{"id": "KB4010320", "bulletinFamily": "microsoft", "title": "MS17-019: Security update for Active Directory Federation Services: March 14, 2017", "description": "<html><body><p>Resolves a vulnerability in Windows that could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.</p><h2>Summary</h2><p>This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.<br/><br/>To learn more about the vulnerability, see <a href=\"https://technet.microsoft.com/library/security/MS17-019\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS17-019</a>.</p><h2>More Information</h2><p><span class=\"text-base\">Important </span><br/>\u00a0</p><ul class=\"sbody-free_list\"><li>All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-3\" target=\"_self\">2919355</a> to be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-4\" target=\"_self\">2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><div>The following articles contain more information about this security update as it relates to individual product versions. These articles may contain known-issue information.</div><p>\u00a0</p><ul id=\"info1_list1\"><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/3217882\" managed-link=\"\" target=\"\">3217882</a> MS17-019: Description of the security update for Active Directory Federation Services: March 13, 2017</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012216\" managed-link=\"\" target=\"\">4012216</a> March 2017 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012213\" managed-link=\"\" target=\"\">4012213</a> March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012217\" managed-link=\"\" target=\"\">4012217</a> March 2017 Security Monthly Quality Rollup for Windows Server 2012</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012214\" managed-link=\"\" target=\"\">4012214</a> March 2017 Security Only Quality Update for Windows Server 2012</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012215\" managed-link=\"\" target=\"\">4012215</a> March 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4012212\" managed-link=\"\" target=\"\">4012212</a> March 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1</li><li><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4013429\" managed-link=\"\" target=\"\">4013429</a> March 13, 2017-KB4013429 (OS Build 933)</li></ul><h2>Security update deployment</h2><p>\u00a0</p><h3><strong>Windows Server 2008 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software.</p><table class=\"table\"><tbody><tr><td width=\"26%\"><p><strong>Security update file names</strong></p></td><td width=\"73%\"><p>For all supported 32-bit editions of Windows Server 2008:<br/><strong>Windows6.0-KB3217882-x86.msu</strong></p></td></tr><tr><td width=\"26%\"><p>\u00a0</p></td><td width=\"73%\"><p>For all supported x64-based editions of Windows Server 2008:<br/><strong>Windows6.0-KB3217882-x64.msu</strong></p></td></tr><br/><tr><td width=\"26%\"><p><strong>Installation switches</strong></p></td><td width=\"73%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><span><u>Microsoft Knowledge Base article 934307</u></span></a></p></td></tr><tr><td width=\"26%\"><p><strong>Restart requirement</strong></p></td><td width=\"73%\"><p>A system restart is required after you apply this security update.</p></td></tr><tr><td width=\"26%\"><p><strong>Removal information</strong></p></td><td width=\"73%\"><p>WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <strong>Control Panel</strong>, and then click <strong>Security</strong>. Under \"Windows Update,\" click <strong>View installed updates</strong> and select from the list of updates.</p></td></tr><tr><td width=\"26%\"><p><strong>File information</strong></p></td><td width=\"73%\"><p>See <a href=\"https://support.microsoft.com/kb/3217882\"><span><u>Microsoft Knowledge Base article 3217882</u></span></a></p></td></tr><tr><td width=\"26%\"><p><strong>Registry key verification</strong></p></td><td width=\"73%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update.</p></td></tr></tbody></table><p><span lang=\"EN\"> </span></p><h3><strong>Windows Server 2008 R2 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software.</p><table class=\"table\"><tbody><tr><td width=\"29%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows Server 2008 R2:<br/><strong>Windows6.1-KB4012212-x64.msu</strong><br/>Security only</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported x64-based editions of Windows Server 2008 R2:<br/><strong>Windows6.1-KB4012215-x64.msu</strong><br/>Monthly rollup</p></td></tr><tr><td width=\"29%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update.</p></td></tr><tr><td width=\"29%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall</strong> setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, and then under \"Windows Update,\" click <strong>View installed updates</strong> and select from the list of updates.</p></td></tr><tr><td width=\"29%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/4012212\"><u>Microsoft Knowledge Base article 4012212</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012215\"><u>Microsoft Knowledge Base article 4012215</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update.</p></td></tr></tbody></table><p><span lang=\"EN\"> </span></p><h3><strong>Windows Server 2012 and Windows Server 2012 R2 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software.</p><table class=\"table\"><tbody><tr><td width=\"29%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2012:<br/><strong>Windows8-RT-KB4012214-x64.msu</strong><br/>Security only</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2012:<br/><strong>Windows8-RT-KB4012217-x64.msu</strong><br/>Monthly rollup</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2012 R2:<br/><strong>Windows8.1-KB4012213-x64.msu</strong><br/>Security only</p></td></tr><tr><td width=\"29%\"><p>\u00a0</p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2012 R2:<br/><strong>Windows8.1-KB4012216-x64.msu</strong><br/>Monthly rollup</p></td></tr><tr><td width=\"29%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update.</p></td></tr><tr><td width=\"29%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall</strong> setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, click <strong>Windows Update</strong>, and then under \"See also,\" click <strong>Installed updates</strong> and select from the list of updates.</p></td></tr><tr><td width=\"29%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/4012214\"><u>Microsoft Knowledge Base article 4012214</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012217\"><u>Microsoft Knowledge Base article 4012217</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012213\"><u>Microsoft Knowledge Base article 4012213</u></a><br/>See <a href=\"https://support.microsoft.com/kb/4012216\"><u>Microsoft Knowledge Base article 4012216</u></a></p></td></tr><tr><td width=\"29%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update.</p></td></tr></tbody></table><p><span lang=\"EN\"> </span></p><h3><strong>Windows Server 2016 (all editions)</strong></h3><p><strong>Reference table</strong></p><p>The following table contains the security update information for this software.</p><table class=\"table\"><tbody><tr><td width=\"30%\"><p><strong>Security update file name</strong></p></td><td width=\"70%\"><p>For all supported editions of Windows Server 2016:<br/><span><strong><span>Windows10.0-KB4013429-x64.msu</span></strong></span></p></td></tr><tr><td width=\"30%\"><p><strong>Installation switches</strong></p></td><td width=\"70%\"><p>See <a href=\"https://support.microsoft.com/kb/934307\"><u>Microsoft Knowledge Base article 934307</u></a></p></td></tr><tr><td width=\"30%\"><p><strong>Restart requirement</strong></p></td><td width=\"70%\"><p>A system restart is required after you apply this security update.</p></td></tr><tr><td width=\"30%\"><p><strong>Removal information</strong></p></td><td width=\"70%\"><p>To uninstall an update installed by WUSA, use the <strong>/Uninstall</strong> setup switch or click <strong>Control Panel</strong>, click <strong>System and Security</strong>, click <strong>Windows Update</strong>, and then under \"See also,\" click <strong>Installed updates</strong> and select from the list of updates.</p></td></tr><tr><td width=\"30%\"><p><strong>File information</strong></p></td><td width=\"70%\"><p><span>See </span><a href=\"https://support.microsoft.com/en-sg/help/12387/windows-10-update-history\" target=\"_self\"><span><u>Windows 10 and Windows Server 2016 update history</u></span></a><span>.</span></p></td></tr><tr><td width=\"30%\"><p><strong>Registry key verification</strong></p></td><td width=\"70%\"><p><strong>Note</strong> A registry key does not exist to validate the presence of this update.</p></td></tr></tbody></table><h2>More Information</h2><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><div class=\"kb-collapsible kb-collapsible-collapsed\"><p><span><br/>Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" target=\"_self\"><span><u>Windows\u00a0Update FAQ</u></span></a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" target=\"_self\"><span><u>TechNet Security Support and\u00a0Troubleshooting</u></span></a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" target=\"_self\"><span><u>Microsoft Secure</u></span></a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" target=\"_self\"><span><u>International Support</u></span></a></span></p></div></div></div></div><p><a class=\"bookmark\" id=\"fileinfo\"></a></p></body></html>", "published": "2017-03-14T00:00:00", "modified": "2017-03-14T17:40:14", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://support.microsoft.com/en-us/help/4010320/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2017-0043"], "type": "mskb", "lastseen": "2021-01-01T22:40:22", "edition": 2, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-0043"]}, {"type": "symantec", "idList": ["SMNTC-96628"]}, {"type": "kaspersky", "idList": ["KLA10986", "KLA10979", "KLA11902"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810813"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0043"]}, {"type": "nessus", "idList": ["SMB_NT_MS17-019.NASL"]}], "modified": "2021-01-01T22:40:22", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-01-01T22:40:22", "rev": 2}, "vulnersScore": 5.7}, "kb": "KB4010320", "msrc": "MS17-019", "mscve": "", "msfamily": "", "msplatform": "", "msproducts": ["14135", "13230", "14562", "13228", "14210", "17381", "15511", "16735", "16710", "16710", "16730", "19759", "13236", "14139", "13233", "14440", "17360", "19756", "14136", "16625", "19754", "17344", "14131", "17542"], "supportAreaPaths": ["289fe55d-04e8-fd33-f9f3-f7ad74c153bf", "28a9ef75-2920-9f59-4d6c-4e6d6c99cf4c", "670009af-2bc1-fa29-d4a5-99c02e923013", "32719e08-ef7b-a697-0697-ec02d753dbb5", "e2b2a040-324c-43bf-447c-75aab15e2570", "d21af3d6-5cde-c325-4483-c1810c7a5bdd", "c2628421-ad67-7b37-cbb2-c1b1f4d4ffab", "1b3bc777-c681-e378-d422-eb618baa26f9", "333f3bd9-9578-fda0-5919-4b8fa39524c3", "f74948d2-6a6e-d7ce-8733-c201e2d36a2e", "f62ed778-6986-d76e-c007-40a28315ffbf", "12db0355-c78b-b1b8-0c13-671906e0652d", "9dcd1ae8-74ee-a4f0-82ad-4736ad0727f7", "adc0290c-cf74-ece3-6c50-40b4b8ac2454", "9b513fa9-12cb-5183-ab1b-0d5c70317be8", "ceefced2-0d6f-a4bd-50d6-875c871b8250", "ceefced2-0d6f-a4bd-50d6-875c871b8250", "96bdd47e-5cb0-fbd3-9808-6c4bead5f000", "4af945c2-8a39-6b82-777b-5067ce2c9216", "2994eca6-696c-b523-20de-40b02211bb3b", "417baa75-0c45-df0a-8e65-960580d94f42", "dc52833c-eac7-25b7-b942-b2dfcfbace09", "2b2eeb95-d89c-6614-0db5-88f09133ede6", "6a967721-27d9-bd5f-9029-99ca5f0436dd"], "supportAreaPathNodes": [{"id": "c2628421-ad67-7b37-cbb2-c1b1f4d4ffab", "name": "Windows Server 2008 Datacenter", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "dc52833c-eac7-25b7-b942-b2dfcfbace09", "name": "Windows Server 2012 R2 Essentials", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "96bdd47e-5cb0-fbd3-9808-6c4bead5f000", "name": "Windows Server 2008 R2 Datacenter", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "12db0355-c78b-b1b8-0c13-671906e0652d", "name": "Windows Server 2016 Essentials", "parent": "c3a1be8a-50db-47b7-d5eb-259debc3abcc", "tree": [], "type": "productversion"}, {"id": "f62ed778-6986-d76e-c007-40a28315ffbf", "name": "Windows Server 2008 Enterprise", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "6a967721-27d9-bd5f-9029-99ca5f0436dd", "name": "Windows Server 2012 R2 Foundation", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "2b2eeb95-d89c-6614-0db5-88f09133ede6", "name": "Windows Server 2008 Foundation", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "e2b2a040-324c-43bf-447c-75aab15e2570", "name": "Windows Server 2012 Foundation", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "28a9ef75-2920-9f59-4d6c-4e6d6c99cf4c", "name": "Windows Server 2012 R2 Datacenter", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "1b3bc777-c681-e378-d422-eb618baa26f9", "name": "Windows Server 2012 Essentials", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "670009af-2bc1-fa29-d4a5-99c02e923013", "name": "Windows Server 2008 R2 Standard", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "289fe55d-04e8-fd33-f9f3-f7ad74c153bf", "name": "Windows Server 2012 R2 Standard", "parent": "3ec8448d-ebc8-8fc0-e0b7-9e8ef6c79918", "tree": [], "type": "productversion"}, {"id": "9b513fa9-12cb-5183-ab1b-0d5c70317be8", "name": "Windows Server 2016 Standard", "parent": "c3a1be8a-50db-47b7-d5eb-259debc3abcc", "tree": [], "type": "productversion"}, {"id": "ceefced2-0d6f-a4bd-50d6-875c871b8250", "name": "Windows Server 2012 Datacenter", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "ceefced2-0d6f-a4bd-50d6-875c871b8250", "name": "Windows Server 2012 Datacenter", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "4af945c2-8a39-6b82-777b-5067ce2c9216", "name": "Windows Server 2012 Standard", "parent": "0cfbf2af-24ea-3e18-17e6-02df7331b571", "tree": [], "type": "productversion"}, {"id": "9dcd1ae8-74ee-a4f0-82ad-4736ad0727f7", "name": "Windows Server 2008 Service Pack 2", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "2994eca6-696c-b523-20de-40b02211bb3b", "name": "Windows Server 2008 R2 Enterprise", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "333f3bd9-9578-fda0-5919-4b8fa39524c3", "name": "Windows Server 2008 Standard", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "32719e08-ef7b-a697-0697-ec02d753dbb5", "name": "Windows Server 2008 R2 Web Edition", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "d21af3d6-5cde-c325-4483-c1810c7a5bdd", "name": "Windows Server 2008 R2 Foundation", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "417baa75-0c45-df0a-8e65-960580d94f42", "name": "Windows Server 2008 R2 Service Pack 1", "parent": "f08822eb-e7c5-9e48-e44c-760a079f84c0", "tree": [], "type": "productversion"}, {"id": "adc0290c-cf74-ece3-6c50-40b4b8ac2454", "name": "Windows Server 2008 Web Edition", "parent": "4d83ba0e-5ad3-1b00-4303-1863823d2178", "tree": [], "type": "productversion"}, {"id": "f74948d2-6a6e-d7ce-8733-c201e2d36a2e", "name": "Windows Server 2016 Datacenter", "parent": "c3a1be8a-50db-47b7-d5eb-259debc3abcc", "tree": [], "type": "productversion"}], "primarySupportAreaPath": [{"id": "c3a1be8a-50db-47b7-d5eb-259debc3abcc", "name": "Windows Server 2016", "parent": "7ff57180-2b05-67aa-2c03-ab46c7848b89", "tree": [], "type": "productname"}, {"id": "7ff57180-2b05-67aa-2c03-ab46c7848b89", "name": "Windows Servers", "tree": [], "type": "productfamily"}, {"id": "f74948d2-6a6e-d7ce-8733-c201e2d36a2e", "name": "Windows Server 2016 Datacenter", "parent": "c3a1be8a-50db-47b7-d5eb-259debc3abcc", "tree": [], "type": "productversion"}], "superseeds": [], "parentseeds": [], "msimpact": "Information Disclosure", "msseverity": "Important", "scheme": null}

{"cve": [{"lastseen": "2020-10-03T13:07:29", "description": "Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka \"Microsoft Active Directory Federation Services Information Disclosure Vulnerability.\"", "edition": 3, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-17T00:59:00", "title": "CVE-2017-0043", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0043"], "modified": "2017-07-12T01:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2017-0043", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0043", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-03-14T22:41:48", "bulletinFamily": "software", "cvelist": ["CVE-2017-0043"], "description": "### Description\n\nMicrosoft Windows is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. Successful exploits may lead to other attacks.\n\n### Technologies Affected\n\n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 for x64-based Systems \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-03-14T00:00:00", "published": "2017-03-14T00:00:00", "id": "SMNTC-96628", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/96628", "type": "symantec", "title": "Microsoft Windows CVE-2017-0043 XML External Entity Information Disclosure Vulnerability", "cvss": {"score": 2.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "kaspersky": [{"lastseen": "2020-09-02T12:02:29", "bulletinFamily": "info", "cvelist": ["CVE-2017-0043"], "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nWarning\n\n### *Description*:\nAn improper honoring of XML External Entities was found in Microsoft Active Directory Federation Services (ADFS). By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed request.\n\n### *Affected products*:\nWindows Server 2008 \nWindows Server 2008 R2 \nWindows Server 2012 \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS17-019](<https://technet.microsoft.com/library/security/MS17-019>) \n[CVE-2017-0043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0043>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Server 2012](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/>)\n\n### *CVE-IDS*:\n[CVE-2017-0043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0043>)2.9Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4012217](<http://support.microsoft.com/kb/4012217>) \n[4012215](<http://support.microsoft.com/kb/4012215>) \n[4012216](<http://support.microsoft.com/kb/4012216>) \n[4013429](<http://support.microsoft.com/kb/4013429>) \n[4012212](<http://support.microsoft.com/kb/4012212>) \n[4012214](<http://support.microsoft.com/kb/4012214>) \n[4012213](<http://support.microsoft.com/kb/4012213>) \n[3217882](<http://support.microsoft.com/kb/3217882>) \n[4010320](<http://support.microsoft.com/kb/4010320>)", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2017-03-14T00:00:00", "id": "KLA10986", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10986", "title": "\r KLA10986Information disclosure vulnerability in Microsoft Active Directory Federation Services ", "type": "kaspersky", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-02T11:53:03", "bulletinFamily": "info", "cvelist": ["CVE-2017-0099", "CVE-2017-0008", "CVE-2017-0101", "CVE-2017-0118", "CVE-2017-0084", "CVE-2017-0117", "CVE-2017-0001", "CVE-2017-0055", "CVE-2017-0073", "CVE-2017-0045", "CVE-2017-0102", "CVE-2017-0125", "CVE-2017-0090", "CVE-2017-0104", "CVE-2017-0089", "CVE-2017-0091", "CVE-2017-0115", "CVE-2017-0096", "CVE-2017-0121", "CVE-2017-0040", "CVE-2017-0050", "CVE-2017-0144", "CVE-2017-0060", "CVE-2017-0116", "CVE-2017-0009", "CVE-2017-0120", "CVE-2017-0025", "CVE-2017-0075", "CVE-2017-0086", "CVE-2017-0124", "CVE-2017-0109", "CVE-2017-0148", "CVE-2017-0119", "CVE-2017-0126", "CVE-2017-0130", "CVE-2017-0113", "CVE-2017-0097", "CVE-2017-0147", "CVE-2017-0112", "CVE-2017-0083", "CVE-2017-0042", "CVE-2017-0047", "CVE-2017-0056", "CVE-2017-0087", "CVE-2017-0123", "CVE-2017-0092", "CVE-2017-0085", "CVE-2017-0103", "CVE-2017-0043", "CVE-2017-0061", "CVE-2017-0014", "CVE-2017-0100", "CVE-2017-0122", "CVE-2017-0063", "CVE-2017-0005", "CVE-2017-0088", "CVE-2017-0128", "CVE-2017-0072", "CVE-2017-0114", "CVE-2017-0146", "CVE-2017-0076", "CVE-2017-0111", "CVE-2017-0038", "CVE-2017-0143", "CVE-2017-0149", "CVE-2017-0108", "CVE-2017-0059", "CVE-2017-0039", "CVE-2017-0062", "CVE-2017-0145", "CVE-2017-0022", "CVE-2017-0127"], "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service.\n\n### *Exploitation*:\nThis vulnerability can be exploited by the following malware:\n\n### *Affected products*:\nMicrosoft Silverlight 5 when installed on Microsoft Windows (x64-based) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Vista x64 Edition Service Pack 2 \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nSkype for Business 2016 (64-bit) \nWindows 8.1 for x64-based systems \nWindows 8.1 for 32-bit systems \nWindows Vista Service Pack 2 \nMicrosoft XML Core Services 3.0 \nMicrosoft Lync 2013 Service Pack 1 (64-bit) \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nMicrosoft Lync Basic 2013 Service Pack 1 (64-bit) \nWindows Server 2016 \nMicrosoft Lync 2010 Attendee (admin level install) \nSkype for Business 2016 Basic (32-bit) \nMicrosoft Live Meeting 2007 Add-in \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows RT 8.1 \nSkype for Business 2016 (32-bit) \nMicrosoft Lync 2010 Attendee (user level install) \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Lync 2010 (64-bit) \nMicrosoft Office Word Viewer \nMicrosoft Live Meeting 2007 Console \nMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based) \nMicrosoft Office 2007 Service Pack 3 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nSkype for Business 2016 Basic (64-bit) \nMicrosoft Lync Basic 2013 Service Pack 1 (32-bit) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nInternet Explorer 10 \nMicrosoft Lync 2010 (32-bit) \nMicrosoft Silverlight 5 when installed on Microsoft Windows (32-bit) \nWindows Server 2012 R2 \nMicrosoft Lync 2013 Service Pack 1 (32-bit)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0108](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0108>) \n[CVE-2017-0109](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0109>) \n[CVE-2017-0072](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0072>) \n[CVE-2017-0100](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0100>) \n[CVE-2017-0101](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0101>) \n[CVE-2017-0102](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0102>) \n[CVE-2017-0143](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0143>) \n[CVE-2017-0104](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0104>) \n[CVE-2017-0022](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0022>) \n[CVE-2017-0001](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0001>) \n[CVE-2017-0145](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0145>) \n[CVE-2017-0120](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0120>) \n[CVE-2017-0147](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0147>) \n[CVE-2017-0005](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0005>) \n[CVE-2017-0127](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0127>) \n[CVE-2017-0124](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0124>) \n[CVE-2017-0125](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0125>) \n[CVE-2017-0009](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0009>) \n[CVE-2017-0008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0008>) \n[CVE-2017-0047](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0047>) \n[CVE-2017-0060](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0060>) \n[CVE-2017-0148](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0148>) \n[CVE-2017-0061](<https://nvd.nist.gov/vuln/detail/CVE-2017-0061>) \n[CVE-2017-0043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0043>) \n[CVE-2017-0042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0042>) \n[CVE-2017-0045](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0045>) \n[CVE-2017-0119](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0119>) \n[CVE-2017-0062](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0062>) \n[CVE-2017-0149](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0149>) \n[CVE-2017-0099](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0099>) \n[CVE-2017-0144](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0144>) \n[CVE-2017-0040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0040>) \n[CVE-2017-0090](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0090>) \n[CVE-2017-0091](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0091>) \n[CVE-2017-0096](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0096>) \n[CVE-2017-0097](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0097>) \n[CVE-2017-0038](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0038>) \n[CVE-2017-0039](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0039>) \n[CVE-2017-0103](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0103>) \n[CVE-2017-0063](<https://nvd.nist.gov/vuln/detail/CVE-2017-0063>) \n[CVE-2017-0118](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0118>) \n[CVE-2017-0117](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0117>) \n[CVE-2017-0116](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0116>) \n[CVE-2017-0115](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0115>) \n[CVE-2017-0114](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0114>) \n[CVE-2017-0113](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0113>) \n[CVE-2017-0112](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0112>) \n[CVE-2017-0111](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0111>) \n[CVE-2017-0092](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0092>) \n[CVE-2017-0076](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0076>) \n[CVE-2017-0014](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0014>) \n[CVE-2017-0059](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0059>) \n[CVE-2017-0056](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0056>) \n[CVE-2017-0055](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0055>) \n[CVE-2017-0050](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0050>) \n[CVE-2017-0123](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0123>) \n[CVE-2017-0122](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0122>) \n[CVE-2017-0073](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0073>) \n[CVE-2017-0075](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0075>) \n[CVE-2017-0025](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0025>) \n[CVE-2017-0146](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0146>) \n[CVE-2017-0128](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0128>) \n[CVE-2017-0089](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0089>) \n[CVE-2017-0088](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0088>) \n[CVE-2017-0121](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0121>) \n[CVE-2017-0130](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0130>) \n[CVE-2017-0126](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0126>) \n[CVE-2017-0083](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0083>) \n[CVE-2017-0085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0085>) \n[CVE-2017-0084](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0084>) \n[CVE-2017-0087](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0087>) \n[CVE-2017-0086](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0086>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-0042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0042>)0.0Unknown \n[CVE-2017-0096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096>)0.0Unknown \n[CVE-2017-0097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097>)0.0Unknown \n[CVE-2017-0099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099>)0.0Unknown \n[CVE-2017-0109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109>)0.0Unknown \n[CVE-2017-0075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075>)0.0Unknown \n[CVE-2017-0076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076>)0.0Unknown \n[CVE-2017-0055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0055>)0.0Unknown \n[CVE-2017-0102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102>)0.0Unknown \n[CVE-2017-0103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103>)0.0Unknown \n[CVE-2017-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101>)0.0Unknown \n[CVE-2017-0050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050>)0.0Unknown \n[CVE-2017-0056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0056>)0.0Unknown \n[CVE-2017-0043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0043>)0.0Unknown \n[CVE-2017-0045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0045>)0.0Unknown \n[CVE-2017-0022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022>)0.0Unknown \n[CVE-2017-0143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143>)0.0Unknown \n[CVE-2017-0144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144>)0.0Unknown \n[CVE-2017-0145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145>)0.0Unknown \n[CVE-2017-0146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146>)0.0Unknown \n[CVE-2017-0147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147>)0.0Unknown \n[CVE-2017-0148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148>)0.0Unknown \n[CVE-2017-0014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014>)0.0Unknown \n[CVE-2017-0060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0060>)0.0Unknown \n[CVE-2017-0061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0061>)0.0Unknown \n[CVE-2017-0062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0062>)0.0Unknown \n[CVE-2017-0063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0063>)0.0Unknown \n[CVE-2017-0025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0025>)0.0Unknown \n[CVE-2017-0073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0073>)0.0Unknown \n[CVE-2017-0108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0108>)0.0Unknown \n[CVE-2017-0038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038>)0.0Unknown \n[CVE-2017-0001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0001>)0.0Unknown \n[CVE-2017-0005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0005>)0.0Unknown \n[CVE-2017-0047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0047>)0.0Unknown \n[CVE-2017-0072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0072>)0.0Unknown \n[CVE-2017-0083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0083>)0.0Unknown \n[CVE-2017-0084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0084>)0.0Unknown \n[CVE-2017-0085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0085>)0.0Unknown \n[CVE-2017-0086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0086>)0.0Unknown \n[CVE-2017-0087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0087>)0.0Unknown \n[CVE-2017-0088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0088>)0.0Unknown \n[CVE-2017-0089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0089>)0.0Unknown \n[CVE-2017-0090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0090>)0.0Unknown \n[CVE-2017-0091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0091>)0.0Unknown \n[CVE-2017-0092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0092>)0.0Unknown \n[CVE-2017-0111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0111>)0.0Unknown \n[CVE-2017-0112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0112>)0.0Unknown \n[CVE-2017-0113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0113>)0.0Unknown \n[CVE-2017-0114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0114>)0.0Unknown \n[CVE-2017-0115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0115>)0.0Unknown \n[CVE-2017-0116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0116>)0.0Unknown \n[CVE-2017-0117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0117>)0.0Unknown \n[CVE-2017-0118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0118>)0.0Unknown \n[CVE-2017-0119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0119>)0.0Unknown \n[CVE-2017-0120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0120>)0.0Unknown \n[CVE-2017-0121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0121>)0.0Unknown \n[CVE-2017-0122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0122>)0.0Unknown \n[CVE-2017-0123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0123>)0.0Unknown \n[CVE-2017-0124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0124>)0.0Unknown \n[CVE-2017-0125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0125>)0.0Unknown \n[CVE-2017-0126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0126>)0.0Unknown \n[CVE-2017-0127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0127>)0.0Unknown \n[CVE-2017-0128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0128>)0.0Unknown \n[CVE-2017-0009](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0009>)0.0Unknown \n[CVE-2017-0059](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0059>)0.0Unknown \n[CVE-2017-0130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0130>)0.0Unknown \n[CVE-2017-0149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0149>)0.0Unknown \n[CVE-2017-0008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0008>)0.0Unknown \n[CVE-2017-0040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0040>)0.0Unknown \n[CVE-2017-0100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0100>)0.0Unknown \n[CVE-2017-0104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0104>)0.0Unknown \n[CVE-2017-0039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0039>)0.0Unknown\n\n### *KB list*:\n[4012204](<http://support.microsoft.com/kb/4012204>) \n[4012215](<http://support.microsoft.com/kb/4012215>) \n[3211306](<http://support.microsoft.com/kb/3211306>) \n[4012212](<http://support.microsoft.com/kb/4012212>) \n[4012598](<http://support.microsoft.com/kb/4012598>) \n[4012583](<http://support.microsoft.com/kb/4012583>) \n[3217587](<http://support.microsoft.com/kb/3217587>) \n[4012021](<http://support.microsoft.com/kb/4012021>) \n[4012373](<http://support.microsoft.com/kb/4012373>) \n[4012497](<http://support.microsoft.com/kb/4012497>) \n[4017018](<http://support.microsoft.com/kb/4017018>) \n[4012584](<http://support.microsoft.com/kb/4012584>) \n[3218362](<http://support.microsoft.com/kb/3218362>) \n[4011981](<http://support.microsoft.com/kb/4011981>) \n[3217882](<http://support.microsoft.com/kb/3217882>) \n[3214051](<http://support.microsoft.com/kb/3214051>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2017-03-14T00:00:00", "id": "KLA11902", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11902", "title": "\r KLA11902Multiple vulnerabilities in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-03T07:12:30", "bulletinFamily": "info", "cvelist": ["CVE-2017-0098", "CVE-2017-0099", "CVE-2017-0008", "CVE-2017-0101", "CVE-2017-0078", "CVE-2017-0118", "CVE-2017-0051", "CVE-2017-0084", "CVE-2017-0117", "CVE-2017-0081", "CVE-2017-0001", "CVE-2017-0080", "CVE-2017-0055", "CVE-2017-0073", "CVE-2017-0045", "CVE-2017-0102", "CVE-2017-0125", "CVE-2017-0021", "CVE-2017-0090", "CVE-2017-0104", "CVE-2017-0089", "CVE-2017-0091", "CVE-2017-0115", "CVE-2017-0096", "CVE-2017-0024", "CVE-2017-0121", "CVE-2017-0050", "CVE-2017-0144", "CVE-2017-0060", "CVE-2017-0116", "CVE-2017-0082", "CVE-2017-0120", "CVE-2017-0007", "CVE-2017-0025", "CVE-2017-0075", "CVE-2017-0086", "CVE-2017-0016", "CVE-2017-0124", "CVE-2017-0109", "CVE-2017-0148", "CVE-2017-0119", "CVE-2017-0126", "CVE-2017-0130", "CVE-2017-0113", "CVE-2017-0097", "CVE-2017-0147", "CVE-2017-0112", "CVE-2017-0083", "CVE-2017-0047", "CVE-2017-0057", "CVE-2017-0095", "CVE-2017-0056", "CVE-2017-0087", "CVE-2017-0079", "CVE-2017-0123", "CVE-2017-0092", "CVE-2017-0026", "CVE-2017-0085", "CVE-2017-0103", "CVE-2017-0043", "CVE-2017-0061", "CVE-2017-0014", "CVE-2017-0100", "CVE-2017-0122", "CVE-2017-0063", "CVE-2017-0005", "CVE-2017-0088", "CVE-2017-0128", "CVE-2017-0072", "CVE-2017-0114", "CVE-2017-0146", "CVE-2017-0076", "CVE-2017-0111", "CVE-2017-0074", "CVE-2017-0038", "CVE-2017-0143", "CVE-2017-0108", "CVE-2017-0039", "CVE-2017-0062", "CVE-2017-0145", "CVE-2017-0022", "CVE-2017-0127"], "description": "### *Detect date*:\n03/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service.\n\n### *Affected products*:\nMicrosoft Windows Vista Service Pack 2 \nMicrosoft Windows 7 Service Pack 1 \nMicrosoft Windows 8.1 \nMicrosoft Windows RT 8.1 \nMicrosoft Windows 10 \nMicrosoft Windows Server 2008 Service Pack 2 \nMicrosoft Windows Server 2008 R2 Service Pack 1 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS17-012](<https://technet.microsoft.com/library/security/MS17-012>) \n[CVE-2017-0051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0051>) \n[CVE-2017-0021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021>) \n[CVE-2017-0095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0095>) \n[CVE-2017-0096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096>) \n[CVE-2017-0097](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097>) \n[CVE-2017-0098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098>) \n[CVE-2017-0099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0099>) \n[CVE-2017-0109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0109>) \n[CVE-2017-0074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0074>) \n[CVE-2017-0075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075>) \n[CVE-2017-0076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076>) \n[CVE-2017-0055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0055>) \n[CVE-2017-0102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0102>) \n[CVE-2017-0103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103>) \n[CVE-2017-0101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101>) \n[CVE-2017-0050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050>) \n[CVE-2017-0056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056>) \n[CVE-2017-0024](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0024>) \n[CVE-2017-0026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026>) \n[CVE-2017-0078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078>) \n[CVE-2017-0079](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0079>) \n[CVE-2017-0080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080>) \n[CVE-2017-0081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081>) \n[CVE-2017-0082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082>) \n[CVE-2017-0043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0043>) \n[CVE-2017-0045](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045>) \n[CVE-2017-0022](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022>) \n[CVE-2017-0143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143>) \n[CVE-2017-0144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144>) \n[CVE-2017-0145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145>) \n[CVE-2017-0146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0146>) \n[CVE-2017-0147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147>) \n[CVE-2017-0148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0148>) \n[CVE-2017-0014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014>) \n[CVE-2017-0060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060>) \n[CVE-2017-0061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061>) \n[CVE-2017-0062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0062>) \n[CVE-2017-0063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063>) \n[CVE-2017-0025](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0025>) \n[CVE-2017-0073](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073>) \n[CVE-2017-0108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108>) \n[CVE-2017-0038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038>) \n[CVE-2017-0001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0001>) \n[CVE-2017-0005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0005>) \n[CVE-2017-0047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0047>) \n[CVE-2017-0072](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072>) \n[CVE-2017-0083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083>) \n[CVE-2017-0084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084>) \n[CVE-2017-0085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0085>) \n[CVE-2017-0086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0086>) \n[CVE-2017-0087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0087>) \n[CVE-2017-0088](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088>) \n[CVE-2017-0089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089>) \n[CVE-2017-0090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090>) \n[CVE-2017-0091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0091>) \n[CVE-2017-0092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092>) \n[CVE-2017-0111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111>) \n[CVE-2017-0112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0112>) \n[CVE-2017-0113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0113>) \n[CVE-2017-0114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0114>) \n[CVE-2017-0115](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0115>) \n[CVE-2017-0116](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116>) \n[CVE-2017-0117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117>) \n[CVE-2017-0118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118>) \n[CVE-2017-0119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0119>) \n[CVE-2017-0120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0120>) \n[CVE-2017-0121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121>) \n[CVE-2017-0122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0122>) \n[CVE-2017-0123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123>) \n[CVE-2017-0124](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124>) \n[CVE-2017-0125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0125>) \n[CVE-2017-0126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0126>) \n[CVE-2017-0127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0127>) \n[CVE-2017-0128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0128>) \n[CVE-2017-0130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130>) \n[CVE-2017-0008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008>) \n[CVE-2017-0057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0057>) \n[CVE-2017-0100](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0100>) \n[CVE-2017-0104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0104>) \n[CVE-2017-0007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007>) \n[CVE-2017-0016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016>) \n[CVE-2017-0039](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2017-0051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0051>)2.9Warning \n[CVE-2017-0021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0021>)7.7Critical \n[CVE-2017-0095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0095>)7.9Critical \n[CVE-2017-0096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0096>)2.3Warning \n[CVE-2017-0097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0097>)2.3Warning \n[CVE-2017-0098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0098>)2.9Warning \n[CVE-2017-0099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0099>)2.3Warning \n[CVE-2017-0109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0109>)7.4High \n[CVE-2017-0074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0074>)2.3Warning \n[CVE-2017-0075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0075>)7.4High \n[CVE-2017-0076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0076>)2.9Warning \n[CVE-2017-0055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0055>)4.3Warning \n[CVE-2017-0102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0102>)4.6Warning \n[CVE-2017-0103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0103>)4.4Warning \n[CVE-2017-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0101>)6.8High \n[CVE-2017-0050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050>)7.2High \n[CVE-2017-0056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0056>)7.2High \n[CVE-2017-0024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0024>)7.2High \n[CVE-2017-0026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0026>)7.2High \n[CVE-2017-0078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0078>)7.2High \n[CVE-2017-0079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0079>)7.2High \n[CVE-2017-0080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0080>)7.2High \n[CVE-2017-0081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0081>)7.2High \n[CVE-2017-0082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0082>)7.2High \n[CVE-2017-0043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0043>)2.9Warning \n[CVE-2017-0045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0045>)4.3Warning \n[CVE-2017-0022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022>)4.3Warning \n[CVE-2017-0143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143>)9.3Critical \n[CVE-2017-0144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144>)9.3Critical \n[CVE-2017-0145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145>)9.3Critical \n[CVE-2017-0146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146>)9.3Critical \n[CVE-2017-0147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147>)4.3Warning \n[CVE-2017-0148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0148>)9.3Critical \n[CVE-2017-0014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014>)7.6Critical \n[CVE-2017-0060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0060>)1.9Warning \n[CVE-2017-0061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0061>)2.6Warning \n[CVE-2017-0062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0062>)1.9Warning \n[CVE-2017-0063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0063>)4.3Warning \n[CVE-2017-0025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0025>)7.2High \n[CVE-2017-0073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0073>)4.3Warning \n[CVE-2017-0108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0108>)9.3Critical \n[CVE-2017-0038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038>)4.3Warning \n[CVE-2017-0001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0001>)7.2High \n[CVE-2017-0005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0005>)6.9High \n[CVE-2017-0047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0047>)7.2High \n[CVE-2017-0072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0072>)9.3Critical \n[CVE-2017-0083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0083>)9.3Critical \n[CVE-2017-0084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0084>)9.3Critical \n[CVE-2017-0085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0085>)4.3Warning \n[CVE-2017-0086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0086>)9.3Critical \n[CVE-2017-0087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0087>)9.3Critical \n[CVE-2017-0088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0088>)9.3Critical \n[CVE-2017-0089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0089>)9.3Critical \n[CVE-2017-0090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0090>)9.3Critical \n[CVE-2017-0091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0091>)4.3Warning \n[CVE-2017-0092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0092>)4.3Warning \n[CVE-2017-0111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0111>)4.3Warning \n[CVE-2017-0112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0112>)4.3Warning \n[CVE-2017-0113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0113>)4.3Warning \n[CVE-2017-0114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0114>)4.3Warning \n[CVE-2017-0115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0115>)4.3Warning \n[CVE-2017-0116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0116>)4.3Warning \n[CVE-2017-0117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0117>)4.3Warning \n[CVE-2017-0118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0118>)4.3Warning \n[CVE-2017-0119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0119>)4.3Warning \n[CVE-2017-0120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0120>)4.3Warning \n[CVE-2017-0121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0121>)4.3Warning \n[CVE-2017-0122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0122>)4.3Warning \n[CVE-2017-0123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0123>)4.3Warning \n[CVE-2017-0124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0124>)4.3Warning \n[CVE-2017-0125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0125>)4.3Warning \n[CVE-2017-0126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0126>)4.3Warning \n[CVE-2017-0127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0127>)4.3Warning \n[CVE-2017-0128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0128>)4.3Warning \n[CVE-2017-0130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0130>)7.6Critical \n[CVE-2017-0008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0008>)4.3Warning \n[CVE-2017-0057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0057>)4.3Warning \n[CVE-2017-0100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0100>)4.4Warning \n[CVE-2017-0104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0104>)9.3Critical \n[CVE-2017-0007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0007>)2.1Warning \n[CVE-2017-0016](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0016>)7.1High \n[CVE-2017-0039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0039>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4012217](<http://support.microsoft.com/kb/4012217>) \n[4012215](<http://support.microsoft.com/kb/4012215>) \n[4012216](<http://support.microsoft.com/kb/4012216>) \n[4012606](<http://support.microsoft.com/kb/4012606>) \n[4013198](<http://support.microsoft.com/kb/4013198>) \n[4013429](<http://support.microsoft.com/kb/4013429>) \n[3211306](<http://support.microsoft.com/kb/3211306>) \n[4012212](<http://support.microsoft.com/kb/4012212>) \n[4012214](<http://support.microsoft.com/kb/4012214>) \n[4012213](<http://support.microsoft.com/kb/4012213>) \n[4012598](<http://support.microsoft.com/kb/4012598>) \n[4012583](<http://support.microsoft.com/kb/4012583>) \n[3217587](<http://support.microsoft.com/kb/3217587>) \n[4012021](<http://support.microsoft.com/kb/4012021>) \n[4012373](<http://support.microsoft.com/kb/4012373>) \n[4012497](<http://support.microsoft.com/kb/4012497>) \n[4017018](<http://support.microsoft.com/kb/4017018>) \n[4012584](<http://support.microsoft.com/kb/4012584>) \n[3218362](<http://support.microsoft.com/kb/3218362>) \n[3205715](<http://support.microsoft.com/kb/3205715>) \n[4011981](<http://support.microsoft.com/kb/4011981>) \n[3217882](<http://support.microsoft.com/kb/3217882>)\n\n### *Exploitation*:\nThis vulnerability can be exploited by the following malware:", "edition": 45, "modified": "2020-11-30T00:00:00", "published": "2017-03-14T00:00:00", "id": "KLA10979", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10979", "title": "\r KLA10979Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-08T13:48:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0043"], "description": "This host is missing an important security\n update according to Microsoft Bulletin MS17-019.", "modified": "2019-12-20T00:00:00", "published": "2017-03-15T00:00:00", "id": "OPENVAS:1361412562310810813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810813", "type": "openvas", "title": "Microsoft Active Directory Federation Services Information Disclosure Vulnerability (4010320)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Active Directory Federation Services Information Disclosure Vulnerability (4010320)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810813\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-0043\");\n script_bugtraq_id(96628);\n script_tag(name:\"cvss_base\", value:\"2.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-15 11:04:14 +0530 (Wed, 15 Mar 2017)\");\n script_name(\"Microsoft Active Directory Federation Services Information Disclosure Vulnerability (4010320)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS17-019.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists when Windows Active Directory\n Federation Services (ADFS) honors XML External Entities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to read sensitive information about the target system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2012/2012R2\n\n - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2\n\n - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/4010320\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS17-019\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS17-019\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008r2:2, win2008x64:3, win2012:1, win2012R2:1,\n win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\nwinVer = fetch_file_version(sysPath:sysPath, file_name:\"System32\\Win32k.sys\");\nif(!winVer){\n exit(0);\n}\n\nif(hotfix_check_sp(win2008r2:2) > 0)\n{\n ## Presently GDR information is not available.\n if(winVer && version_is_less(version:winVer, test_version:\"6.1.7601.23677\"))\n {\n Vulnerable_range = \"Less than 6.1.7601.23677\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win2008:3, win2008x64:3) > 0)\n{\n adfs = registry_key_exists(key:\"SOFTWARE\\Microsoft\\ADFS\");\n if(!adfs){\n exit(0);\n }\n\n dllVer = fetch_file_version(sysPath:sysPath, file_name:\"\\ADFS\\Microsoft.identityserver.dll\");\n if(!dllVer){\n exit(0);\n }\n\n if(version_is_less(version:dllVer, test_version:\"7.0.6002.19742\"))\n {\n Vulnerable_range = \"Less than 7.0.6002.19742\";\n VULN = TRUE ;\n }\n\n else if(version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.24066\"))\n {\n Vulnerable_range = \"7.0.6002.22000 - 7.0.6002.24066\";\n VULN = TRUE ;\n }\n\n if(VULN)\n {\n report = 'File checked: ' + sysPath + \"\\ADFS\\Microsoft.identityserver.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\n\nelse if(hotfix_check_sp(win2012:1) > 0)\n{\n if(winVer && version_is_less(version:winVer, test_version:\"6.2.9200.22099\"))\n {\n Vulnerable_range = \"Less than 6.2.9200.22099\";\n VULN = TRUE ;\n }\n}\n\n## Win2012R2\nelse if(hotfix_check_sp(win2012R2:1) > 0)\n{\n if(winVer && version_is_less(version:winVer, test_version:\"6.3.9600.18603\"))\n {\n Vulnerable_range = \"Less than 6.3.9600.18603\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win2016:1) > 0)\n{\n if( winVer && version_in_range(version:winVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.593\"))\n {\n Vulnerable_range = \"10.0.14393.0 - 10.0.14393.593\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\System32\\Win32k.sys\" + '\\n' +\n 'File version: ' + winVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T05:43:57", "description": "The remote Windows host is missing a security update. It is,\ntherefore, affected by an information disclosure vulnerability in\nActive Directory Federation Services (ADFS) when handling XML external\nentities. An authenticated, remote attacker can exploit this issue,\nvia a specially crafted request, to disclose sensitive information.", "edition": 32, "cvss3": {"score": 5.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-03-15T00:00:00", "title": "MS17-019: Security Update for Active Directory Federation Services (4010320)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0043"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17-019.NASL", "href": "https://www.tenable.com/plugins/nessus/97754", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97754);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-0043\");\n script_bugtraq_id(96628);\n script_xref(name:\"MSFT\", value:\"MS17-019\");\n script_xref(name:\"MSKB\", value:\"3217882\");\n script_xref(name:\"MSKB\", value:\"4012212\");\n script_xref(name:\"MSKB\", value:\"4012215\");\n script_xref(name:\"MSKB\", value:\"4012214\");\n script_xref(name:\"MSKB\", value:\"4012217\");\n script_xref(name:\"MSKB\", value:\"4012213\");\n script_xref(name:\"MSKB\", value:\"4012216\");\n script_xref(name:\"MSKB\", value:\"4012606\");\n script_xref(name:\"MSKB\", value:\"4013198\");\n script_xref(name:\"MSKB\", value:\"4013429\");\n script_xref(name:\"IAVB\", value:\"2017-B-0032\");\n\n script_name(english:\"MS17-019: Security Update for Active Directory Federation Services (4010320)\");\n script_summary(english:\"Checks the installed rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected by an information disclosure vulnerability in\nActive Directory Federation Services (ADFS) when handling XML external\nentities. An authenticated, remote attacker can exploit this issue,\nvia a specially crafted request, to disclose sensitive information.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS17-019\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2008, 2008 R2,\n2012, 2012 R2, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\", \"wmi_enum_server_features.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-019';\nkbs = make_list(\n \"3217882\", # Server 2008\n \"4012212\", # Server 2008 R2 Security Only\n \"4012215\", # Server 2008 R2 Monthly Rollup\n \"4012214\", # Server 2012 Security Only\n \"4012217\", # Server 2012 Monthly Rollup\n \"4012213\", # Server 2012 R2 Security Only\n \"4012216\", # Server 2012 R2 Monthly Rollup\n \"4012606\", # Server 2016 build 10240\n \"4013198\", # Server 2016 build 10586\n \"4013429\" # Server 2016 build 14393 \n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nwinver = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n# non-server OSes are not affected\nif (\"Server\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n# 2008 / 2008 R2 Core not affected\nif (hotfix_check_server_core() == 1 && (winver == \"6.0\" || winver == \"6.1\"))\n audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\n# ADFS check\nadfs_is_present = FALSE;\n\nif (winver == \"6.0\")\n{\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n adfs_value = get_registry_value(handle:hklm, item:\"SYSTEM\\CurrentControlSet\\Services\\adfssrv\\ImagePath\");\n if (!isnull(adfs_value)) adfs_is_present = TRUE;\n\n RegCloseKey(handle:hklm);\n close_registry();\n}\nelse\n{\n features = get_kb_list(\"WMI/server_feature/*\");\n foreach key (keys(features))\n {\n if (features[key] == \"Active Directory Federation Services\")\n {\n adfs_is_present = TRUE;\n break;\n }\n }\n}\nif (!adfs_is_present) audit(AUDIT_NOT_INST, \"ADFS\");\n\nif (\n # Windows Server 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"microsoft.identityserver.dll\", version:\"6.1.7601.23675\", dir:\"\\assembly\\GAC_MSIL\\Microsoft.IdentityServer\\6.1.0.0__31bf3856ad364e35\", bulletin:bulletin, kb:\"3217882\") ||\n # Windows Server 2008 R2 # security: 4012212, monthly: 4012215\n smb_check_rollup(os:\"6.1\", sp:1, rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4012212, 4012215)) ||\n # Windows Server 2012 # security: 4012214, monthly: 4012217\n smb_check_rollup(os:\"6.2\", sp:0, rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4012214, 3205409)) ||\n # Windows Server 2012 R2 # security: 4012213, monthly: 4012216\n smb_check_rollup(os:\"6.3\", sp:0, rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4012213, 4012216)) ||\n # Windows 2016\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10240\", rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4012606)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"10586\", rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4013198)) ||\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"03_2017\", bulletin:bulletin, rollup_kb_list:make_list(4013429))\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_note();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N"}}], "mscve": [{"lastseen": "2020-08-07T11:48:17", "bulletinFamily": "microsoft", "cvelist": ["CVE-2017-0043"], "description": "An information disclosure vulnerability exists when Windows Active Directory Federation Services (ADFS) honors XML External Entities. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.\n\nTo exploit this condition, an authenticated attacker would need to send a specially crafted request to the ADFS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.\n\nThe update addresses the vulnerability by causing ADFS to ignore these malicious entities.\n", "edition": 2, "modified": "2017-03-14T07:00:00", "id": "MS:CVE-2017-0043", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0043", "published": "2017-03-14T07:00:00", "title": "Microsoft Active Directory Federation Services Information Disclosure", "type": "mscve", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N"}}]}