Lucene search

K
mskbMicrosoftKB4018927
HistoryMay 09, 2017 - 7:00 a.m.

Security Update for the Microsoft ActiveX Information Disclosure Vulnerability in Windows Server 2008: May 9, 2017

2017-05-0907:00:00
Microsoft
support.microsoft.com
11

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.7%

Security Update for the Microsoft ActiveX Information Disclosure Vulnerability in Windows Server 2008: May 9, 2017

Summary

An information disclosure vulnerability exists in the way that some ActiveX objects are instantiated. An attacker who successfully exploits this vulnerability could gain access to protected memory contents.

To learn more about the vulnerability, go to CVE-2017-0242.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: May 9, 2017

More Information

__

How to obtain help and support for this security update

Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File Information

__

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4018927-ia64.msu 27D474F44AD7A45969BA4BBBBF53349EF0DD1AC7 DAF22C0C2096613454CB0360D85974BB3F87B4BC2B8E184C50553DC52CE1E9DB
Windows6.0-KB4018927-x64.msu 5EA789D60FE935C4CBBB9A8BDEB3B05E51E3928B AE0CFFDD08F172905419A7F85BC05CB1E17E6A9E1C7ACEF768CC280F72EEC2A6
Windows6.0-KB4018927-x86.msu 20E9C85C9802777CF36FEE0FDDA32A3C00C37A30 F1264F281A8B9BFC9B2C100F55911B119CBD72F72C5BC554E0466DCEA03673EB

File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows Server 2008 file information

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

__

For all supported ia64-based versions

File name File version File size Date Time Platform
Msadcf.dll 6.0.6002.19770 176,128 10-Apr-2017 22:53 IA-64
Msadcf.dll 6.0.6002.24089 176,128 07-Apr-2017 15:17 IA-64
Msadcf.dll 6.0.6002.19770 73,728 10-Apr-2017 23:03 x86
Msadcf.dll 6.0.6002.24089 73,728 07-Apr-2017 15:24 x86

__

For all supported x64-based versions

File name File version File size Date Time Platform
Msadcf.dll 6.0.6002.19770 90,112 10-Apr-2017 23:21 x64
Msadcf.dll 6.0.6002.24089 90,112 07-Apr-2017 15:43 x64
Msadcf.dll 6.0.6002.19770 73,728 10-Apr-2017 23:03 x86
Msadcf.dll 6.0.6002.24089 73,728 07-Apr-2017 15:24 x86

__

For all supported x86-based versions

File name File version File size Date Time Platform
Msadcf.dll 6.0.6002.19770 73,728 10-Apr-2017 23:03 x86
Msadcf.dll 6.0.6002.24089 73,728 07-Apr-2017 15:24 x86

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.7%