Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4025336
HistoryJul 11, 2017 - 7:00 a.m.

July 11, 2017—KB4025336 (Monthly Rollup)

2017-07-1107:00:00
Microsoft
support.microsoft.com
151

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.939 High

EPSS

Percentile

99.1%

JSON

July 11, 2017—KB4025336 (Monthly Rollup)

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB4022720 (released June 27, 2017) and resolves the following issues:

  • Addressed issue called out in KB4022720 where Internet Explorer 11 may close unexpectedly when you visit some websites.
  • Addressed issue that causes .jpx and .jbig2 images to stop rendering in PDF files.
  • Security updates to Windows kernel, ASP.NET, Internet Explorer 11, Windows Search, Windows Storage and Files Systems, Datacenter Networking, Windows Virtualization, Windows Server, Windows shell, Microsoft NTFS, Microsoft PowerShell, Windows kernel-mode drivers, and Microsoft Graphics Component.
    For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.More InformationImportant After installing the security updates for CVE-2017-8563, administrators need to set registry key LdapEnforceChannelBinding to enable the fix for the CVE. For more information about setting the registry key, see Microsoft Knowledge Base article 4034879

Known issues in this update

Symptom Workaround
After installing KB4025333 powershell may fail with a “Method not found” error (if you didn’t have KB3000850 installed) This issue has been resolved by KB4038792.
If an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected. Microsoft is working on a resolution and will provide an update in an upcoming release.
Japanese IME may hang in certain scenarios. Install KB2962409.

__

More Information about the iSCSI issue

Windows Server 2012 R2 and Windows Server 2016 computers that experience disconnections to iSCSI attached targets may show many different symptoms. These include, but are not limited to:

  • The operating system stops responding.
  • You receive Stop errors (Bugcheck errors) 0x80, 0x111, 0x1C8, 0xE2, 0x161, 0x00, 0xF4, 0xEF, 0xEA, 0x101, 0x133, or 0xDEADDEAD.
  • User logon failures occur together with a “No Logon Servers Available” error.
  • Application and service failures occur because of ephemeral port exhaustion.
  • An unusually high number of ephemeral ports are being used by the System process.
  • An unusually high number of threads are being used by the System process.
    Cause
This issue is caused by a locking issue on Windows Server 2012 R2 and Windows Server 2016 RS1 computers, causing connectivity issues to the iSCSI targets. The issue can occur after installing any of the following updates:Windows Server 2012 R2Release date KB Article title
May 16, 2017 KB4015553 April 18, 2017—KB4015553 (Preview of Monthly Rollup)
May 9, 2017 KB4019215 May 9, 2017—KB4019215 (Monthly Rollup)
May 9, 2017 KB4019213 May 9, 2017—KB4019213 (Security-only update)
April 18, 2017 KB4015553 April 18, 2017—KB4015553 (Preview of Monthly Rollup)
April 11, 2017 KB4015550 April 11, 2017—KB4015550 (Monthly Rollup)
April 11, 2017 KB4015547 April 11, 2017—KB4015547 (Security-only update)
March 21, 2017 KB4012219 March 2017 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2
**Windows Server 2016 RTM (RS1)**Release date KB Article title
May 16, 2017 KB4023680 May 26, 2017—KB4023680 (OS Build 14393.1230)
May 9, 2017 KB4019472 May 9, 2017—KB4019472 (OS Build 14393.1198)
April 11, 2017 KB4015217 April 11, 2017—KB4015217 (OS Build 14393.1066 and 14393.1083)

Verification

  • Verify the version of the following MSISCSI driver on the system:

c:\windows\system32\drivers\msiscsi.sys

The version that will expose this behavior is 6.3.9600.18624 for Windows Server 2012 R2 and version 10.0.14393.1066 for Windows Server 2016.

* The following events are logged in the System log:Event source ID Text
iScsiPrt 34 A connection to the target was lost, but the Initiator successfully reconnected to the target. Dump data contains the target name.
iScsiPrt 39 The Initiator sent a task management command to reset the target. The target name is given in the dump data.
iScsiPrt 9 Target did not respond in time for a SCSI request. The CDB is given in the dump data.
  • Review the number of threads that are running under the System process, and compare this to a known working baseline.
  • Review the number of handles that are currently opened by the System process, and compare this to a known working baseline.
  • Review the number of ephemeral ports that are being used by the System process.
  • From an administrative PowerShell, run the following command:

Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count

Or, from an administrative CMD prompt, run the following NETSTAT command together with the “Q” switch. This shows “bound” ports that are no longer connected:

NETSTAT –ANOQ

Focus on ports that are owned by the SYSTEM process.

For the three previous points, anything more than 12,000 should be considered suspect. If iSCSI targets are present in the computer, there is high probability that the issue will occur.
Resolution

If the event logs indicate that many reconnections are occurring, work with your iSCSI and network fabric vendor to help diagnose and correct the reason for the failure to maintain connections to iSCSI targets. Make sure that iSCSI targets can be accessed over the current network fabric. Install updated fixes when they become available. This article will be updated with the specific KB article number of the fix to install when it becomes available.

Note: We do not recommend that you uninstall any of the March, April, May, or June security rollups. Doing so will expose the computers to known security exploits and other bugs that are mitigated by monthly updates. We recommend that you first work with iSCSI target and network vendors to resolve the connectivity issues that are triggering target reconnects.

How to get this updateThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4025336. Prerequisites You must have the following update installed:2919355 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update: April 2014

Related

openvas 22
mskb 22
nessus 9
kaspersky 3
prion 33
cve 35
talosblog 1
trendmicroblog 1
qualysblog 1
threatpost 1
symantec 25
zdi 5
mscve 27
checkpoint_advisories 4
osv 1
myhack58 3
kitploit 1
zdt 2
seebug 1
thn 1
packetstorm 1
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4025336)
2017-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4025337)
2017-07-12 00:00:00
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025343)
2017-07-12 00:00:00
mskb
mskb
July 11, 2017—KB4025341 (Monthly Rollup)
2017-07-11 07:00:00
July 11, 2017—KB4025331 (Monthly Rollup)
2017-07-11 07:00:00
July 11, 2017—KB4025343 (Security-only update)
2017-07-11 07:00:00
nessus
nessus
Windows 8.1 and Windows Server 2012 R2 July 2017 Security Updates
2017-07-11 00:00:00
Windows 2008 July 2017 Multiple Security Updates
2017-07-11 00:00:00
Windows 7 and Windows Server 2008 R2 July 2017 Security Updates
2017-07-11 00:00:00
kaspersky
kaspersky
KLA11900 Multiple vulnerabilities in Microsoft Products (ESU)
2017-07-11 00:00:00
KLA11067 Multiple vulnerabilities in Microsoft Windows
2017-07-11 00:00:00
KLA11070 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer
2017-07-11 00:00:00
prion
prion
Privilege escalation
2017-07-11 21:29:00
Privilege escalation
2017-07-11 21:29:00
Privilege escalation
2017-07-11 21:29:00
cve
cve
CVE-2017-8580
2017-07-11 21:29:00
CVE-2017-8581
2017-07-11 21:29:00
CVE-2017-8577
2017-07-11 21:29:00
talosblog
talosblog
Microsoft Patch Tuesday - July 2017
2017-07-11 12:59:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 10, 2017
2017-07-14 12:00:02
qualysblog
qualysblog
July Patch Tuesday: 19 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches
2017-07-11 18:32:52
threatpost
threatpost
Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities
2017-07-11 16:36:23
symantec
symantec
Microsoft Windows Explorer CVE-2017-8463 Remote Code Execution Vulnerability
2017-07-11 00:00:00
Microsoft Windows Kernel 'Win32k.sys' CVE-2017-8580 Local Privilege Escalation Vulnerability
2017-07-11 00:00:00
Microsoft Windows CVE-2017-8590 Local Privilege Escalation Vulnerability
2017-07-11 00:00:00
zdi
zdi
(Pwn2Own) Microsoft Windows Palette Object Use-After-Free Privilege Escalation Vulnerability
2017-07-31 00:00:00
(Pwn2Own) Microsoft Windows CLFS Driver Uninitialized Memory Privilege Escalation Vulnerability
2017-07-11 00:00:00
(Pwn2Own) Microsoft Windows PlgBlt Integer Overflow Privilege Escalation Vulnerability
2017-07-11 00:00:00
mscve
mscve
Http.sys Information Disclosure Vulnerability
2017-07-11 07:00:00
Win32k Elevation of Privilege Vulnerability
2017-07-11 07:00:00
Kerberos SNAME Security Feature Bypass Vulnerability
2017-07-11 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Browser Security Feature Bypass (CVE-2017-8592)
2017-07-11 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2017-8578)
2017-07-11 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2017-8577)
2017-07-11 00:00:00
osv
osv
CVE-2017-8592
2017-07-11 21:29:01
myhack58
myhack58
. NET advanced code audit, the eleventh classes LosFormatter to deserialize vulnerability-vulnerability warning-the black bar safety net
2019-04-18 00:00:00
NTLM, LDAP&RDP Relay vulnerability analysis-vulnerability warning-the black bar safety net
2017-07-13 00:00:00
. NET advanced code audit of the first ten classes ObjectStateFormatter deserialize vulnerability-vulnerability warning-the black bar safety net
2019-04-17 00:00:00
kitploit
kitploit
ysoserial.net - Deserialization payload generator for a variety of .NET formatters
2017-11-26 13:14:00
zdt
zdt
Microsoft Internet Explorer 11.0.9600.18617 - CMarkup::DestroySplayTree Memory Corruption Exploit
2017-07-19 00:00:00
Microsoft Windows Kernel - IOCTL 0x120007 (NsiGetParameter) nsiproxy/netio Pool Memory Disclosure
2017-07-19 00:00:00
seebug
seebug
Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-8564)
2017-07-27 00:00:00
thn
thn
Critical Flaws Found in Windows NTLM Security Protocol – Patch Now
2017-07-11 20:23:00
packetstorm
packetstorm
Microsoft Internet Explorer 11 CMarkup::DestroySplayTree Memory Corruption
2017-07-18 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.939 High

EPSS

Percentile

99.1%

JSON
Related for KB4025336
openvas22mskb22nessus9kaspersky3prion33cve35talosblog1trendmicroblog1qualysblog1threatpost1symantec25zdi5mscve27checkpoint_advisories4osv1myhack583kitploit1zdt2seebug1thn1packetstorm1