Lucene search

K
mskbMicrosoftKB4042723
HistoryOct 16, 2017 - 7:00 a.m.

Description of the Windows Server 2008 Windows wireless WPA group key reinstallation vulnerability: October 16, 2017

2017-10-1607:00:00
Microsoft
support.microsoft.com
32

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.004

Percentile

72.8%

Description of the Windows Server 2008 Windows wireless WPA group key reinstallation vulnerability: October 16, 2017

Summary

A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploits this vulnerability could potentially replay broadcast or multicast traffic to hosts on a WPA-protected or WPA 2-protected wireless network.

To learn more about the vulnerability, go to CVE-2017-13080.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
  • This security update will not be installed unless you are running the WLAN AutoConfig service.

Improvements and fixes

This security update contains the following improvements and fixes:

  • Addressed an issue in which creating a wireless policy by using the Group Policy Management Console (GPMC) causes a name conflict in Active Directory Domain Service (AD DS).
  • Addressed an issue in which a filter restart fails because of a race condition that occurs when querying the list of supported GUIDs.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: October 16, 2017

More Information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Server 2008 file information

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File Information

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4042723-x86.msu 7A3A4418EF6D294BC6F327F1C909AC232A354D7A 414DCE7C07EB62B64FE4DFC1F9E418A03AA2275F57B06D54FAD6A0F6153C237B
Windows6.0-KB4042723-x64.msu 31F3BB67C56D9E8FD1DB20BCB36AAB6326533B08 3BC6424E9E1052115669FF3947869129301D9AC4CD7268BEFAA97DA063404EB0

For all supported x86-based versions

File name File version File size Date Time Platform
Nwifi.sys 6.0.6002.24202 148,992 13-Sep-2017 14:33 x86
Gatherwirelessinfo.vbs Not applicable 15,181 07-Mar-2016 23:40 Not applicable
Gatherwirelessinfo.xslt Not applicable 933 07-Mar-2016 23:40 Not applicable
Report.system.wireless.xml Not applicable 59,620 07-Mar-2016 23:40 Not applicable
Rules.system.wireless.xml Not applicable 164,452 07-Mar-2016 23:40 Not applicable
Wireless diagnostics.xml Not applicable 33,857 07-Mar-2016 23:40 Not applicable
Wlan.mof Not applicable 12,880 07-Mar-2016 23:40 Not applicable
Wlan.tmf Not applicable 2,502,659 13-Sep-2017 14:33 Not applicable
Wlanapi.dll 6.0.6002.24202 65,024 13-Sep-2017 15:23 x86
Wlanhlp.dll 6.0.6002.24202 68,096 13-Sep-2017 15:23 x86
Wlanmsm.dll 6.0.6002.24202 293,376 13-Sep-2017 15:23 x86
Wlansec.dll 6.0.6002.24202 303,104 13-Sep-2017 15:23 x86
Wlansvc.dll 6.0.6002.24202 513,536 13-Sep-2017 15:23 x86

For all supported x64-based versions

File name File version File size Date Time Platform
Nwifi.sys 6.0.6002.24202 187,904 13-Sep-2017 14:42 x64
Gatherwirelessinfo.vbs Not applicable 15,181 07-Mar-2016 23:40 Not applicable
Gatherwirelessinfo.xslt Not applicable 933 07-Mar-2016 23:40 Not applicable
Report.system.wireless.xml Not applicable 59,620 07-Mar-2016 23:40 Not applicable
Rules.system.wireless.xml Not applicable 164,452 07-Mar-2016 23:40 Not applicable
Wireless diagnostics.xml Not applicable 33,857 07-Mar-2016 23:40 Not applicable
Wlan.mof Not applicable 12,880 07-Mar-2016 23:40 Not applicable
Wlan.tmf Not applicable 2,610,078 13-Sep-2017 14:42 Not applicable
Wlanapi.dll 6.0.6002.24202 86,528 13-Sep-2017 15:23 x64
Wlanhlp.dll 6.0.6002.24202 97,792 13-Sep-2017 15:23 x64
Wlanmsm.dll 6.0.6002.24202 353,280 13-Sep-2017 15:23 x64
Wlansec.dll 6.0.6002.24202 376,832 13-Sep-2017 15:23 x64
Wlansvc.dll 6.0.6002.24202 615,936 13-Sep-2017 15:23 x64
Wlan.mof Not applicable 12,880 07-Mar-2016 23:40 Not applicable
Wlanapi.dll 6.0.6002.24202 65,024 13-Sep-2017 15:23 x86
Wlanhlp.dll 6.0.6002.24202 68,096 13-Sep-2017 15:23 x86
Wlanmsm.dll 6.0.6002.24202 293,376 13-Sep-2017 15:23 x86
Wlansec.dll 6.0.6002.24202 303,104 13-Sep-2017 15:23 x86

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.004

Percentile

72.8%