CVE-2017-0079](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0079>) \n[CVE-2017-0080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080>) \n[CVE-2017-0081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081>) \n[CVE-2017-0082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082>) \n[CVE-2017-0043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0043>) \n[CVE-2017-0045](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045>) \n[CVE-2017-0022](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022>) \n[CVE-2017-0143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143>) \n[CVE-2017-0144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144>) \n[CVE-2017-0145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145>) \n[CVE-2017-0146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0146>) \n[CVE-2017-0147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147>) \n[CVE-2017-0148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0148>) \n[CVE-2017-0014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014>) \n[CVE-2017-0060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060>) \n[CVE-2017-0061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061>) \n[CVE-2017-0062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0062>) \n[CVE-2017-0063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063>) \n[CVE-2017-0025](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0025>) \n[CVE-2017-0073](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073>) \n[CVE-2017-0108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108>) \n[CVE-2017-0038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038>) \n[CVE-2017-0001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0001>) \n[CVE-2017-0005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0005>) \n[CVE-2017-0047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0047>) \n[CVE-2017-0072](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072>) \n[CVE-2017-0083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083>) \n[CVE-2017-0084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084>) \n[CVE-2017-0085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0085>) \n[CVE-2017-0086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0086>) \n[CVE-2017-0087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0087>) \n[CVE-2017-0088](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088>) \n[CVE-2017-0089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089>) \n[CVE-2017-0090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090>) \n[CVE-2017-0091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0091>) \n[CVE-2017-0092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092>) \n[CVE-2017-0111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111>) \n[CVE-2017-0112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0112>) \n[CVE-2017-0113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0113>) \n[CVE-2017-0114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0114>) \n[CVE-2017-0115](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0115>) \n[CVE-2017-0116](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116>) \n[CVE-2017-0117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117>) \n[CVE-2017-0118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118>) \n[CVE-2017-0119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0119>) \n[CVE-2017-0120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0120>) \n[CVE-2017-0121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121>) \n[CVE-2017-0122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0122>) \n[CVE-2017-0123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123>) \n[CVE-2017-0124](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124>) \n[CVE-2017-0125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0125>) \n[CVE-2017-0126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0126>) \n[CVE-2017-0127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0127>) \n[CVE-2017-0128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0128>) \n[CVE-2017-0130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130>) \n[CVE-2017-0008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008>) \n[CVE-2017-0057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0057>) \n[CVE-2017-0100](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0100>) \n[CVE-2017-0104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0104>) \n[CVE-2017-0007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007>) \n[CVE-2017-0016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016>) \n[CVE-2017-0039](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2017-0051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0051>)2.9Warning \n[CVE-2017-0021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0021>)7.7Critical \n[CVE-2017-0095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0095>)7.9Critical \n[CVE-2017-0096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096>)2.3Warning \n[CVE-2017-0097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097>)2.3Warning \n[CVE-2017-0098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0098>)2.9Warning \n[CVE-2017-0099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099>)2.3Warning \n[CVE-2017-0109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109>)7.4High \n[CVE-2017-0074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0074>)2.3Warning \n[CVE-2017-0075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075>)7.4High \n[CVE-2017-0076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076>)2.9Warning \n[CVE-2017-0055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0055>)4.3Warning \n[CVE-2017-0102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102>)4.6Warning \n[CVE-2017-0103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103>)4.4Warning \n[CVE-2017-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101>)6.8High \n[CVE-2017-0050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050>)7.2High \n[CVE-2017-0056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0056>)7.2High \n[CVE-2017-0024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0024>)7.2High \n[CVE-2017-0026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0026>)7.2High \n[CVE-2017-0078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0078>)7.2High \n[CVE-2017-0079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0079>)7.2High \n[CVE-2017-0080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0080>)7.2High \n[CVE-2017-0081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0081>)7.2High \n[CVE-2017-0082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0082>)7.2High \n[CVE-2017-0043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0043>)2.9Warning \n[CVE-2017-0045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0045>)4.3Warning \n[CVE-2017-0022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022>)4.3Warning \n[CVE-2017-0143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143>)9.3Critical \n[CVE-2017-0144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144>)9.3Critical \n[CVE-2017-0145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145>)9.3Critical \n[CVE-2017-0146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146>)9.3Critical \n[CVE-2017-0147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147>)4.3Warning \n[CVE-2017-0148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148>)9.3Critical \n[CVE-2017-0014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014>)7.6Critical \n[CVE-2017-0060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0060>)1.9Warning \n[CVE-2017-0061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0061>)2.6Warning \n[CVE-2017-0062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0062>)1.9Warning \n[CVE-2017-0063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0063>)4.3Warning \n[CVE-2017-0025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0025>)7.2High \n[CVE-2017-0073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0073>)4.3Warning \n[CVE-2017-0108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0108>)9.3Critical \n[CVE-2017-0038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038>)4.3Warning \n[CVE-2017-0001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0001>)7.2High \n[CVE-2017-0005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0005>)6.9High \n[CVE-2017-0047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0047>)7.2High \n[CVE-2017-0072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0072>)9.3Critical \n[CVE-2017-0083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0083>)9.3Critical \n[CVE-2017-0084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0084>)9.3Critical \n[CVE-2017-0085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0085>)4.3Warning \n[CVE-2017-0086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0086>)9.3Critical \n[CVE-2017-0087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0087>)9.3Critical \n[CVE-2017-0088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0088>)9.3Critical \n[CVE-2017-0089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0089>)9.3Critical \n[CVE-2017-0090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0090>)9.3Critical \n[CVE-2017-0091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0091>)4.3Warning \n[CVE-2017-0092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0092>)4.3Warning \n[CVE-2017-0111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0111>)4.3Warning \n[CVE-2017-0112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0112>)4.3Warning \n[CVE-2017-0113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0113>)4.3Warning \n[CVE-2017-0114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0114>)4.3Warning \n[CVE-2017-0115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0115>)4.3Warning \n[CVE-2017-0116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0116>)4.3Warning \n[CVE-2017-0117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0117>)4.3Warning \n[CVE-2017-0118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0118>)4.3Warning \n[CVE-2017-0119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0119>)4.3Warning \n[CVE-2017-0120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0120>)4.3Warning \n[CVE-2017-0121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0121>)4.3Warning \n[CVE-2017-0122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0122>)4.3Warning \n[CVE-2017-0123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0123>)4.3Warning \n[CVE-2017-0124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0124>)4.3Warning \n[CVE-2017-0125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0125>)4.3Warning \n[CVE-2017-0126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0126>)4.3Warning \n[CVE-2017-0127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0127>)4.3Warning \n[CVE-2017-0128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0128>)4.3Warning \n[CVE-2017-0130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0130>)7.6Critical \n[CVE-2017-0008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0008>)4.3Warning \n[CVE-2017-0057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0057>)4.3Warning \n[CVE-2017-0100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0100>)4.4Warning \n[CVE-2017-0104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0104>)9.3Critical \n[CVE-2017-0007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0007>)2.1Warning \n[CVE-2017-0016](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0016>)7.1High \n[CVE-2017-0039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0039>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4012217](<http://support.microsoft.com/kb/4012217>) \n[4012215](<http://support.microsoft.com/kb/4012215>) \n[4012216](<http://support.microsoft.com/kb/4012216>) \n[4012606](<http://support.microsoft.com/kb/4012606>) \n[4013198](<http://support.microsoft.com/kb/4013198>) \n[4013429](<http://support.microsoft.com/kb/4013429>) \n[3211306](<http://support.microsoft.com/kb/3211306>) \n[4012212](<http://support.microsoft.com/kb/4012212>) \n[4012214](<http://support.microsoft.com/kb/4012214>) \n[4012213](<http://support.microsoft.com/kb/4012213>) \n[4012598](<http://support.microsoft.com/kb/4012598>) \n[4012583](<http://support.microsoft.com/kb/4012583>) \n[3217587](<http://support.microsoft.com/kb/3217587>) \n[4012021](<http://support.microsoft.com/kb/4012021>) \n[4012373](<http://support.microsoft.com/kb/4012373>) \n[4012497](<http://support.microsoft.com/kb/4012497>) \n[4017018](<http://support.microsoft.com/kb/4017018>) \n[4012584](<http://support.microsoft.com/kb/4012584>) \n[3218362](<http://support.microsoft.com/kb/3218362>) \n[3205715](<http://support.microsoft.com/kb/3205715>) \n[4011981](<http://support.microsoft.com/kb/4011981>) \n[3217882](<http://support.microsoft.com/kb/3217882>)\n\n### *Exploitation*:\nThis vulnerability can be exploited by the following malware:", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-03-14T00:00:00", "type": "kaspersky", "title": "KLA10979 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0001", "CVE-2017-0005", "CVE-2017-0007", "CVE-2017-0008", "CVE-2017-0014", "CVE-2017-0016", "CVE-2017-0021", "CVE-2017-0022", "CVE-2017-0024", "CVE-2017-0025", "CVE-2017-0026", "CVE-2017-0038", "CVE-2017-0039", "CVE-2017-0043", "CVE-2017-0045", "CVE-2017-0047", "CVE-2017-0050", "CVE-2017-0051", "CVE-2017-0055", "CVE-2017-0056", "CVE-2017-0057", "CVE-2017-0060", "CVE-2017-0061", "CVE-2017-0062", "CVE-2017-0063", "CVE-2017-0072", "CVE-2017-0073", "CVE-2017-0074", "CVE-2017-0075", "CVE-2017-0076", "CVE-2017-0078", "CVE-2017-0079", "CVE-2017-0080", "CVE-2017-0081", "CVE-2017-0082", "CVE-2017-0083", "CVE-2017-0084", "CVE-2017-0085", "CVE-2017-0086", "CVE-2017-0087", "CVE-2017-0088", "CVE-2017-0089", "CVE-2017-0090", "CVE-2017-0091", "CVE-2017-0092", "CVE-2017-0095", "CVE-2017-0096", "CVE-2017-0097", "CVE-2017-0098", "CVE-2017-0099", "CVE-2017-0100", "CVE-2017-0101", "CVE-2017-0102", "CVE-2017-0103", "CVE-2017-0104", "CVE-2017-0108", "CVE-2017-0109", "CVE-2017-0111", "CVE-2017-0112", "CVE-2017-0113", "CVE-2017-0114", "CVE-2017-0115", "CVE-2017-0116", "CVE-2017-0117", "CVE-2017-0118", "CVE-2017-0119", "CVE-2017-0120", "CVE-2017-0121", "CVE-2017-0122", "CVE-2017-0123", "CVE-2017-0124", "CVE-2017-0125", "CVE-2017-0126", "CVE-2017-0127", "CVE-2017-0128", "CVE-2017-0130", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0146", "CVE-2017-0147", "CVE-2017-0148"], "modified": "2022-01-25T00:00:00", "id": "KLA10979", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10979/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "rapid7community": [{"lastseen": "2017-05-16T18:48:52", "description": "<!-- [DocumentBodyStart:bc62d177-a43a-4d62-b4f0-851708246874] --><div class=\"jive-rendered-content\"><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Today, security teams are starting their work week with a scramble to remediate MS17-010, in order to prevent the associated <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fsecurity-response%2Fwanna-decryptor\" target=\"_blank\">ransomware attack, WannaCry</a>, also known as Wanna Decryptor, WNCRY, and Wanna Decryptor 2.0 (how I miss the halcyon days when vulnerabilities had gentle names like Poodle). </span></p><p style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">With all of the WannaCry information circulating we want to keep this simple. First, check out this link to an <a class=\"jive-link-blog-small\" data-containerId=\"5165\" data-containerType=\"37\" data-objectId=\"7869\" data-objectType=\"38\" href=\"https://community.rapid7.com/community/infosec/blog/2017/05/12/wanna-decryptor-wncry-ransomware-explained\">overview of the WannaCry ransomware vulnerability</a> written by <a class=\"jive-link-profile-small jiveTT-hover-user\" data-containerId=\"-1\" data-containerType=\"-1\" data-objectId=\"29826\" data-objectType=\"3\" href=\"https://community.rapid7.com/people/hrbrmstr\">Bob Rudis</a></span><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">, and then review the below steps to quickly scan for this vulnerability in your own infrastructure (if you aren&#8217;t already a customer, go </span><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fproducts%2Finsightvm%2Fdownload%2F\" target=\"_blank\"><span style=\"font-size: 11pt; font-family: Arial; color: #1155cc;\">try out InsightVM for free</span></a><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"> you can use this free trial to scan for this vulnerability across your environment), create a dynamic asset group to continuously see affected assets, as well as create a dynamic remediation project to track the progress of remediating WannaCry.</span></p><p style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Here is the InsightVM/Nexpose step-by-step guide to create a scan template specifically to look for MS17-010:</span></p><p style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">1. Under the Administration tab, go to Templates &gt; Manage Templates</span></p><p><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66939/pastedImage_11.png\"><img class=\"image-1 jive-image\" height=\"276\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66939/754-276/pastedImage_11.png\" style=\" width: 754.425px;\" width=\"754\"/></a></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">2. Copy the following template: Full Audit enhanced logging without Web Spider. Don&#8217;t forget to give your copy a name and description; here, we&#8217;ll call it &ldquo;WNCRY Scan Template&#8221;</span></p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66940/pastedImage_12.png\"><img class=\"image-2 jive-image\" height=\"299\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66940/758-299/pastedImage_12.png\" style=\"width:758px; height: 301.367px;\" width=\"758\"/></a></span></p><p dir=\"ltr\"><span><span><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66944/pastedImage_13.png\"><img class=\"image-3 jive-image\" height=\"275\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66944/758-275/pastedImage_13.png\" style=\" width: 798.319px;\" width=\"758\"/></a></span></span><span><span><br/></span></span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">3. Click on Vulnerability Checks and then &ldquo;By Individual Check&#8221;</span></p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66945/pastedImage_14.png\"><img class=\"jive-image image-4\" height=\"322\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66945/758-322/pastedImage_14.png\" style=\" width: 867.529px;\" width=\"758\"/></a></span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">4. Add Check &ldquo;<a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fmodules%2Fauxiliary%2Fscanner%2Fsmb%2Fsmb_ms17_010\" target=\"_blank\">MS17-010</a>&#8221; and click save:</span></p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66946/pastedImage_15.png\"><img class=\"image-5 jive-image\" height=\"275\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66946/758-275/pastedImage_15.png\" style=\" width:758px;\" width=\"758\"/></a></span></p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">This should come back with 192 checks that are related to MS17-010. The related CVEs are:</span></p><p dir=\"ltr\" style=\"margin-top: 8pt; margin-left: 36pt;\"><span style=\"font-size: 10.5pt; font-family: Arial; color: #333333;\"><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fvulnerabilities%2Fmsft-cve-2017-0143\" target=\"_blank\">CVE-2017-0143</a></span></p><p dir=\"ltr\" style=\"margin-top: 8pt; margin-left: 36pt;\"><span style=\"font-size: 10.5pt; font-family: Arial; color: #333333;\"><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fvulnerabilities%2Fmsft-cve-2017-0144\" target=\"_blank\">CVE-2017-0144</a></span></p><p dir=\"ltr\" style=\"margin-top: 8pt; margin-left: 36pt;\"><span style=\"font-size: 10.5pt; font-family: Arial; color: #333333;\"><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fvulnerabilities%2Fmsft-cve-2017-0145\" target=\"_blank\">CVE-2017-0145</a></span></p><p dir=\"ltr\" style=\"margin-top: 8pt; margin-left: 36pt;\"><span style=\"font-size: 10.5pt; font-family: Arial; color: #333333;\"><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fvulnerabilities%2Fmsft-cve-2017-0146\" target=\"_blank\">CVE-2017-0146</a></span></p><p dir=\"ltr\" style=\"margin-top: 8pt; margin-left: 36pt;\"><span style=\"font-size: 10.5pt; font-family: Arial; color: #333333;\"><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fvulnerabilities%2Fmsft-cve-2017-0147\" target=\"_blank\">CVE-2017-0147</a></span></p><p dir=\"ltr\" style=\"margin-top: 8pt; margin-left: 36pt;\"><span style=\"font-size: 10.5pt; font-family: Arial; color: #333333;\"><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fvulnerabilities%2Fmsft-cve-2017-0148\" target=\"_blank\">CVE-2017-0148</a></span></p><p style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">5. Now, under \"By Category\" click &ldquo;Remove Categories&#8221;, select all, and click save:</span></p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66950/pastedImage_16.png\"><img class=\"image-6 jive-image\" height=\"202\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66950/758-202/pastedImage_16.png\" style=\" width: 973.212px;\" width=\"758\"/></a></span></p><p dir=\"ltr\"><span><span><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66952/pastedImage_18.png\"><img class=\"jive-image image-8\" height=\"161\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66952/758-161/pastedImage_18.png\" style=\" width: 1008.09px;\" width=\"758\"/></a></span></span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">6. And finally, under Check Type, click &ldquo;Remove Check Types&#8221;, select all, and click save</span></p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66953/pastedImage_20.png\"><img class=\"image-9 jive-image\" height=\"122\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66953/758-122/pastedImage_20.png\" style=\" width: 1060.2px;\" width=\"758\"/></a></span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><h2 dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">7. Save the template and run a scan to identify all assets with MS17-010.</span></h2><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><h2><span style=\"font-size: 18pt;\">Creating a Dynamic Asset Group for MS17-010</span></h2><p><span style=\"font-size: 12pt;\">Now that you have your assets scanned, you may want to create a Dynamic Asset Group to report/tag off of that will update itself whenever new assets are found with this vulnerability (and when they are fixed). To get started, click on the filter icon in the top right of the <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fproducts%2Finsightvm%2F\" target=\"_blank\">InsightVM</a> console, just under the search button:<br/></span></p><p><span style=\"font-size: 12pt;\"><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66963/pastedImage_34.png\"><img class=\"image-13 jive-image\" height=\"118\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66963/468-118/pastedImage_34.png\" style=\" width: 468.099px;\" width=\"468\"/></a></span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 12pt; font-family: Arial; color: #000000;\">Now, use the \"CVE ID\" filter to specify the CVEs listed below:</span></p><p dir=\"ltr\">This asset group can now be used for reporting as well as tagging to quickly identify exposed systems.</p><p dir=\"ltr\"><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66979/pastedImage_1.png\"><img class=\"image-16 jive-image\" height=\"477\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66979/pastedImage_1.png\" style=\"max-width:664px; max-\" width=\"664\"/></a></p><h2 dir=\"ltr\">Creating a WannaCry Dashboard</h2><p dir=\"ltr\"><span style=\"font-size: 11.5pt; font-family: Arial; color: #303030;\">Recently, Ken Mizota posted an article on how to build a custom dashboard to </span><a class=\"jive-link-blog-small\" data-containerId=\"1004\" data-containerType=\"37\" data-objectId=\"7855\" data-objectType=\"38\" href=\"https://community.rapid7.com/community/nexpose/blog/2017/05/09/practical-vm-tips-for-the-shadow-brokers-leaked-exploits\"><span style=\"font-size: 11.5pt; font-family: Arial; color: #3f98d4;\">track your exposure to exploits from the Shadow Brokers leak</span></a><span style=\"font-size: 11.5pt; font-family: Arial; color: #303030;\">. If you already did that, you're good to go! If you wanted to be specific to WannaCry, you could use this Dashboard filter:</span></p><p><span style=\"background-color: #f6f6f6; color: #000000; font-size: 12pt; font-family: Calibri;\">asset.vulnerability.title CONTAINS \"cve-2017-0143\" OR asset.vulnerability.title CONTAINS \"cve-2017-0144\" OR asset.vulnerability.title CONTAINS \"cve-2017-0145\" OR asset.vulnerability.title CONTAINS \"cve-2017-0101\" OR asset.vulnerability.title CONTAINS \"cve-2017-0147\" OR asset.vulnerability.title CONTAINS \"cve-2017-0148\"</span></p><p><span style=\"background-color: #f6f6f6; color: #000000; font-size: 12pt; font-family: Calibri;\">OR asset.vulnerability.title CONTAINS \"cve-2017-0102\"</span></p><p style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p style=\"min-height: 8pt; padding: 0px;\">&#160;</p><h2>Creating a Remediation Project for MS17-010:</h2><p>In InsightVM, you can also create a remediation project for MS17-010 to track the progress of remediation live. To do this, go to the &ldquo;Projects&#8221; tab and click &ldquo;Create a Project&#8221;:</p><p dir=\"ltr\"><span><span><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66955/pastedImage_28.png\"><img class=\"image-11 jive-image\" height=\"174\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66955/758-174/pastedImage_28.png\" style=\" width: 988.531px;\" width=\"758\"/></a></span></span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Give the project a name, and under vulnerability filter type in \"vulnerability.alternateIds &lt;=&gt; ( altId = \"ms17-010\" )\"</span></p><p><a href=\"https://community.rapid7.com/servlet/JiveServlet/showImage/38-7866-66977/pastedImage_2.png\"><img class=\"image-15 jive-image\" height=\"473\" src=\"https://community.rapid7.com/servlet/JiveServlet/downloadImage/38-7866-66977/758-473/pastedImage_2.png\" style=\" width: 767.39px;\" width=\"758\"/></a></p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Note that this project is going to be dynamic, so it will automatically update as you fix and/or find new instances of this vulnerability. </span></p><p style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Now, you can give this project a description, and configure who is responsible for remediation, as well as access levels if you wish. If you have JIRA, you can also configure the automatic ticketing integration between InsightVM and JIRA to automatically assign tickets to the right folks.</span></p><p style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Using these steps, you&#8217;ll be able to quickly scan for the WannaCry vulnerability as well as ensure that the vulns are being remediated. If you have any questions please don&#8217;t hesitate to let us know!</span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\">&#160;</p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">For more information and resources on WannaCry and ransomware, please visit this <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.rapid7.com%2Fsecurity-response%2Fwanna-decryptor%2F\" target=\"_blank\">page</a>. </span></p></div><!-- [DocumentBodyEnd:bc62d177-a43a-4d62-b4f0-851708246874] -->", "cvss3": {}, "published": "2017-05-16T17:51:28", "title": "Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose", "type": "rapid7community", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0101", "CVE-2017-0102", "CVE-2017-0144", "CVE-2017-0148", "CVE-2017-0147", "CVE-2017-0146", "CVE-2017-0143", "CVE-2017-0145"], "modified": "2017-05-16T17:51:28", "id": "RAPID7COMMUNITY:D6095B3BBE1704D4062E19C249D178EC", "href": "https://community.rapid7.com/community/nexpose/blog/2017/05/16/scanning-and-remediating-wannacry-in-insightvm-and-nexpose", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}