Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4025398
HistoryJul 11, 2017 - 7:00 a.m.

Security update for the MSINFO.exe information disclosure vulnerability in Windows Server 2008: July 11, 2017

2017-07-1107:00:00
Microsoft
support.microsoft.com
35

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

47.4%

JSON

Security update for the MSINFO.exe information disclosure vulnerability in Windows Server 2008: July 11, 2017

Summary

An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input that contains a reference to an external entity. To learn more about the vulnerability, seeCVE-2017-8557.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: July 11, 2017

More Information

File informationThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Windows Server 2008 file information

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File Information

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4025398-x86.msu CD3B4F1B12A2EE6B93C828B434B7792023503308 E2DF62930BA6E8AA582EE808E8DF4110A18DF1A9BB41E0A261472943A7999C8D
Windows6.0-KB4025398-ia64.msu 850FB2B26A39B2A7858528349FC408062F6AD4D3 3DAC24C3114137C883C08502E855F0FC52D5291B6C0FCE8D95F0F3D0F17CAA9E
Windows6.0-KB4025398-x64.msu 23E59B080A75A6D1CBB83A9871CCEA00F1FEBF5E 55420ED5AF619ACD8A3782831094898766A6D91DEF9FD4B45C2448492BD5552F

For all supported x86-based versions

File name File version File size Date Time Platform
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86

For all supported ia64-based versions

File name File version File size Date Time Platform
Msinfo32.exe 6.0.6002.19810 754,688 11-Jun-2017 20:06 IA-64
Msinfo32.exe 6.0.6002.24130 754,688 11-Jun-2017 20:04 IA-64
Msinfo32.exe 6.0.6002.19810 754,688 11-Jun-2017 20:06 IA-64
Msinfo32.exe 6.0.6002.24130 754,688 11-Jun-2017 20:04 IA-64
Msinfo32.exe 6.0.6002.19810 754,688 11-Jun-2017 20:06 IA-64
Msinfo32.exe 6.0.6002.24130 754,688 11-Jun-2017 20:04 IA-64
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86

For all supported x64-based versions

File name File version File size Date Time Platform
Msinfo32.exe 6.0.6002.19810 488,960 11-Jun-2017 20:21 x64
Msinfo32.exe 6.0.6002.24130 488,960 11-Jun-2017 20:21 x64
Msinfo32.exe 6.0.6002.19810 488,960 11-Jun-2017 20:21 x64
Msinfo32.exe 6.0.6002.24130 488,960 11-Jun-2017 20:21 x64
Msinfo32.exe 6.0.6002.19810 488,960 11-Jun-2017 20:21 x64
Msinfo32.exe 6.0.6002.24130 488,960 11-Jun-2017 20:21 x64
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.19810 408,576 11-Jun-2017 20:01 x86
Msinfo32.exe 6.0.6002.24130 408,576 11-Jun-2017 20:01 x86

Related

cve 1
symantec 1
openvas 10
mscve 1
nvd 1
prion 1
checkpoint_advisories 1
cvelist 1
nessus 8
mskb 10
kaspersky 2
trendmicroblog 1
talosblog 1
cve
cve
CVE-2017-8557
2017-07-11 21:29:00
symantec
symantec
Microsoft Windows CVE-2017-8557 Local XML External Entity Information Disclosure Vulnerability
2017-07-11 00:00:00
openvas
openvas
Microsoft Windows System Information Console Information Disclosure Vulnerability (KB4025398)
2017-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4025337)
2017-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4025341)
2017-07-12 00:00:00
mscve
mscve
Windows System Information Console Information Disclosure Vulnerability
2017-07-11 07:00:00
nvd
nvd
CVE-2017-8557
2017-07-11 21:29:00
prion
prion
Information disclosure
2017-07-11 21:29:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows System Information Console XXE Injection Information Disclosure (CVE-2017-8557)
2017-07-19 00:00:00
cvelist
cvelist
CVE-2017-8557
2017-07-11 21:00:00
nessus
nessus
Windows 7 and Windows Server 2008 R2 July 2017 Security Updates
2017-07-11 00:00:00
Windows 2008 July 2017 Multiple Security Updates
2017-07-11 00:00:00
Windows Server 2012 July 2017 Security Updates
2017-07-11 00:00:00
mskb
mskb
July 11, 2017—KB4025337 (Security-only update)
2017-09-12 07:00:00
July 11, 2017—KB4025343 (Security-only update)
2017-07-11 07:00:00
July 11, 2017—KB4025333 (Security-only update)
2017-09-12 07:00:00
kaspersky
kaspersky
KLA11900 Multiple vulnerabilities in Microsoft Products (ESU)
2017-07-11 00:00:00
KLA11067 Multiple vulnerabilities in Microsoft Windows
2017-07-11 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 10, 2017
2017-07-14 12:00:02
talosblog
talosblog
Microsoft Patch Tuesday - July 2017
2017-07-11 12:59:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

47.4%

JSON
Related for KB4025398
cve1symantec1openvas10mscve1nvd1prion1checkpoint_advisories1cvelist1nessus8mskb10kaspersky2trendmicroblog1talosblog1