Lucene search

K
mskbMicrosoftKB4039384
HistorySep 12, 2017 - 7:00 a.m.

Security update for the Windows Uniscribe vulnerabilities in Windows Server 2008: September 12, 2017

2017-09-1207:00:00
Microsoft
support.microsoft.com
13

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.592 Medium

EPSS

Percentile

97.7%

Security update for the Windows Uniscribe vulnerabilities in Windows Server 2008: September 12, 2017

Summary

Remote code execution vulnerabilities and an information disclosure vulnerability exist due to the way Windows Uniscribe handles objects in memory.

To learn more about the vulnerabilities, go to the Security Update Guide.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: September 12, 2017

More Information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Server 2008 file information

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File Information

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4039384-x86.msu 77FA7D2066BDDD8126151BD25628EEFBB63D7E43 F7747469EB24C8DC3621273DA8A00B39983B0086AFF007FB8234EBD48FA0957D
Windows6.0-KB4039384-x64.msu C4AC7BD4B3B88008F6178C42F180E436924F87A5 EFDFFDF4B6D16E3960910D32F385C2B7724BA8F13E71C028C3DDE431CCED1BD3
Windows6.0-KB4039384-ia64.msu EC85DC58346983748DC9B85DD3B10D8B229E3CAB C6433A6D6F7C5D8ADB85A963D8688363672F82462AD373360D8A96939F08416C

For all supported x86-based versions

File name File version File size Date Time Platform SP requirement Service branch
Usp10.dll 1.626.6002.19862 505,856 18-Aug-2017 16:12 x86 SP_ X86_MICROSOFT-WINDOWS-USP
Usp10.dll 1.626.6002.24183 506,368 17-Aug-2017 15:23 x86 SP_ X86_MICROSOFT-WINDOWS-USP
Win32k.sys 6.0.6002.19862 2,076,672 18-Aug-2017 14:25 x86 None Not applicable
Win32k.sys 6.0.6002.24183 2,084,352 17-Aug-2017 14:26 x86 None Not applicable
Gdiplus.dll 5.2.6002.19862 1,753,088 18-Aug-2017 16:11 x86 None Not applicable
Gdiplus.dll 5.2.6002.24183 1,753,088 17-Aug-2017 15:21 x86 None Not applicable
Gdiplus.dll 6.0.6002.19862 1,842,688 18-Aug-2017 16:11 x86 None Not applicable
Gdiplus.dll 6.0.6002.24183 1,842,688 17-Aug-2017 15:21 x86 None Not applicable

For all supported x64-based versions

File name File version File size Date Time Platform SP requirement Service branch
Usp10.dll 1.626.6002.19862 632,320 18-Aug-2017 15:48 x64 SP_ AMD64_MICROSOFT-WINDOWS-USP
Usp10.dll 1.626.6002.24183 633,344 17-Aug-2017 15:25 x64 SP_ AMD64_MICROSOFT-WINDOWS-USP
Win32k.sys 6.0.6002.19862 2,808,832 18-Aug-2017 14:34 x64 None Not applicable
Win32k.sys 6.0.6002.24183 2,811,392 17-Aug-2017 14:34 x64 None Not applicable
Gdiplus.dll 5.2.6002.19862 2,197,504 18-Aug-2017 15:45 x64 None Not applicable
Gdiplus.dll 5.2.6002.24183 2,198,016 17-Aug-2017 15:23 x64 None Not applicable
Gdiplus.dll 6.0.6002.19862 2,429,440 18-Aug-2017 15:45 x64 None Not applicable
Gdiplus.dll 6.0.6002.24183 2,429,952 17-Aug-2017 15:23 x64 None Not applicable
Usp10.dll 1.626.6002.19862 505,856 18-Aug-2017 16:12 x86 SP_ X86_MICROSOFT-WINDOWS-USP
Usp10.dll 1.626.6002.24183 506,368 17-Aug-2017 15:23 x86 SP_ X86_MICROSOFT-WINDOWS-USP
Gdiplus.dll 5.2.6002.19862 1,753,088 18-Aug-2017 16:11 x86 None Not applicable
Gdiplus.dll 5.2.6002.24183 1,753,088 17-Aug-2017 15:21 x86 None Not applicable
Gdiplus.dll 6.0.6002.19862 1,842,688 18-Aug-2017 16:11 x86 None Not applicable
Gdiplus.dll 6.0.6002.24183 1,842,688 17-Aug-2017 15:21 x86 None Not applicable

For all supported ia64-based versions

File name File version File size Date Time Platform SP requirement Service branch
Usp10.dll 1.626.6002.19862 1,010,688 18-Aug-2017 15:50 IA-64 SP_ IA64_MICROSOFT-WINDOWS-USP
Usp10.dll 1.626.6002.24183 1,011,200 17-Aug-2017 15:18 IA-64 SP_ IA64_MICROSOFT-WINDOWS-USP
Win32k.sys 6.0.6002.19862 6,697,472 18-Aug-2017 14:30 IA-64 None Not applicable
Win32k.sys 6.0.6002.24183 6,707,712 17-Aug-2017 14:28 IA-64 None Not applicable
Gdiplus.dll 5.2.6002.19862 4,918,784 18-Aug-2017 15:48 IA-64 None Not applicable
Gdiplus.dll 5.2.6002.24183 4,919,296 17-Aug-2017 15:16 IA-64 None Not applicable
Gdiplus.dll 6.0.6002.19862 5,276,160 18-Aug-2017 15:48 IA-64 None Not applicable
Gdiplus.dll 6.0.6002.24183 5,276,160 17-Aug-2017 15:16 IA-64 None Not applicable
Usp10.dll 1.626.6002.19862 505,856 18-Aug-2017 16:12 x86 SP_ X86_MICROSOFT-WINDOWS-USP
Usp10.dll 1.626.6002.24183 506,368 17-Aug-2017 15:23 x86 SP_ X86_MICROSOFT-WINDOWS-USP
Gdiplus.dll 5.2.6002.19862 1,753,088 18-Aug-2017 16:11 x86 None Not applicable
Gdiplus.dll 5.2.6002.24183 1,753,088 17-Aug-2017 15:21 x86 None Not applicable
Gdiplus.dll 6.0.6002.19862 1,842,688 18-Aug-2017 16:11 x86 None Not applicable
Gdiplus.dll 6.0.6002.24183 1,842,688 17-Aug-2017 15:21 x86 None Not applicable

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.592 Medium

EPSS

Percentile

97.7%