DATABASE RESOURCES PRICING ABOUT US

{"id": "SMB_NT_MS17_MAY_4019472.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "KB4019472: Windows 10 Version 1607 and Windows Server 2016 May 2017 Cumulative Update", "description": "The remote Windows host is missing security update KB4019472. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Edge due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0221)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "published": "2017-05-09T00:00:00", "modified": "2023-04-25T00:00:00", "epss": [{"cve": "CVE-2017-0064", "epss": 0.00232, "percentile": 0.61084, "modified": "2023-12-03"}, {"cve": "CVE-2017-0077", "epss": 0.00058, "percentile": 0.22025, "modified": "2023-12-03"}, {"cve": "CVE-2017-0171", "epss": 0.00103, "percentile": 0.41398, "modified": "2023-12-03"}, {"cve": "CVE-2017-0190", "epss": 0.05845, "percentile": 0.92584, "modified": "2023-12-03"}, {"cve": "CVE-2017-0212", "epss": 0.00049, "percentile": 0.16074, "modified": "2023-12-03"}, {"cve": "CVE-2017-0213", "epss": 0.00954, "percentile": 0.81408, "modified": "2023-12-03"}, {"cve": "CVE-2017-0214", "epss": 0.00057, "percentile": 0.21431, "modified": "2023-12-03"}, {"cve": "CVE-2017-0221", "epss": 0.00282, "percentile": 0.64944, "modified": "2023-12-03"}, {"cve": "CVE-2017-0222", "epss": 0.2715, "percentile": 0.96298, "modified": "2023-12-03"}, {"cve": "CVE-2017-0226", "epss": 0.07505, "percentile": 0.93402, "modified": "2023-12-03"}, {"cve": "CVE-2017-0227", "epss": 0.30248, "percentile": 0.96464, "modified": "2023-12-03"}, {"cve": "CVE-2017-0228", "epss": 0.1443, "percentile": 0.95174, "modified": "2023-12-03"}, {"cve": "CVE-2017-0229", "epss": 0.07369, "percentile": 0.93361, "modified": "2023-12-03"}, {"cve": "CVE-2017-0230", "epss": 0.07369, "percentile": 0.93361, "modified": "2023-12-03"}, {"cve": "CVE-2017-0231", "epss": 0.00603, "percentile": 0.76014, "modified": "2023-12-03"}, {"cve": "CVE-2017-0233", "epss": 0.00295, "percentile": 0.65811, "modified": "2023-12-03"}, {"cve": "CVE-2017-0234", "epss": 0.19319, "percentile": 0.95757, "modified": "2023-12-03"}, {"cve": "CVE-2017-0236", "epss": 0.19319, "percentile": 0.95757, "modified": "2023-12-03"}, {"cve": "CVE-2017-0238", "epss": 0.05516, "percentile": 0.92401, "modified": "2023-12-03"}, {"cve": "CVE-2017-0240", "epss": 0.19319, "percentile": 0.95757, "modified": "2023-12-03"}, {"cve": "CVE-2017-0241", "epss": 0.00137, "percentile": 0.48847, "modified": "2023-12-03"}, {"cve": "CVE-2017-0246", "epss": 0.00072, "percentile": 0.29885, "modified": "2023-12-03"}, {"cve": "CVE-2017-0248", "epss": 0.00208, "percentile": 0.58445, "modified": "2023-12-03"}, {"cve": "CVE-2017-0258", "epss": 0.00095, "percentile": 0.3947, "modified": "2023-12-03"}, {"cve": "CVE-2017-0259", "epss": 0.00067, "percentile": 0.27678, "modified": "2023-12-03"}, {"cve": "CVE-2017-0263", "epss": 0.02073, "percentile": 0.87778, "modified": "2023-12-03"}, {"cve": "CVE-2017-0266", "epss": 0.07166, "percentile": 0.93293, "modified": "2023-12-03"}, {"cve": "CVE-2017-0267", "epss": 0.03267, "percentile": 0.90186, "modified": "2023-12-03"}, {"cve": "CVE-2017-0268", "epss": 0.00676, "percentile": 0.77504, "modified": "2023-12-03"}, {"cve": "CVE-2017-0269", "epss": 0.00987, "percentile": 0.81722, "modified": "2023-12-03"}, {"cve": "CVE-2017-0270", "epss": 0.00676, "percentile": 0.77504, "modified": "2023-12-03"}, {"cve": "CVE-2017-0271", "epss": 0.03267, "percentile": 0.90186, "modified": "2023-12-03"}, {"cve": "CVE-2017-0272", "epss": 0.26603, "percentile": 0.96273, "modified": "2023-12-03"}, {"cve": "CVE-2017-0273", "epss": 0.00987, "percentile": 0.81722, "modified": "2023-12-03"}, {"cve": "CVE-2017-0274", "epss": 0.00676, "percentile": 0.77504, "modified": "2023-12-03"}, {"cve": "CVE-2017-0275", "epss": 0.01767, "percentile": 0.86575, "modified": "2023-12-03"}, {"cve": "CVE-2017-0276", "epss": 0.00676, "percentile": 0.77504, "modified": "2023-12-03"}, {"cve": "CVE-2017-0277", "epss": 0.12513, "percentile": 0.94862, "modified": "2023-12-03"}, {"cve": "CVE-2017-0278", "epss": 0.12513, "percentile": 0.94862, "modified": "2023-12-03"}, {"cve": "CVE-2017-0279", "epss": 0.12513, "percentile": 0.94862, "modified": "2023-12-03"}, {"cve": "CVE-2017-0280", "epss": 0.00574, "percentile": 0.75374, "modified": "2023-12-03"}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/100059", "reporter": "This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0263", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0241", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0248", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0279", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0238", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0226", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0240", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0212", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0228", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0275", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0268", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0171", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0213", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0231", "http://www.nessus.org/u?038b505a", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0271", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0258", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0246", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0229", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0236", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0276", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0222", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0233", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0277", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0077", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0221", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0259", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0064", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0270", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0266", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0190", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0269", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0278", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0280", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0214", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0272", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0267", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0274", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0227", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0230", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0273", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0234"], "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0221", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "immutableFields": [], "lastseen": "2023-12-05T14:55:18", "viewCount": 307, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:3D277AC0-F2F7-4AA8-82C2-06D5121D9A91", "AKB:4ABA280A-0F7F-44AC-923C-F12A105C628D", "AKB:6D4430B5-2DD4-4277-B666-3F202D23AD1B", "AKB:F61BA9AD-A584-47CA-89CE-38FB7836C0A5", "AKB:FD8F3671-7E1D-4B44-B0A0-D4BBEA6DA814"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0329", "CPAI-2017-0330", "CPAI-2017-0331", "CPAI-2017-0334", "CPAI-2017-0335", "CPAI-2017-0340", "CPAI-2017-0343", "CPAI-2017-0344", "CPAI-2017-0360", "CPAI-2017-0361", "CPAI-2017-0365", "CPAI-2017-0366", "CPAI-2017-0369", "CPAI-2017-0370", "CPAI-2017-0373", "CPAI-2017-0376", "CPAI-2017-0379", "CPAI-2017-0482", "CPAI-2017-0518", "CPAI-2017-0591"]}, {"type": "cisa", "idList": ["CISA:5FE14EDE9F5E20EB9536DC356A82AAB6", "CISA:D70586B2C2D5D982D54DA686CCF0F4D1"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2017-0213", "CISA-KEV-CVE-2017-0222", "CISA-KEV-CVE-2017-0263"]}, {"type": "cve", "idList": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0175", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0221", "CVE-2017-0222", "CVE-2017-0224", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280", "CVE-2017-8552"]}, {"type": "exploitdb", "idList": ["EDB-ID:44478"]}, {"type": "fireeye", "idList": ["FIREEYE:35D0439B3D476357F4D2F51F3D5CD294", "FIREEYE:A6971C196BCA3B73B3F64A1FE0801A5B", "FIREEYE:AA5B50E5C593F4E6EFF300E3DE9EDB85"]}, {"type": "github", "idList": ["GHSA-68CP-H96V-GG3X", "GHSA-6P7Q-85QQ-7C43", "GHSA-CH6P-4JCM-H8VH", "GHSA-P3RW-88PP-W4JH", "GHSA-RM8G-7G54-W6FH"]}, {"type": "githubexploit", "idList": ["FB99D0AC-3747-583A-AE7D-EE0F4E626D66"]}, {"type": "ibm", "idList": ["9D82307350DBA3C2E732B519728ADCBBA4E42942EC2EDA1387CCB763432CAFAB", "C0CE349C81AF5AC7494E87E330698551BF46584CA331B02039B0B4D82875B334"]}, {"type": "ics", "idList": ["ICSMA-18-058-02"]}, {"type": "kaspersky", "idList": ["KLA11002", "KLA11009", "KLA11011", "KLA11077"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0064", "MS:CVE-2017-0077", "MS:CVE-2017-0171", "MS:CVE-2017-0190", "MS:CVE-2017-0212", "MS:CVE-2017-0213", "MS:CVE-2017-0214", "MS:CVE-2017-0221", "MS:CVE-2017-0222", "MS:CVE-2017-0226", "MS:CVE-2017-0227", "MS:CVE-2017-0228", "MS:CVE-2017-0229", "MS:CVE-2017-0230", "MS:CVE-2017-0231", "MS:CVE-2017-0233", "MS:CVE-2017-0234", "MS:CVE-2017-0236", "MS:CVE-2017-0238", "MS:CVE-2017-0240", "MS:CVE-2017-0241", "MS:CVE-2017-0246", "MS:CVE-2017-0248", "MS:CVE-2017-0258", "MS:CVE-2017-0259", "MS:CVE-2017-0263", "MS:CVE-2017-0266", "MS:CVE-2017-0267", "MS:CVE-2017-0268", "MS:CVE-2017-0269", "MS:CVE-2017-0270", "MS:CVE-2017-0271", "MS:CVE-2017-0272", "MS:CVE-2017-0273", "MS:CVE-2017-0274", "MS:CVE-2017-0275", "MS:CVE-2017-0276", "MS:CVE-2017-0277", "MS:CVE-2017-0278", "MS:CVE-2017-0279", "MS:CVE-2017-0280"]}, {"type": "mskb", "idList": ["KB4016871", "KB4018196", "KB4018271", "KB4018466", "KB4018556", "KB4019108", "KB4019109", "KB4019110", "KB4019111", "KB4019112", "KB4019113", "KB4019114", "KB4019115", "KB4019149", "KB4019204", "KB4019206", "KB4019213", "KB4019214", "KB4019215", "KB4019216", "KB4019263", "KB4019264", "KB4019472", "KB4019473", "KB4019474", "KB4034658", "KB4034660", "KB4034668", "KB4034674", "KB4034681", "KB4034733", "KB4038788", "KB4466388"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786206", "MYHACK58:62201786826", "MYHACK58:62201993505"]}, {"type": "nessus", "idList": ["MS17_MAY_SMBV1.NASL", "SMB_NT_MS17-MAY_4019214.NASL", "SMB_NT_MS17_AUG_INTERNET_EXPLORER.NASL", "SMB_NT_MS17_JUNE_XP_2003.NASL", "SMB_NT_MS17_JUN_4025685_VISTA.NASL", "SMB_NT_MS17_JUN_WINDOWS8.NASL", "SMB_NT_MS17_MAY_4016871.NASL", "SMB_NT_MS17_MAY_4019112.NASL", "SMB_NT_MS17_MAY_4019215.NASL", "SMB_NT_MS17_MAY_4019264.NASL", "SMB_NT_MS17_MAY_4019473.NASL", "SMB_NT_MS17_MAY_4019474.NASL", "SMB_NT_MS17_MAY_INTERNET_EXPLORER.NASL", "SMB_NT_MS17_MAY_WIN2008.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811027", "OPENVAS:1361412562310811028", "OPENVAS:1361412562310811029", "OPENVAS:1361412562310811032", "OPENVAS:1361412562310811036", "OPENVAS:1361412562310811037", "OPENVAS:1361412562310811038", "OPENVAS:1361412562310811039", "OPENVAS:1361412562310811107", "OPENVAS:1361412562310811108", "OPENVAS:1361412562310811110", "OPENVAS:1361412562310811111", "OPENVAS:1361412562310811112", "OPENVAS:1361412562310811113", "OPENVAS:1361412562310811114", "OPENVAS:1361412562310811115", "OPENVAS:1361412562310811117", "OPENVAS:1361412562310811118", "OPENVAS:1361412562310811209", "OPENVAS:1361412562310811561"]}, {"type": "osv", "idList": ["OSV:GHSA-68CP-H96V-GG3X", "OSV:GHSA-6P7Q-85QQ-7C43", "OSV:GHSA-CH6P-4JCM-H8VH", "OSV:GHSA-P3RW-88PP-W4JH", "OSV:GHSA-RM8G-7G54-W6FH"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:5BAC820D9FD19A73AC8985AAC539E0DE"]}, {"type": "prion", "idList": ["PRION:CVE-2017-0064", "PRION:CVE-2017-0077", "PRION:CVE-2017-0171", "PRION:CVE-2017-0175", "PRION:CVE-2017-0190", "PRION:CVE-2017-0212", "PRION:CVE-2017-0213", "PRION:CVE-2017-0214", "PRION:CVE-2017-0220", "PRION:CVE-2017-0221", "PRION:CVE-2017-0222", "PRION:CVE-2017-0224", "PRION:CVE-2017-0226", "PRION:CVE-2017-0227", "PRION:CVE-2017-0228", "PRION:CVE-2017-0229", "PRION:CVE-2017-0230", "PRION:CVE-2017-0231", "PRION:CVE-2017-0233", "PRION:CVE-2017-0234", "PRION:CVE-2017-0235", "PRION:CVE-2017-0236", "PRION:CVE-2017-0238", "PRION:CVE-2017-0240", "PRION:CVE-2017-0241", "PRION:CVE-2017-0246", "PRION:CVE-2017-0248", "PRION:CVE-2017-0258", "PRION:CVE-2017-0259", "PRION:CVE-2017-0263", "PRION:CVE-2017-0266", "PRION:CVE-2017-0267", "PRION:CVE-2017-0268", "PRION:CVE-2017-0269", "PRION:CVE-2017-0270", "PRION:CVE-2017-0271", "PRION:CVE-2017-0272", "PRION:CVE-2017-0273", "PRION:CVE-2017-0274", "PRION:CVE-2017-0275", "PRION:CVE-2017-0276", "PRION:CVE-2017-0277", "PRION:CVE-2017-0278", "PRION:CVE-2017-0279", "PRION:CVE-2017-0280", "PRION:CVE-2017-8552"]}, {"type": "ptsecurity", "idList": ["PT-2017-13"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:2AFF0D4E01534CA4823F85B912170FD0", "QUALYSBLOG:E752DE2F12FECA2E217194D510424325"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:5E360655BE25ED8FE7E5EBBFACEDD115", "RAPID7COMMUNITY:70FFE7CD88D4CCE4994B4B417E2B4960"]}, {"type": "securelist", "idList": ["SECURELIST:75F0B75D28318C525992E42495D8C5EE", "SECURELIST:A40E939E20C451592F5ED01B134552A7", "SECURELIST:F845B38B54D0C8C027B3C2728E64B367"]}, {"type": "seebug", "idList": ["SSV:93091", "SSV:93092", "SSV:93116", "SSV:96267"]}, {"type": "symantec", "idList": ["SMNTC-98097", "SMNTC-98099", "SMNTC-98102", "SMNTC-98103", "SMNTC-98108", "SMNTC-98112", "SMNTC-98113", "SMNTC-98114", "SMNTC-98117", "SMNTC-98121", "SMNTC-98127", "SMNTC-98139", "SMNTC-98147", "SMNTC-98164", "SMNTC-98173", "SMNTC-98179", "SMNTC-98203", "SMNTC-98208", "SMNTC-98217", "SMNTC-98222", "SMNTC-98229", "SMNTC-98234", "SMNTC-98237", "SMNTC-98258", "SMNTC-98259", "SMNTC-98260", "SMNTC-98261", "SMNTC-98263", "SMNTC-98264", "SMNTC-98265", "SMNTC-98266", "SMNTC-98267", "SMNTC-98268", "SMNTC-98270", "SMNTC-98271", "SMNTC-98272", "SMNTC-98273", "SMNTC-98274", "SMNTC-98276", "SMNTC-98281", "SMNTC-98298"]}, {"type": "thn", "idList": ["THN:35CDED923C2A70050CA53879EA860398", "THN:6885760BEEB9A6CBDFB108443DDF540C"]}, {"type": "threatpost", "idList": ["THREATPOST:22AA852BEEA43B18D4341D7ADA922536", "THREATPOST:3649750E149C0B00551806E47C047B39", "THREATPOST:D75255A60A5F03024D8AEF37C1FD4993", "THREATPOST:FC2B25371317ED019A81553465477089"]}, {"type": "trellix", "idList": ["TRELLIX:74FAC35289D6D61DCD4748FD57DC98A4", "TRELLIX:FE12B761BD43347DD424F6A771CD007C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:19E8275962B505769288D026F9990B4A", "TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B"]}, {"type": "veracode", "idList": ["VERACODE:7942", "VERACODE:7943", "VERACODE:7944", "VERACODE:7947", "VERACODE:7948", "VERACODE:7949", "VERACODE:7950", "VERACODE:7952"]}, {"type": "zdi", "idList": ["ZDI-17-323", "ZDI-17-324", "ZDI-17-325", "ZDI-17-326", "ZDI-17-327", "ZDI-17-328", "ZDI-17-329", "ZDI-17-371", "ZDI-17-464", "ZDI-18-239"]}, {"type": "zdt", "idList": ["1337DAY-ID-27776", "1337DAY-ID-27777", "1337DAY-ID-27797", "1337DAY-ID-27798", "1337DAY-ID-30198"]}]}, "score": {"value": 9.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:F61BA9AD-A584-47CA-89CE-38FB7836C0A5", "AKB:FD8F3671-7E1D-4B44-B0A0-D4BBEA6DA814"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0329", "CPAI-2017-0330", "CPAI-2017-0331", "CPAI-2017-0334", "CPAI-2017-0335", "CPAI-2017-0340", "CPAI-2017-0343", "CPAI-2017-0344", "CPAI-2017-0360", "CPAI-2017-0361", "CPAI-2017-0365", "CPAI-2017-0366", "CPAI-2017-0369", "CPAI-2017-0370", "CPAI-2017-0373", "CPAI-2017-0376", "CPAI-2017-0379", "CPAI-2017-0482", "CPAI-2017-0518", "CPAI-2017-0591"]}, {"type": "cisa", "idList": ["CISA:D70586B2C2D5D982D54DA686CCF0F4D1"]}, {"type": "cve", "idList": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0221", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"]}, {"type": "exploitdb", "idList": ["EDB-ID:44478"]}, {"type": "fireeye", "idList": ["FIREEYE:A6971C196BCA3B73B3F64A1FE0801A5B"]}, {"type": "github", "idList": ["GHSA-CH6P-4JCM-H8VH"]}, {"type": "githubexploit", "idList": ["FB99D0AC-3747-583A-AE7D-EE0F4E626D66"]}, {"type": "ibm", "idList": ["C0CE349C81AF5AC7494E87E330698551BF46584CA331B02039B0B4D82875B334"]}, {"type": "kaspersky", "idList": ["KLA11002", "KLA11009", "KLA11011"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0064", "MS:CVE-2017-0077", "MS:CVE-2017-0171", "MS:CVE-2017-0190", "MS:CVE-2017-0213", "MS:CVE-2017-0214", "MS:CVE-2017-0222", "MS:CVE-2017-0226", "MS:CVE-2017-0228", "MS:CVE-2017-0231", "MS:CVE-2017-0233", "MS:CVE-2017-0234", "MS:CVE-2017-0236", "MS:CVE-2017-0238", "MS:CVE-2017-0240", "MS:CVE-2017-0241", "MS:CVE-2017-0246", "MS:CVE-2017-0248", "MS:CVE-2017-0258", "MS:CVE-2017-0259", "MS:CVE-2017-0263", "MS:CVE-2017-0266", "MS:CVE-2017-0267", "MS:CVE-2017-0268", "MS:CVE-2017-0269", "MS:CVE-2017-0270", "MS:CVE-2017-0271", "MS:CVE-2017-0272", "MS:CVE-2017-0273", "MS:CVE-2017-0274", "MS:CVE-2017-0275", "MS:CVE-2017-0276", "MS:CVE-2017-0278", "MS:CVE-2017-0279", "MS:CVE-2017-0280"]}, {"type": "mskb", "idList": ["KB4019473"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786826"]}, {"type": "nessus", "idList": ["MS17_MAY_SMBV1.NASL", "SMB_HOTFIXES.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811027", "OPENVAS:1361412562310811028", "OPENVAS:1361412562310811029", "OPENVAS:1361412562310811032", "OPENVAS:1361412562310811036", "OPENVAS:1361412562310811037", "OPENVAS:1361412562310811038", "OPENVAS:1361412562310811039", "OPENVAS:1361412562310811107", "OPENVAS:1361412562310811108", "OPENVAS:1361412562310811110", "OPENVAS:1361412562310811111", "OPENVAS:1361412562310811112", "OPENVAS:1361412562310811113", "OPENVAS:1361412562310811114", "OPENVAS:1361412562310811115", "OPENVAS:1361412562310811117", "OPENVAS:1361412562310811118", "OPENVAS:1361412562310811209"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:5BAC820D9FD19A73AC8985AAC539E0DE"]}, {"type": "ptsecurity", "idList": ["PT-2017-13"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:2AFF0D4E01534CA4823F85B912170FD0", "QUALYSBLOG:E752DE2F12FECA2E217194D510424325"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:70FFE7CD88D4CCE4994B4B417E2B4960"]}, {"type": "securelist", "idList": ["SECURELIST:A40E939E20C451592F5ED01B134552A7", "SECURELIST:F845B38B54D0C8C027B3C2728E64B367"]}, {"type": "seebug", "idList": ["SSV:93091", "SSV:93092", "SSV:93116"]}, {"type": "symantec", "idList": ["SMNTC-98108"]}, {"type": "thn", "idList": ["THN:35CDED923C2A70050CA53879EA860398", "THN:6885760BEEB9A6CBDFB108443DDF540C"]}, {"type": "threatpost", "idList": ["THREATPOST:D75255A60A5F03024D8AEF37C1FD4993", "THREATPOST:FC2B25371317ED019A81553465477089"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B"]}, {"type": "zdi", "idList": ["ZDI-17-323", "ZDI-17-324", "ZDI-17-325", "ZDI-17-326", "ZDI-17-327", "ZDI-17-328", "ZDI-17-329", "ZDI-17-371", "ZDI-17-464"]}, {"type": "zdt", "idList": ["1337DAY-ID-27777", "1337DAY-ID-27797"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-0064", "epss": 0.00232, "percentile": 0.59867, "modified": "2023-05-06"}, {"cve": "CVE-2017-0077", "epss": 0.00058, "percentile": 0.21891, "modified": "2023-05-06"}, {"cve": "CVE-2017-0171", "epss": 0.00103, "percentile": 0.40676, "modified": "2023-05-06"}, {"cve": "CVE-2017-0190", "epss": 0.05448, "percentile": 0.9198, "modified": "2023-05-06"}, {"cve": "CVE-2017-0212", "epss": 0.00049, "percentile": 0.16266, "modified": "2023-05-06"}, {"cve": "CVE-2017-0213", "epss": 0.00603, "percentile": 0.75382, "modified": "2023-05-06"}, {"cve": "CVE-2017-0214", "epss": 0.00057, "percentile": 0.21513, "modified": "2023-05-06"}, {"cve": "CVE-2017-0221", "epss": 0.00282, "percentile": 0.63806, "modified": "2023-05-06"}, {"cve": "CVE-2017-0222", "epss": 0.32124, "percentile": 0.96371, "modified": "2023-05-06"}, {"cve": "CVE-2017-0226", "epss": 0.07671, "percentile": 0.93175, "modified": "2023-05-06"}, {"cve": "CVE-2017-0227", "epss": 0.35473, "percentile": 0.96503, "modified": "2023-05-06"}, {"cve": "CVE-2017-0228", "epss": 0.1443, "percentile": 0.94889, "modified": "2023-05-06"}, {"cve": "CVE-2017-0229", "epss": 0.04173, "percentile": 0.90924, "modified": "2023-05-06"}, {"cve": "CVE-2017-0230", "epss": 0.04173, "percentile": 0.90924, "modified": "2023-05-06"}, {"cve": "CVE-2017-0231", "epss": 0.00603, "percentile": 0.75382, "modified": "2023-05-06"}, {"cve": "CVE-2017-0233", "epss": 0.00295, "percentile": 0.6472, "modified": "2023-05-06"}, {"cve": "CVE-2017-0234", "epss": 0.26656, "percentile": 0.96048, "modified": "2023-05-06"}, {"cve": "CVE-2017-0236", "epss": 0.26656, "percentile": 0.96048, "modified": "2023-05-06"}, {"cve": "CVE-2017-0238", "epss": 0.05641, "percentile": 0.92103, "modified": "2023-05-06"}, {"cve": "CVE-2017-0240", "epss": 0.26656, "percentile": 0.96048, "modified": "2023-05-06"}, {"cve": "CVE-2017-0241", "epss": 0.00137, "percentile": 0.47783, "modified": "2023-05-06"}, {"cve": "CVE-2017-0246", "epss": 0.00072, "percentile": 0.29487, "modified": "2023-05-06"}, {"cve": "CVE-2017-0248", "epss": 0.00208, "percentile": 0.57276, "modified": "2023-05-06"}, {"cve": "CVE-2017-0258", "epss": 0.00125, "percentile": 0.45653, "modified": "2023-05-06"}, {"cve": "CVE-2017-0259", "epss": 0.00073, "percentile": 0.29933, "modified": "2023-05-06"}, {"cve": "CVE-2017-0263", "epss": 0.01068, "percentile": 0.82063, "modified": "2023-05-06"}, {"cve": "CVE-2017-0266", "epss": 0.07325, "percentile": 0.9306, "modified": "2023-05-06"}, {"cve": "CVE-2017-0267", "epss": 0.03267, "percentile": 0.89826, "modified": "2023-05-06"}, {"cve": "CVE-2017-0268", "epss": 0.00676, "percentile": 0.769, "modified": "2023-05-06"}, {"cve": "CVE-2017-0269", "epss": 0.00987, "percentile": 0.81294, "modified": "2023-05-06"}, {"cve": "CVE-2017-0270", "epss": 0.00676, "percentile": 0.769, "modified": "2023-05-06"}, {"cve": "CVE-2017-0271", "epss": 0.03267, "percentile": 0.89826, "modified": "2023-05-06"}, {"cve": "CVE-2017-0272", "epss": 0.27113, "percentile": 0.96078, "modified": "2023-05-06"}, {"cve": "CVE-2017-0273", "epss": 0.00987, "percentile": 0.81294, "modified": "2023-05-06"}, {"cve": "CVE-2017-0274", "epss": 0.00676, "percentile": 0.769, "modified": "2023-05-06"}, {"cve": "CVE-2017-0275", "epss": 0.01767, "percentile": 0.86141, "modified": "2023-05-06"}, {"cve": "CVE-2017-0276", "epss": 0.00676, "percentile": 0.769, "modified": "2023-05-06"}, {"cve": "CVE-2017-0277", "epss": 0.12809, "percentile": 0.94621, "modified": "2023-05-06"}, {"cve": "CVE-2017-0278", "epss": 0.12809, "percentile": 0.94621, "modified": "2023-05-06"}, {"cve": "CVE-2017-0279", "epss": 0.12809, "percentile": 0.94621, "modified": "2023-05-06"}, {"cve": "CVE-2017-0280", "epss": 0.00574, "percentile": 0.74713, "modified": "2023-05-06"}], "vulnersScore": 9.0}, "_state": {"dependencies": 1701809382, "score": 1701808983, "epss": 0}, "_internal": {"score_hash": "7dcb2bf26e27dcdcb1053ac137f8625f"}, "pluginID": "100059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100059);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0171\",\n \"CVE-2017-0190\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0221\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0230\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0266\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98097,\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98147,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98217,\n 98222,\n 98229,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98276,\n 98281,\n 98298\n );\n script_xref(name:\"MSKB\", value:\"4019472\");\n script_xref(name:\"MSFT\", value:\"MS17-4019472\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4019472: Windows 10 Version 1607 and Windows Server 2016 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4019472. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - A denial of service vulnerability exists in the Windows\n DNS server when it's configured to answer version\n queries. An unauthenticated, remote attacker can exploit\n this, via a malicious DNS query, to cause the DNS server\n to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics Device Interface (GDI) due to improper\n handling of objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-0221)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the\n Microsoft scripting engines due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n crafted web page or open a crafted Office document file,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4019472/windows-10-update-kb4019472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?038b505a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4019472.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-0233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\n## NB: Microsoft \nbulletin = 'MS17-05';\nkbs = make_list(4019472);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# Update only applies to Window 10 1607 / Server 2016\nif (hotfix_check_sp_range(win10:'0') <= 0) \n audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 10 1607 / Server 2016\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"05_2017\", bulletin:bulletin, rollup_kb_list:kbs)\n)\n{\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Apply security update KB4019472.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2017-0272", "vendor_cvss2": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2017-05-09T00:00:00", "vulnerabilityPublicationDate": "2017-05-09T00:00:00", "exploitableWith": ["Core Impact"]}

{"openvas": [{"lastseen": "2020-06-08T23:25:18", "description": "This host is missing important/critical\n security update according to Microsoft Security update KB4019474.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811111", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4019474)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811111\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0190\", \"CVE-2017-0212\",\n \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0222\", \"CVE-2017-0226\",\n \"CVE-2017-0227\", \"CVE-2017-0228\", \"CVE-2017-0229\", \"CVE-2017-0231\",\n \"CVE-2017-0233\", \"CVE-2017-0234\", \"CVE-2017-0236\", \"CVE-2017-0238\",\n \"CVE-2017-0240\", \"CVE-2017-0241\", \"CVE-2017-0246\", \"CVE-2017-0248\",\n \"CVE-2017-0258\", \"CVE-2017-0259\", \"CVE-2017-0263\", \"CVE-2017-0267\",\n \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\", \"CVE-2017-0271\",\n \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\", \"CVE-2017-0275\",\n \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\", \"CVE-2017-0279\",\n \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98298, 98099, 98102, 98103, 98127, 98139, 98281,\n 98164, 98217, 98173, 98179, 98229, 98234, 98237, 98203, 98208,\n 98108, 98117, 98112, 98113, 98258, 98259, 98261, 98263, 98264,\n 98265, 98260, 98274, 98266, 98267, 98268, 98270, 98271, 98272,\n 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 08:55:53 +0530 (Wed, 10 May 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4019474)\");\n\n script_tag(name:\"summary\", value:\"This host is missing important/critical\n security update according to Microsoft Security update KB4019474.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, execute\n arbitrary code in the context of the current user, gain the same user rights as\n the current user, could take control of an affected system, spoof content, bypass\n certain security restrictions and cause a host machine to crash.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4019474\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_is_less(version:edgeVer, test_version:\"11.0.10240.17394\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: Less than 11.0.10240.17394\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:39", "description": "This host is missing a critical/important\n security update according to Microsoft KB4019472.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0221", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811107", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4019472)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811107\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0171\", \"CVE-2017-0190\",\n \"CVE-2017-0212\", \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0221\",\n \"CVE-2017-0222\", \"CVE-2017-0226\", \"CVE-2017-0227\", \"CVE-2017-0228\",\n \"CVE-2017-0229\", \"CVE-2017-0230\", \"CVE-2017-0231\", \"CVE-2017-0233\",\n \"CVE-2017-0234\", \"CVE-2017-0236\", \"CVE-2017-0238\", \"CVE-2017-0240\",\n \"CVE-2017-0241\", \"CVE-2017-0246\", \"CVE-2017-0248\", \"CVE-2017-0258\",\n \"CVE-2017-0259\", \"CVE-2017-0263\", \"CVE-2017-0266\", \"CVE-2017-0267\",\n \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\", \"CVE-2017-0271\",\n \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\", \"CVE-2017-0275\",\n \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\", \"CVE-2017-0279\",\n \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98097, 98298, 98099, 98102, 98103, 98147, 98127,\n 98139, 98281, 98164, 98217, 98222, 98173, 98179, 98229, 98234,\n 98237, 98203, 98208, 98108, 98117, 98112, 98113, 98258, 98276,\n 98259, 98261, 98263, 98264, 98265, 98260, 98274, 98266, 98267,\n 98268, 98270, 98271, 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 08:54:53 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4019472)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical/important\n security update according to Microsoft KB4019472.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, execute\n arbitrary code in the context of the current user, gain the same user rights as\n the current user, could take control of an affected system, spoof content, bypass\n certain security restrictions and cause a host machine to crash.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4019472\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1197\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.14393.0 - 11.0.14393.1197\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:29:30", "description": "This host is missing a critical security\n update (monthly rollup) according to microsoft KB4019215.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Monthly Rollup (KB4019215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811113", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Monthly Rollup (KB4019215)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811113\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0171\", \"CVE-2017-0190\",\n \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0222\", \"CVE-2017-0226\",\n \"CVE-2017-0228\", \"CVE-2017-0231\", \"CVE-2017-0238\", \"CVE-2017-0246\",\n \"CVE-2017-0258\", \"CVE-2017-0259\", \"CVE-2017-0263\", \"CVE-2017-0267\",\n \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\", \"CVE-2017-0271\",\n \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\", \"CVE-2017-0275\",\n \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\", \"CVE-2017-0279\",\n \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98097, 98298, 98102, 98103, 98127, 98139, 98164,\n 98173, 98237, 98108, 98112, 98113, 98258, 98259, 98261, 98263,\n 98264, 98265, 98260, 98274, 98266, 98267, 98268, 98270, 98271,\n 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 12:07:03 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Monthly Rollup (KB4019215)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update (monthly rollup) according to microsoft KB4019215.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This monthly rollup,\n\n - Addressed issue where applications that use msado15.dll stop working after\n installing security update 4015550.\n\n - Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server\n Authentication.\n\n - Updated Internet Explorer 11's New Tab Page with an integrated newsfeed.\n\n - Includes security updates to Microsoft Graphics Component, Microsoft Windows\n DNS, Windows COM, Windows Server, Windows kernel, and Internet Explorer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute code or elevate user privileges, take control of the affected system,\n bypass security restrictions, conduct denial-of-service condition, gain access\n to potentially sensitive information and spoof content by tricking a user by\n redirecting the user to a specially crafted website.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64 systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4019215\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\ngdiVer = fetch_file_version(sysPath:sysPath, file_name:\"Ole32.dll\");\nif(!gdiVer){\n exit(0);\n}\n\nif(version_is_less(version:gdiVer, test_version:\"6.3.9600.18666\"))\n{\n report = 'File checked: ' + sysPath + \"\\System32\\Ole32.dll\" + '\\n' +\n 'File version: ' + gdiVer + '\\n' +\n 'Vulnerable range: Less than 6.3.9600.18666\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:25:38", "description": "This host is missing a critical/important\n security update according to Microsoft KB4019473.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811110", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4019473)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811110\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0190\", \"CVE-2017-0212\",\n \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0222\", \"CVE-2017-0226\",\n \"CVE-2017-0227\", \"CVE-2017-0228\", \"CVE-2017-0229\", \"CVE-2017-0231\",\n \"CVE-2017-0233\", \"CVE-2017-0234\", \"CVE-2017-0236\", \"CVE-2017-0238\",\n \"CVE-2017-0240\", \"CVE-2017-0241\", \"CVE-2017-0246\", \"CVE-2017-0248\",\n \"CVE-2017-0258\", \"CVE-2017-0259\", \"CVE-2017-0263\", \"CVE-2017-0266\",\n \"CVE-2017-0267\", \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\",\n \"CVE-2017-0271\", \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\",\n \"CVE-2017-0275\", \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\",\n \"CVE-2017-0279\", \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98298, 98099, 98102, 98103, 98127, 98139, 98281,\n 98164, 98217, 98173, 98179, 98229, 98234, 98237, 98203, 98208,\n 98108, 98117, 98112, 98113, 98258, 98276, 98259, 98261, 98263,\n 98264, 98265, 98260, 98274, 98266, 98267, 98268, 98270, 98271,\n 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 08:55:53 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4019473)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical/important\n security update according to Microsoft KB4019473.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, execute\n arbitrary code in the context of the current user, gain the same user rights as\n the current user, could take control of an affected system, spoof content, bypass\n certain security restrictions and cause a host machine to crash.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4019473\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.915\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10586.0 - 11.0.10586.915\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:21", "description": "This host is missing a critical security\n update according to Microsoft Security update KB4016871.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4016871)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0235", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0224", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811108", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4016871)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811108\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0212\", \"CVE-2017-0213\",\n \"CVE-2017-0214\", \"CVE-2017-0222\", \"CVE-2017-0224\", \"CVE-2017-0226\",\n \"CVE-2017-0227\", \"CVE-2017-0228\", \"CVE-2017-0229\", \"CVE-2017-0230\",\n \"CVE-2017-0231\", \"CVE-2017-0233\", \"CVE-2017-0234\", \"CVE-2017-0235\",\n \"CVE-2017-0236\", \"CVE-2017-0238\", \"CVE-2017-0240\", \"CVE-2017-0241\",\n \"CVE-2017-0246\", \"CVE-2017-0248\", \"CVE-2017-0258\", \"CVE-2017-0259\",\n \"CVE-2017-0263\", \"CVE-2017-0266\", \"CVE-2017-0267\", \"CVE-2017-0268\",\n \"CVE-2017-0269\", \"CVE-2017-0270\", \"CVE-2017-0271\", \"CVE-2017-0272\",\n \"CVE-2017-0273\", \"CVE-2017-0274\", \"CVE-2017-0275\", \"CVE-2017-0276\",\n \"CVE-2017-0277\", \"CVE-2017-0278\", \"CVE-2017-0279\", \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98099, 98102, 98103, 98127, 98214, 98139, 98281,\n 98164, 98217, 98222, 98173, 98179, 98229, 98230, 98234, 98237,\n 98203, 98208, 98108, 98117, 98112, 98113, 98258, 98276, 98259,\n 98261, 98263, 98264, 98265, 98260, 98274, 98266, 98267, 98268,\n 98270, 98271, 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 08:52:53 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4016871)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Security update KB4016871.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This monthly rollup,\n\n - Addressed issue with Surface Hub devices waking from sleep approximately\n every four minutes after the first two hours.\n\n - Addressed issue where autochk.exe can randomly skip drive checks and not fix\n corruptions, which may lead to data loss.\n\n - Addressed an issue where Microsoft Edge users in networking environments that\n do not fully support the TCP Fast Open standard may have problems connecting\n to some websites. Users can re-enable TCP Fast Open in about:flags.\n\n - Addressed issues with Arc Touch mouse Bluetooth connectivity.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, execute\n arbitrary code in the context of the current user, gain the same user rights as\n the current user, could take control of an affected system, cause a host\n machine to crash, spoof content and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4016871\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4016871\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.295\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.15063.0 - 11.0.15063.295\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:18:57", "description": "This host is missing a critical/important\n security update according to Microsoft KB4019623", "cvss3": {}, "published": "2017-06-19T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019623)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0269", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0268", "CVE-2017-0276"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811209", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4019623)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811209\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0267\", \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\",\n \"CVE-2017-0271\", \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\",\n \"CVE-2017-0275\", \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\",\n \"CVE-2017-0279\", \"CVE-2017-0280\");\n script_bugtraq_id(98259, 98261, 98263, 98264, 98265, 98260, 98274, 98266,\n 98267, 98268, 98270, 98271, 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-19 11:10:25 +0530 (Mon, 19 Jun 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4019623)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical/important\n security update according to Microsoft KB4019623\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to the error in\n the way Microsoft Server Message Block 1.0 (SMBv1) server handles certain\n requests.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause the affected system to stop responding until it is manually\n restarted. Also successful exploitation will allow attacker to get sensitive\n data and execute arbitrary code in context of current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 8 x86/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4019623\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025687\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8:1, win8x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nif(!asVer = fetch_file_version(sysPath:sysPath, file_name:\"drivers\\srv.sys\")){\n exit(0);\n}\n\nif(version_is_less(version:asVer, test_version:\"6.2.9200.22137\"))\n{\n report = 'File checked: ' + sysPath + \"\\drivers\\srv.sys\" + '\\n' +\n 'File version: ' + asVer + '\\n' +\n 'Vulnerable range: ' + 'Less than 6.2.9200.22137' + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:22:44", "description": "This host is missing a critical security\n update (monthly rollup) according to microsoft KB4019214", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Monthly Rollup (KB4019214)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Monthly Rollup (KB4019214)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811112\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0171\", \"CVE-2017-0190\",\n \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0220\", \"CVE-2017-0222\",\n \"CVE-2017-0226\", \"CVE-2017-0238\", \"CVE-2017-0245\", \"CVE-2017-0246\",\n \"CVE-2017-0258\", \"CVE-2017-0263\", \"CVE-2017-0267\", \"CVE-2017-0268\",\n \"CVE-2017-0269\", \"CVE-2017-0270\", \"CVE-2017-0271\", \"CVE-2017-0272\",\n \"CVE-2017-0273\", \"CVE-2017-0274\", \"CVE-2017-0275\", \"CVE-2017-0276\",\n \"CVE-2017-0277\", \"CVE-2017-0278\", \"CVE-2017-0279\", \"CVE-2017-0280\");\n script_bugtraq_id(98114, 98115, 98112, 98111, 98097, 98274, 98273, 98298, 98271,\n 98270, 98272, 98259, 98258, 98237, 98108, 98121, 98127, 98103,\n 98102, 98260, 98261, 98263, 98264, 98265, 98266, 98267, 98268,\n 98139);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 11:57:51 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Monthly Rollup (KB4019214)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update (monthly rollup) according to microsoft KB4019214\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This security update includes quality\n and security improvements in Microsoft Graphics Component, Windows COM,\n Windows Server, Windows Kernel and Microsoft Windows DNS\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute code or elevate user privileges, take control of the affected system,\n and access information from one domain and inject it into another domain, bypass\n security restrictions, conduct denial-of-service condition and gain access to\n potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4019214\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\ngdiVer = fetch_file_version(sysPath:sysPath, file_name:\"Ole32.dll\");\nif(!gdiVer){\n exit(0);\n}\n\nif(version_is_less(version:gdiVer, test_version:\"6.2.9200.22141\"))\n{\n report = 'File checked: ' + sysPath + \"\\Ole32.dll\" + '\\n' +\n 'File version: ' + gdiVer + '\\n' +\n 'Vulnerable range: Less than 6.2.9200.22141\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:47:51", "description": "This host is missing a critical/important\n security update according to Microsoft KB4018466", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft SMB Multiple Vulnerabilities (KB4018466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0269", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0268", "CVE-2017-0276"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811117", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SMB Multiple Vulnerabilities (KB4018466)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811117\");\n script_version(\"2019-12-20T12:42:55+0000\");\n script_cve_id(\"CVE-2017-0267\", \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\",\n \"CVE-2017-0271\", \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\",\n \"CVE-2017-0275\", \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\",\n \"CVE-2017-0279\", \"CVE-2017-0280\");\n script_bugtraq_id(98259, 98261, 98263, 98264, 98265, 98260, 98274, 98266,\n 98267, 98268, 98270, 98271, 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:42:55 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 12:51:18 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft SMB Multiple Vulnerabilities (KB4018466)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical/important\n security update according to Microsoft KB4018466\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to the error in\n the way Microsoft Server Message Block 1.0 (SMBv1) server handles certain\n requests.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause the affected system to stop responding until it is manually\n restarted. Also successful exploitation will allow attacker to get sensitive\n data and execute arbitrary code in context of current user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows XP SP2 x64\n\n - Microsoft Windows XP SP3 x86\n\n - Microsoft Windows Vista x32/x64 Edition Service Pack 2\n\n - Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4018466\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025687\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win2008:3, winVistax64:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nif(!asVer = fetch_file_version(sysPath:sysPath, file_name:\"drivers\\srv.sys\")){\n exit(0);\n}\n\nif(hotfix_check_sp(winVista:3, winVistax64:3, win2008:3, win2008x64:3) > 0)\n{\n\n if(version_is_less(version:asVer, test_version:\"6.0.6002.19765\"))\n {\n Vulnerable_range = \"Less than 6.0.6002.19765\";\n VULN = TRUE ;\n }\n\n else if(version_in_range(version:asVer, test_version:\"6.0.6002.22000\", test_version2:\"6.0.6002.24088\"))\n {\n Vulnerable_range = \"6.0.6002.22000 - 6.0.6002.24088\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(xp:4) > 0)\n{\n if(version_is_less(version:asVer, test_version:\"5.1.2600.7238\"))\n {\n Vulnerable_range = \"Less than 5.1.2600.7238\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win2003:3, win2003x64:3, xpx64:3) > 0)\n{\n if(version_is_less(version:asVer, test_version:\"5.2.3790.6051\"))\n {\n Vulnerable_range = \"Less than 5.2.3790.6051\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\drivers\\srv.sys\" + '\\n' +\n 'File version: ' + asVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:22:43", "description": "This host is missing a critical security\n update (monthly rollup) according to Microsoft KB4019264.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Monthly Rollup (KB4019264)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0231", "CVE-2017-0244", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-8552", "CVE-2017-0268", "CVE-2017-0242", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246", "CVE-2017-0175"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Monthly Rollup (KB4019264)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811114\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0171\", \"CVE-2017-0175\",\n \"CVE-2017-0190\", \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0220\",\n \"CVE-2017-0222\", \"CVE-2017-0231\", \"CVE-2017-0242\", \"CVE-2017-0244\",\n \"CVE-2017-0245\", \"CVE-2017-0246\", \"CVE-2017-0258\", \"CVE-2017-0263\",\n \"CVE-2017-0267\", \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\",\n \"CVE-2017-0271\", \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\",\n \"CVE-2017-0275\", \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\",\n \"CVE-2017-0279\", \"CVE-2017-0280\", \"CVE-2017-8552\");\n script_bugtraq_id(98121, 98114, 98097, 98110, 98298, 98102, 98103, 98111, 98127,\n 98173, 98275, 98109, 98115, 98108, 98112, 98258, 98259, 98261,\n 98263, 98264, 98265, 98260, 98274, 98266, 98267, 98268, 98270,\n 98271, 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 12:07:03 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Monthly Rollup (KB4019264)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update (monthly rollup) according to Microsoft KB4019264.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This monthly rollup,\n\n - Addressed issue where applications that use msado15.dll stop working after\n installing security update 4015550.\n\n - Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server\n Authentication.\n\n - Updated Internet Explorer 11's New Tab Page with an integrated newsfeed.\n\n - Includes security updates to Microsoft Graphics Component, Microsoft Windows\n DNS, Windows COM, Windows Server, Windows kernel, and Internet Explorer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute code or elevate user privileges, take control of the affected system,\n bypass security restrictions, conduct denial-of-service condition, gain access\n to potentially sensitive information and spoof content by tricking a user by\n redirecting the user to a specially crafted website.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4019264\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp( win7:2, win7x64:2, win2008r2:2 ) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath){\n exit(0);\n}\n\ngdiVer = fetch_file_version(sysPath:sysPath, file_name:\"Ole32.dll\");\nif(!gdiVer){\n exit(0);\n}\n\nif(version_is_less(version:gdiVer, test_version:\"6.1.7601.23775\"))\n{\n report = 'File checked: ' + sysPath + \"\\Ole32.dll\" + '\\n' +\n 'File version: ' + gdiVer + '\\n' +\n 'Vulnerable range: Less than 6.1.7601.23775\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:20:52", "description": "This host is missing a critical security\n update according to Microsoft security updates KB4018271.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (KB4018271)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0228", "CVE-2017-0064", "CVE-2017-0238", "CVE-2017-0222"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (KB4018271)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811032\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0222\", \"CVE-2017-0226\", \"CVE-2017-0228\",\n \"CVE-2017-0231\", \"CVE-2017-0238\");\n script_bugtraq_id(98121, 98127, 98139, 98164, 98173, 98237);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 12:38:44 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (KB4018271)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft security updates KB4018271.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the way JavaScript scripting engines handle objects in memory\n in Microsoft browsers.\n\n - An error when Microsoft browsers render SmartScreen Filter.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to trick a user by redirecting the user to a specially crafted website, loading\n of unsecure content (HTTP) from secure locations (HTTPS) and to execute\n arbitrary code in the context of the current user.If the current user is logged\n on with administrative user rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system. An attacker could then\n install programs, view, change, or delete data or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 9.x, 10.x and 11.x.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4018271\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0064\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0228\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0231\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0238\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3, winVistax64:3,\n win2008:3, win2008x64:3, win7:2, win7x64:2, win2008r2:2, win8:1,\n win8x64:1, win2012:1, win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^([89|1[01])\\.\"){\n exit(0);\n}\n\niePath = smb_get_system32root();\nif(!iePath ){\n exit(0);\n}\n\niedllVer = fetch_file_version(sysPath:iePath, file_name:\"Mshtml.dll\");\nif(!iedllVer){\n exit(0);\n}\n\n\n##Server 2008 and vista\nif(hotfix_check_sp(winVista:3, winVistax64:3, win2008:3, win2008x64:3) > 0)\n{\n if(version_in_range(version:iedllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16895\"))\n {\n Vulnerable_range = \"9.0.8112.16000 - 9.0.8112.16895\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:iedllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.21006\"))\n {\n Vulnerable_range = \"9.0.8112.20000 - 9.0.8112.21006\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(xp:4, win2003:3, win2003x64:3, xpx64:3) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"8.0.6001.23942\"))\n {\n Vulnerable_range = \"Less than 8.0.6001.23942\";\n VULN = TRUE ;\n }\n}\n\n# Win 2012, Win 8\nelse if(hotfix_check_sp(win2012:1, win8:1, win8x64:1) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"10.0.9200.22137\"))\n {\n Vulnerable_range = \"Less than 10.0.9200.22137\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1, win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"11.0.9600.18666\"))\n {\n Vulnerable_range = \"Less than 11.0.9600.18666\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + iePath + \"\\Mshtml.dll\" + '\\n' +\n 'File version: ' + iedllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:54", "description": "This host is missing an important security\n update according to Microsoft KB4018556", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft COM Multiple Vulnerabilities (KB4018556)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0244", "CVE-2017-0214", "CVE-2017-0258", "CVE-2017-0213"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811118", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811118", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft COM Multiple Vulnerabilities (KB4018556)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811118\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0244\", \"CVE-2017-0258\");\n script_bugtraq_id(98112, 98109, 98103, 98102);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 12:51:18 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft COM Multiple Vulnerabilities (KB4018556)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4018556\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The Windows kernel improperly initializes objects in memory.\n\n - The way that the Windows Kernel handles objects in memory.\n\n - Windows fails to properly validate input before loading type libraries.\n\n - An unspecified error in Windows COM Aggregate Marshaler.\");\n\n script_tag(name:\"impact\", value:\"An attacker who successfully exploited the\n vulnerability can elevate their privilege level, can lead to denial of\n service condition, could obtain information to further compromise the users\n system and run arbitrary code with elevated privileges.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4018556\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nif(!asVer = fetch_file_version(sysPath:sysPath, file_name:\"Ole32.dll\")){\n exit(0);\n}\n\nif(version_is_less(version:asVer, test_version:\"6.0.6002.19773\"))\n{\n Vulnerable_range = \"Less than 6.0.6002.19773\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:asVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.24088\"))\n{\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.24088\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\Ole32.dll\" + '\\n' +\n 'File version: ' + asVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:47:45", "description": "This host is missing an important security\n update according to Microsoft security update KB4019204.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows 'Win32k.sys' Multiple Vulnerabilities (KB4019204)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0263", "CVE-2017-0245", "CVE-2017-8552", "CVE-2017-0246"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811028", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows 'Win32k.sys' Multiple Vulnerabilities (KB4019204)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811028\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-0245\", \"CVE-2017-0246\", \"CVE-2017-0263\", \"CVE-2017-8552\");\n script_bugtraq_id(98115, 98108);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 10:30:09 +0530 (Wed, 10 May 2017)\");\n script_name(\"Microsoft Windows 'Win32k.sys' Multiple Vulnerabilities (KB4019204)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft security update KB4019204.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error when the win32k component improperly provides kernel information.\n\n - An error when Windows improperly handles objects in memory.\n\n - An error in Windows when the Windows kernel-mode driver fails to properly\n handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in kernel mode allowing attacker to install programs,\n view, change, or delete data, or create new accounts with full user rights.Also\n an attacker who successfully exploited this vulnerability could run processes\n in an elevated context and can lead to denial of service condition as well.This\n vulnerability also could allow attacker obtain sensitive information to further\n compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows XP SP2 x64\n\n - Microsoft Windows XP SP3 x86\n\n - Microsoft Windows Vista x32/x64 Edition Service Pack 2\n\n - Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4019204\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win2008:3, winVistax64:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nwinVer = fetch_file_version(sysPath:sysPath, file_name:\"Win32k.sys\");\nif(!winVer){\n exit(0);\n}\n\nif(hotfix_check_sp(winVista:3, winVistax64:3, win2008:3, win2008x64:3) > 0)\n{\n if(version_is_less(version:winVer, test_version:\"6.0.6002.19778\"))\n {\n Vulnerable_range = \"Less than 6.0.6002.19778\";\n VULN = TRUE ;\n }\n\n else if(version_in_range(version:winVer, test_version:\"6.0.6002.24000\", test_version2:\"6.0.6002.24094\"))\n {\n Vulnerable_range = \"6.0.6002.24000 - 6.0.6002.24094\";\n VULN = TRUE ;\n }\n\n}\n\nelse if(hotfix_check_sp(xp:4) > 0)\n{\n if(version_is_less(version:winVer, test_version:\"5.1.2600.7258\"))\n {\n Vulnerable_range = \"Less than 5.1.2600.7258\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win2003:3, win2003x64:3, xpx64:3) > 0)\n{\n if(version_is_less(version:winVer, test_version:\"5.2.3790.6080\"))\n {\n Vulnerable_range = \"Less than 5.2.3790.6080\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\Win32k.sys\" + '\\n' +\n 'File version: ' + winVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2023-11-28T09:29:13", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addressed issue that causes the OS to become unresponsive when migrating users from a cloud-based solution to an on-premise desktop running Microsoft Virtual Desktop Infrastructure.\n * Addressed issue with high CPU and RAM usage when accessing .mp4 files larger than 60 GB using Windows Explorer.\n * Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports incompatible with third-party Security Information and Event Management software.\n * Addressed an issue related to establishing a secure connection to a server using the TLS protocol. The application may hang when the server certificate specifies a secure URL (HTTPS) for the Certificate Revocation List (CRL) or for the Authority Information Access (AIA) values within the certificate.\n * Addressed issue where applications that use msado15.dll stop working after installing after installing security update KB4015550.\n * Addressed issue where the BitLocker Drive Encryption wizard shows the \"Choose which encryption mode to use\" page even when the BitLocker GPO is enabled.\n * Addressed an issue where changing your password while not directly connected to the enterprise network, such as with a VPN, will cause your private keys to become inaccessible. Symptoms vary including the inability to encrypt/decrypt or sign documents.\n * Updated Internet Explorer 11\u2019s New Tab Page with an integrated newsfeed.\n * Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See [Advisory 4010323](<https://support.microsoft.com/help/4010323>) for more information.\n * Addressed additional issues with enterprise security, Internet Explorer, and Microsoft Edge.\n * Security updates to Microsoft Edge, Microsoft Scripting Engine, Windows COM, Microsoft Graphics Component, .NET Framework, Windows kernel, Windows SMB Server, Windows Server, and Internet Explorer.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019473>) website.\n\n * **Update replacement information** \nThis update replaces the previously released update KB4015219.\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4019473](<http://download.microsoft.com/download/5/B/2/5B254A79-607E-42C5-8DCF-2A76EFC8B29F/4019473.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019473 (OS Build 10586.916)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0229", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-09T00:00:00", "id": "KB4019473", "href": "https://support.microsoft.com/en-us/help/4019473", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:29:13", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports incompatible with third-party Security Information and Event Management software.\n * Addressed an issue related to establishing a secure connection to a server using the TLS protocol. The application may hang when the server certificate specifies a secure URL (HTTPS) for the Certificate Revocation List (CRL) or for the Authority Information Access (AIA) values within the certificate.\n * Addressed an issue where changing your password while not directly connected to the enterprise network, such as with a VPN, will cause your private keys to become inaccessible. Symptoms vary including the inability to encrypt/decrypt or sign documents. \n * Addressed issue where applications that use msado15.dll stop working after installing security update KB4015550. \n * Addressed issue that prevents Internet Explorer 11 from following redirects when the Include-Referer-Token-Binding-ID header is set to \u201ctrue.\u201d \n * Addressed issue with Microsoft Edge where a memory leak occurs every time you refresh a webpage. \n * Updated Internet Explorer 11\u2019s New Tab Page with an integrated newsfeed. \n * Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See [Advisory 4010323](<https://support.microsoft.com/help/4010323>) for more information.\n * Addressed additional issues with storage file system, Internet Explorer, and the .NET Framework.\n * Security updates to the Microsoft Scripting Engine, Microsoft Edge, Windows COM, Microsoft Graphics Component, .NET Framework, Windows kernel, Windows SMB Server, Windows Server, and Internet Explorer.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019474>) website.\n\n * **Update replacement information** \nThis update replaces the previously released update KB4015221.\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4019474](<http://download.microsoft.com/download/4/4/5/445DFE23-6126-47C8-A84B-25A5D5519C40/4019474.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019474 (OS Build 10240.17394)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0229", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-09T00:00:00", "id": "KB4019474", "href": "https://support.microsoft.com/en-us/help/4019474", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:29:13", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addressed issue where the PC Settings pages do not display the correct options after the installation of KB3213986 and a language pack. \n * Addressed issue where fonts appear differently based on whether an app uses Graphics Device Interface (GDI) or GDI Plus. \n * Addressed issue where applications that use msado15.dll stop working after installing security update KB4015550. \n * Addressed issue that causes a device to become unresponsive when users try to enable end-user-defined characters (EUDCs).\n * Addressed issue that causes a device to crash every time a user logs off from a remote session using a Virtual Desktop Agent (VDA).\n * Addressed issue where changing the scaling setting of the display prevents DPI-aware tools (Notepad, MS Paint, etc.) from accepting input or drawing correctly when using the Japanese IME.\n * Addressed issue that causes Windows Explorer\u2019s CPU usage to be at 20% when an executable file is hosted on a file share and its Offline attribute is set.\n * Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports incompatible with third-party Security Information and Event Management software.\n * Addressed issue where the BitLocker Drive Encryption wizard shows the \"Choose which encryption mode to use\" page even when the BitLocker GPO is enabled.\n * Addressed issue where AppLocker fails to block binaries with revoked certificates.\n * Addressed issue where a virtual machine (VM) loses network connectivity if the VM does not send Address Resolution Protocol packets for five minutes and the VM is connected to a wireless NIC.\n * Addressed issue that causes the loss of a VPN connection when using a computer with an integrated WAN card (cellular card).\n * Addressed issue where multipath I/O did not properly restore service after the check condition \"Illegal request, LUN not available (sense codes 05/25/00)\" occurs.\n * Addressed issue where a Stop 0x27 error occurs after a user provides the domain username and password. \n * Addressed issue where users can create folders on a USB flash drive when \"Deny write access\" is set for Removable Storage Access. \n * Addressed an issue where crash dump generation hangs at 0% on a system with over 750 GB of physical memory and Hyper-V enabled.\n * Addressed an issue with a paging file space leak that leads Windows to a crash, blue screen, or data loss.\n * Addressed issue that prevents access to a website when Automatic Rebind of Renewed Certificate and Directory Service Mapper are enabled.\n * Addressed a crash in Services.exe with the error code \u201c0xc0000374 - A heap has been corrupted,\u201d and requires a system restart.\n * Addressed issue where Windows Defender anti-virus definitions, which are regulated by the network, prevent other updates (LCU, drivers) from being downloaded.\n * Addressed issue where Internet Explorer 11 does not save JavaScript files when exporting to an MHT file.\n * Addressed issue that prevents Internet Explorer 11 from following redirects when the Include-Referer-Token-Binding-ID header is set to \u201ctrue.\u201d\n * Addressed issue that causes users to get logged out from a Web-application intermittently.\n * Updated Internet Explorer 11\u2019s New Tab Page with an integrated newsfeed.\n * Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See [Advisory 4010323](<https://support.microsoft.com/help/4010323>) for more information.\n * Addressed additional issues with the Windows Shell, enterprise security, Datacenter Networking, storage networking, Internet Information Services, Active Directory, clustering, Windows Server, the client platform, and Internet Explorer.\n * Security updates to Windows COM, Windows SMB Server, Windows server, Internet Explorer, and Microsoft Edge.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n## Known issues in this update\n\nSymptom| Workaround \n---|--- \nEnd User Defined Characters (EUDC) may not be visible in some applications.| There is not yet a mitigation for this issue. We are working on a fix and will make it available for download when ready. \nThis security update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected.| Microsoft is working on a resolution and will provide an update in an upcoming release. For more information about this issue, see the following section. \n \n## \n\n__\n\nMore information about the iSCSI issue\n\nWindows Server 2012 R2 and Server 2016 computers that experience disconnections to iSCSI attached targets may show many different symptoms. These include, but are not limited to:\n\n * The operating system stops responding\n * You receive Stop errors (Bugcheck errors) 0x80, 0x111, 0x1C8, 0xE2, 0x161, 0x00, 0xF4, 0xEF, 0xEA, 0x101, 0x133, or 0xDEADDEAD.\n * User log on failures occur together with a \"No Logon Servers Available\" error.\n * Application and service failures occur because of ephemeral port exhaustion.\n * An unusually high number of ephemeral ports are being used by the System process.\n * An unusually high number of threads are being used by the System process.\n**Cause** \n \nThis issue is caused by a locking issue on Windows Server 2012 R2 and Windows Server 2016 RS1 computers, causing connectivity issues to the iSCSI targets. The issue can occur after installing any of the following updates:**Windows Server 2012 R2**Release date| KB| Article title \n---|---|--- \nMay 16, 2017| KB 4015553| April 18, 2017\u2014KB4015553 (Preview of Monthly Rollup) \nMay 9, 2017| KB 4019215| May 9, 2017\u2014KB4019215 (Monthly Rollup) \nMay 9, 2017| KB 4019213| May 9, 2017\u2014KB4019213 (Security-only update) \nApril 18, 2017| KB 4015553| April 18, 2017\u2014KB4015553 (Preview of Monthly Rollup) \nApril 11, 2017| KB 4015550| April 11, 2017\u2014KB4015550 (Monthly Rollup) \nApril 11, 2017| KB 4015547| April 11, 2017\u2014KB4015547 (Security-only update) \nMarch 21, 2017| KB 4012219| March 2017 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 \n**Windows Server 2016 RTM (RS1) **Release date| KB| Article title \n---|---|--- \nMay 16, 2017| KB 4023680| May 26, 2017\u2014KB4023680 (OS Build 14393.1230) \nMay 9, 2017| KB 4019472| May 9, 2017\u2014KB4019472 (OS Build 14393.1198) \nApril 11, 2017| KB 4015217| April 11, 2017\u2014KB4015217 (OS Build 14393.1066 and 14393.1083) \n \n**Verification**\n\n * Verify the version of the following MSISCSI driver on the system: \n \nc:\\windows\\system32\\drivers\\msiscsi.sys \n \nThe version that will expose this behavior is 6.3.9600.18624 for Windows Server 2012 R2 and version 10.0.14393.1066 for Windows Server 2016.\n * The following events are logged in the System log:Event source| ID| Text \n---|---|--- \niScsiPrt| 34| A connection to the target was lost, but the Initiator successfully reconnected to the target. Dump data contains the target name. \niScsiPrt| 39| The Initiator sent a task management command to reset the target. The target name is given in the dump data. \niScsiPrt| 9| Target did not respond in time for a SCSI request. The CDB is given in the dump data. \n * Review the number of threads that are running under the System process, and compare this to a known working baseline.\n * Review the number of handles that are currently opened by the System process, and compare this to a known working baseline.\n * Review the number of ephemeral ports that are being used by the System process.\n * From an administrative Powershell, run the following command: \n \n**Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count** \n \nOr, from an administrative CMD prompt, run the following NETSTAT command together with the \"Q\" switch. This shows \"bound\" ports that are no longer connected: \n \n**NETSTAT \u2013ANOQ ** \n \nFocus on ports that are owned by the SYSTEM process. \n \nFor the three previous points, anything more than 12,000 should be considered suspect. If iSCSI targets are present in the computer, there is high probability that the issue will occur.\n**Resolution** \n \nIf the event logs indicate that many reconnections are occurring, work with your iSCSI and network fabric vendor to help diagnose and correct the reason for the failure to maintain connections to iSCSI targets. Make sure that iSCSI targets can be accessed over the current network fabric. Install updated fixes when they become available. This article will be updated with the specific KB article number of the fix to install when it becomes available. \n \n**Note** We do not recommend that you uninstall any of the March, April, May, or June security rollups. Doing so will expose the computers to known security exploits and other bugs that are mitigated by monthly updates. We recommend that you first work with iSCSI target and network vendors to resolve the connectivity issues that are triggering target reconnects.\n\nHow to get this updateThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019472>) website.\n\n * **Update replacement information** \nThis update replaces the previously released update KB4015217.\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4019472](<http://download.microsoft.com/download/8/0/E/80E2817A-E95F-41D0-A157-19CA7194967D/4019472.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-26T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019472 (OS Build 14393.1198)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0221", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-26T00:00:00", "id": "KB4019472", "href": "https://support.microsoft.com/en-us/help/4019472", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:28:22", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addressed issue with Surface Hub devices waking from sleep approximately every four minutes after the first two hours.\n * Addressed issue where autochk.exe can randomly skip drive checks and not fix corruptions, which may lead to data loss.\n * Addressed an issue where Microsoft Edge users in networking environments that do not fully support the TCP Fast Open standard may have problems connecting to some websites. Users can re-enable TCP Fast Open in **about:flags**.\n * Addressed issues with Arc Touch mouse Bluetooth connectivity.\n * Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, Windows kernel, Windows Server, and the .NET Framework.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4016871>) website. After this update is installed, the build number will be either 15063.296 (for all Windows 10 devices except Mobile and IoT) or 15063.297 (for Mobile and IoT).\n\n * **Update replacement information** \nThis update replaces the previously released update KB4016240.\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4016871](<http://download.microsoft.com/download/C/B/A/CBA6545B-FC81-4562-8292-FD88A91544F7/4016871.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4016871 (OS Build 15063.296 and 15063.297)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0212", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0223", "CVE-2017-0224", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-09T00:00:00", "id": "KB4016871", "href": "https://support.microsoft.com/en-us/help/4016871", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:29:11", "description": "None\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update KB4015553 (released April 18, 2017) and also resolves the following:\n\n * Addressed issue where applications that use msado15.dll stop working after installing after installing security update 4015550\n * Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See [Advisory 4010323](<https://support.microsoft.com/help/4010323>) for more information.\n * Updated Internet Explorer 11\u2019s New Tab Page with an integrated newsfeed.\n * Security updates to Microsoft Graphics Component, Microsoft Windows DNS, Windows COM, Windows Server, Windows kernel, and Internet Explorer.\nFor more information about the security vulnerabilities resolved, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nSymptom| Workaround \n---|--- \nIf the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.| This issue is resolved by [KB4022726](<https://support.microsoft.com/help/4022726>). \nIf a Server 2012 R2 system uses an Intel Xeon (E3 v6) family of processors, installing this update will block downloading and installing future Windows updates.| This issue is resolved by [KB4022726](<https://support.microsoft.com/help/4022726>). \nThis security update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected.| Microsoft is working on a resolution and will provide an update in an upcoming release. For more information about this issue, see the following section. \n \n## \n\n__\n\nMore information about the iSCSI issue\n\nWindows Server 2012 R2 and Server 2016 computers that experience disconnections to iSCSI attached targets may show many different symptoms. These include, but are not limited to:\n\n * The operating system stops responding\n * You receive Stop errors (Bugcheck errors) 0x80, 0x111, 0x1C8, 0xE2, 0x161, 0x00, 0xF4, 0xEF, 0xEA, 0x101, 0x133, or 0xDEADDEAD.\n * User log on failures occur together with a \"No Logon Servers Available\" error.\n * Application and service failures occur because of ephemeral port exhaustion.\n * An unusually high number of ephemeral ports are being used by the System process.\n * An unusually high number of threads are being used by the System process.\n**Cause** \n \nThis issue is caused by a locking issue on Windows Server 2012 R2 and Windows Server 2016 RS1 computers, causing connectivity issues to the iSCSI targets. The issue can occur after installing any of the following updates:**Windows Server 2012 R2**Release date| KB| Article title \n---|---|--- \nMay 16, 2017| KB [4015553](<https://support.microsoft.com/en-us/help/4015553>)| April 18, 2017\u2014KB4015553 (Preview of Monthly Rollup) \nMay 9, 2017| KB [4019215](<https://support.microsoft.com/en-us/help/4019215>)| May 9, 2017\u2014KB4019215 (Monthly Rollup) \nMay 9, 2017| KB [4019213](<https://support.microsoft.com/en-us/help/4019213>)| May 9, 2017\u2014KB4019213 (Security-only update) \nApril 18, 2017| KB [4015553](<https://support.microsoft.com/en-us/help/4015553>)| April 18, 2017\u2014KB4015553 (Preview of Monthly Rollup) \nApril 11, 2017| KB [4015550](<https://support.microsoft.com/en-us/help/4015550>)| April 11, 2017\u2014KB4015550 (Monthly Rollup) \nApril 11, 2017| KB [4015547](<https://support.microsoft.com/en-us/help/4015547>)| April 11, 2017\u2014KB4015547 (Security-only update) \nMarch 21, 2017| KB [4012219](<https://support.microsoft.com/en-us/help/4012219>)| March 2017 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 \n**Windows Server 2016 RTM (RS1) **Release date| KB| Article title \n---|---|--- \nMay 16, 2017| KB [4023680](<https://support.microsoft.com/en-us/help/4023680>)| May 26, 2017\u2014KB4023680 (OS Build 14393.1230) \nMay 9, 2017| KB [4019472](<https://support.microsoft.com/en-us/help/4019472>)| May 9, 2017\u2014KB4019472 (OS Build 14393.1198) \nApril 11, 2017| KB [4015217](<https://support.microsoft.com/en-us/help/4015217>)| April 11, 2017\u2014KB4015217 (OS Build 14393.1066 and 14393.1083) \n \n**Verification**\n\n * Verify the version of the following MSISCSI driver on the system: \n \nc:\\windows\\system32\\drivers\\msiscsi.sys \n \nThe version that will expose this behavior is 6.3.9600.18624 for Windows Server 2012 R2 and version 10.0.14393.1066 for Windows Server 2016.\n * The following events are logged in the System log:Event source| ID| Text \n---|---|--- \niScsiPrt| 34| A connection to the target was lost, but the Initiator successfully reconnected to the target. Dump data contains the target name. \niScsiPrt| 39| The Initiator sent a task management command to reset the target. The target name is given in the dump data. \niScsiPrt| 9| Target did not respond in time for a SCSI request. The CDB is given in the dump data. \n * Review the number of threads that are running under the System process, and compare this to a known working baseline.\n * Review the number of handles that are currently opened by the System process, and compare this to a known working baseline.\n * Review the number of ephemeral ports that are being used by the System process.\n * From an administrative Powershell, run the following command: \n \n**Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count** \n \nOr, from an administrative CMD prompt, run the following NETSTAT command together with the \"Q\" switch. This shows \"bound\" ports that are no longer connected: \n \n**NETSTAT \u2013ANOQ ** \n \nFocus on ports that are owned by the SYSTEM process. \n \nFor the three previous points, anything more than 12,000 should be considered suspect. If iSCSI targets are present in the computer, there is high probability that the issue will occur.\n**Resolution** \n \nIf the event logs indicate that many reconnections are occurring, work with your iSCSI and network fabric vendor to help diagnose and correct the reason for the failure to maintain connections to iSCSI targets. Make sure that iSCSI targets can be accessed over the current network fabric. Install updated fixes when they become available. This article will be updated with the specific KB article number of the fix to install when it becomes available. \n \n**Note** We do not recommend that you uninstall any of the March, April, May, or June security rollups. Doing so will expose the computers to known security exploits and other bugs that are mitigated by monthly updates. We recommend that you first work with iSCSI target and network vendors to resolve the connectivity issues that are triggering target reconnects.\n\nHow to get this updateThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019215>) website.\n\n * **Prerequisites ** \nWindows 8.1 and Windows Server 2012 R2 update: April 2014 (KB2919355) installed.\n * ****File information**** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4019215](<http://download.microsoft.com/download/7/6/D/76D7DE8F-AADC-40F1-97C6-BE81527519FF/4019215.csv>).\nMore Information\n * The security fixes that are listed in this Security Monthly Quality Rollup KB4019215 are also included in the May 2017 Security-Only Quality Update, KB4019213, except for the security fixes for Internet Explorer. Those are instead included in the Cumulative Security Update for Internet Explorer KB4018271. Installing either this May 2017 Security Monthly Quality Rollup or both the May 2017 Security-Only Quality Update and the Cumulative Security Update for Internet Explorer will install the security fixes that are listed here. This Security Monthly Quality Rollup also includes improvements and fixes from previous monthly rollups.\n * If you use update management processes other than Windows Update, and you automatically approve all security update classifications for deployment, May 2017 Security Monthly Quality Rollup KB4019215, May 2017 Security-Only Quality Update KB4019213, and the Cumulative Security Update for Internet Explorer KB4018271 are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-26T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019215 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0238", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-26T00:00:00", "id": "KB4019215", "href": "https://support.microsoft.com/en-us/help/4019215", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:29:11", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication, including in Microsoft Edge and Internet Explorer 11. See [Advisory 4010323](<https://support.microsoft.com/help/4010323>) for more information.\n * Security updates to Microsoft Graphics Component, Microsoft Windows DNS, Windows COM, Windows Server and Windows kernel.\nFor more information about the security vulnerabilities resolved, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nThis security update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected. Microsoft is researching this problem and will post more information in this article when the information becomes available. \nFor more information about this issue, see the following section.\n\n## \n\n__\n\nMore information about the iSCSI issue\n\nWindows Server 2012 R2 and Server 2016 computers that experience disconnections to iSCSI attached targets may show many different symptoms. These include, but are not limited to:\n\n * The operating system stops responding\n * You receive Stop errors (Bugcheck errors) 0x80, 0x111, 0x1C8, 0xE2, 0x161, 0x00, 0xF4, 0xEF, 0xEA, 0x101, 0x133, or 0xDEADDEAD.\n * User log on failures occur together with a \"No Logon Servers Available\" error.\n * Application and service failures occur because of ephemeral port exhaustion.\n * An unusually high number of ephemeral ports are being used by the System process.\n * An unusually high number of threads are being used by the System process.\n**Cause** \n \nThis issue is caused by a locking issue on Windows Server 2012 R2 and Windows Server 2016 RS1 computers, causing connectivity issues to the iSCSI targets. The issue can occur after installing any of the following updates:**Windows Server 2012 R2**Release date| KB| Article title \n---|---|--- \nMay 16, 2017| KB [4015553](<https://support.microsoft.com/en-us/help/4015553>)| April 18, 2017\u2014KB4015553 (Preview of Monthly Rollup) \nMay 9, 2017| KB [4019215](<https://support.microsoft.com/en-us/help/4019215>)| May 9, 2017\u2014KB4019215 (Monthly Rollup) \nMay 9, 2017| KB [4019213](<https://support.microsoft.com/en-us/help/4019213>)| May 9, 2017\u2014KB4019213 (Security-only update) \nApril 18, 2017| KB [4015553](<https://support.microsoft.com/en-us/help/4015553>)| April 18, 2017\u2014KB4015553 (Preview of Monthly Rollup) \nApril 11, 2017| KB [4015550](<https://support.microsoft.com/en-us/help/4015550>)| April 11, 2017\u2014KB4015550 (Monthly Rollup) \nApril 11, 2017| KB [4015547](<https://support.microsoft.com/en-us/help/4015547>)| April 11, 2017\u2014KB4015547 (Security-only update) \nMarch 21, 2017| KB [4012219](<https://support.microsoft.com/en-us/help/4012219>)| March 2017 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 \n**Windows Server 2016 RTM (RS1) **Release date| KB| Article title \n---|---|--- \nMay 16, 2017| KB [4023680](<https://support.microsoft.com/en-us/help/4023680>)| May 26, 2017\u2014KB4023680 (OS Build 14393.1230) \nMay 9, 2017| KB [4019472](<https://support.microsoft.com/en-us/help/4019472>)| May 9, 2017\u2014KB4019472 (OS Build 14393.1198) \nApril 11, 2017| KB [4015217](<https://support.microsoft.com/en-us/help/4015217>)| April 11, 2017\u2014KB4015217 (OS Build 14393.1066 and 14393.1083) \n \n**Verification**\n\n * Verify the version of the following MSISCSI driver on the system: \n \nc:\\windows\\system32\\drivers\\msiscsi.sys \n \nThe version that will expose this behavior is 6.3.9600.18624 for Windows Server 2012 R2 and version 10.0.14393.1066 for Windows Server 2016.\n * The following events are logged in the System log:Event source| ID| Text \n---|---|--- \niScsiPrt| 34| A connection to the target was lost, but the Initiator successfully reconnected to the target. Dump data contains the target name. \niScsiPrt| 39| The Initiator sent a task management command to reset the target. The target name is given in the dump data. \niScsiPrt| 9| Target did not respond in time for a SCSI request. The CDB is given in the dump data. \n * Review the number of threads that are running under the System process, and compare this to a known working baseline.\n * Review the number of handles that are currently opened by the System process, and compare this to a known working baseline.\n * Review the number of ephemeral ports that are being used by the System process.\n * From an administrative Powershell, run the following command: \n \n**Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count** \n \nOr, from an administrative CMD prompt, run the following NETSTAT command together with the \"Q\" switch. This shows \"bound\" ports that are no longer connected: \n \n**NETSTAT \u2013ANOQ ** \n \nFocus on ports that are owned by the SYSTEM process. \n \nFor the three previous points, anything more than 12,000 should be considered suspect. If iSCSI targets are present in the computer, there is high probability that the issue will occur.\n**Resolution** \n \nIf the event logs indicate that many reconnections are occurring, work with your iSCSI and network fabric vendor to help diagnose and correct the reason for the failure to maintain connections to iSCSI targets. Make sure that iSCSI targets can be accessed over the current network fabric. Install updated fixes when they become available. This article will be updated with the specific KB article number of the fix to install when it becomes available. \n \n**Note** We do not recommend that you uninstall any of the March, April, May, or June security rollups. Doing so will expose the computers to known security exploits and other bugs that are mitigated by monthly updates. We recommend that you first work with iSCSI target and network vendors to resolve the connectivity issues that are triggering target reconnects.\n\nHow to get this updateThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019213>) website.\n\n * **Prerequisites** \nTo apply this update, you must have Windows 8.1 and Windows Server 2012 R2 update: April 2014 (KB2919355) installed.\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4019213](<http://download.microsoft.com/download/B/F/E/BFE0248F-716F-4CEF-8312-6AA0B5D69DE5/4019213.csv>).\nMore Information\n * This security-only quality update does not include security fixes for Internet Explorer. In order to obtain the security fixes for Internet Explorer, the Cumulative Security Update for Internet Explorer KB4018271 should also be installed. Note that the Security Monthly Quality Rollup does contain security updates for Internet Explorer.\n * If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, the May 2017 Security-Only Quality Update KB4019213, May 2017 Security Monthly Quality Rollup KB4019215, and the Cumulative Security Update for Internet Explorer KB4018271 are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-26T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019213 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-26T00:00:00", "id": "KB4019213", "href": "https://support.microsoft.com/en-us/help/4019213", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:29:11", "description": "None\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update KB4015554 (released April 18, 2017), and also resolves the following vulnerabilities in Windows:\n\n * Addressed issue in which, after you install security update 4015551, applications that use msado15.dll stop working.\n * Addressed issue in which, after you install [KB3187754](<https://support.microsoft.com/en-us/help/3187754/>), clients can no longer access a file server when using SMB1 and NTLM authentication under certain conditions. No credentials dialog box appears, and the user receives an \u201cA specified logon session does not exist. It may already have been terminated\u201d error message.\n * Security updates to Microsoft Graphics Component, Windows COM, Windows Server, Windows Kernel, Internet Explorer, and Microsoft Windows DNS.\nFor more information about the security vulnerabilities resolved, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019216>) website.\n\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for update KB4019216](<http://download.microsoft.com/download/E/E/5/EE550E34-20C5-43F0-B967-A0236C0883C2/Hotfix package file info for KB 4019216.csv>).\n\n## More Information\n\n * The security fixes that are listed in this Security Monthly Quality Rollup KB4019216 are also included in the May 2017 Security-Only Quality Update KB4019214, except for the security fixes for Internet Explorer. Those are instead included in the Cumulative Security Update for Internet Explorer KB4018271. Installing either this May 2017 Security Monthly Quality Rollup or both the May 2017 Security-Only Quality Update and the Cumulative Security Update for Internet Explorer will install the security fixes that are listed here. This Security Monthly Quality Rollup also includes improvements and fixes from previous monthly rollups.\n * If you use update management processes other than Windows Update, and you automatically approve all security update classifications for deployment, May 2017 Security Monthly Quality Rollup KB4019216, May 2017 Security-Only Quality Update KB4019214, and the Cumulative Security Update for Internet Explorer KB4018271 will be deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019216 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0238", "CVE-2017-0245", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-09T00:00:00", "id": "KB4019216", "href": "https://support.microsoft.com/en-us/help/4019216", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:28:39", "description": "None\n## Summary\n\nAn information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploits this vulnerability could craft a special packet. This could cause an information disclosure from the server. \n \nTo learn more about the vulnerability, go to [the Security Update Guide](<https://portal.msrc.microsoft.com>).\n\n## More Information\n\nImportant \n\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## How to obtain and install the update \n\n### Method 1: Windows Update\n\nThis update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see [Get security updates automatically](<https://www.microsoft.com/en-us/safety/pc-security/updates.aspx>). \n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=4018466>) website. \n\n\n## Deployment information\n\nFor deployment details for this security update, go to the following article in the Microsoft Knowledge Base: \n[Security update deployment information: May 9, 2017](<http://support.microsoft.com/en-us/help/20170509>)\n\n## More Information\n\n## \n\n__\n\nHow to obtain help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>) \n\n\nFile Information\n\n## \n\n__\n\nFile hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows6.0-KB4018466-ia64.msu| C3F75846826AD3992FBC2D7A8C57A85F7F0A397C| 38D980BA623A0AD5695DB70F6CA0B49A9A1069EE304DCF1FF4F4411823EBC0C7 \nWindows6.0-KB4018466-x64.msu| 716403222008343DAD1A9964E1C45787E51A8792| 5DF45753B06958D0DA1FE1E4DF6C74A504D0BA23E5FE005A09DBDA07D18CB448 \nWindows6.0-KB4018466-x86.msu| 33843FD20FDD7D88A77C6AC5BA02145641EDE966| FBC2257442A6ED0351FB677F93A8FB71A2C2BD64B73D23F63D7668D1440D760A \n \n \n**File information** \nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. \n \n**Windows Server 2008 file information** \n\n\n**Note: **The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n## \n\n__\n\nFor all supported ia64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nNetevent.dll.mui| 6.0.6002.19673| 270,336| 03-Aug-2016| 16:57| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 230,912| 03-Aug-2016| 15:36| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 270,848| 03-Aug-2016| 17:01| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 144,384| 03-Aug-2016| 16:49| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 137,216| 03-Aug-2016| 17:04| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 99,840| 03-Aug-2016| 17:00| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 101,376| 03-Aug-2016| 16:55| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 270,336| 07-Apr-2017| 16:51| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 230,912| 07-Apr-2017| 15:22| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 270,848| 07-Apr-2017| 16:42| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 144,384| 07-Apr-2017| 16:54| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 137,216| 07-Apr-2017| 16:49| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 99,840| 07-Apr-2017| 16:53| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 101,376| 07-Apr-2017| 16:45| Not applicable \nNetevent.dll| 6.0.6002.19673| 17,920| 03-Aug-2016| 15:35| IA-64 \nNetevent.dll| 6.0.6002.24089| 17,920| 07-Apr-2017| 15:17| IA-64 \nSrvnet.sys| 6.0.6002.19673| 297,984| 03-Aug-2016| 14:20| IA-64 \nSrvnet.sys| 6.0.6002.24089| 297,984| 07-Apr-2017| 14:21| IA-64 \nSrv.sys| 6.0.6002.19765| 967,168| 07-Apr-2017| 14:21| IA-64 \nSrv.sys| 6.0.6002.24089| 969,216| 07-Apr-2017| 14:22| IA-64 \nSrv2.sys| 6.0.6002.19765| 468,480| 07-Apr-2017| 14:21| IA-64 \nSrv2.sys| 6.0.6002.24089| 474,624| 07-Apr-2017| 14:21| IA-64 \nNetevent.dll.mui| 6.0.6002.19673| 278,528| 03-Aug-2016| 16:20| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 15:44| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 278,528| 03-Aug-2016| 16:19| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 155,648| 03-Aug-2016| 16:38| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 147,456| 03-Aug-2016| 16:31| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 110,592| 03-Aug-2016| 16:39| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 110,592| 03-Aug-2016| 16:27| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 278,528| 07-Apr-2017| 16:20| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 15:26| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 278,528| 07-Apr-2017| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 155,648| 07-Apr-2017| 16:34| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 147,456| 07-Apr-2017| 16:25| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 110,592| 07-Apr-2017| 16:38| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 110,592| 07-Apr-2017| 16:33| Not applicable \nNetevent.dll| 6.0.6002.19673| 17,920| 03-Aug-2016| 15:45| x86 \nNetevent.dll| 6.0.6002.24089| 17,920| 07-Apr-2017| 15:24| x86 \n \n## \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nNetevent.dll.mui| 6.0.6002.19673| 233,984| 03-Aug-2016| 17:08| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 239,104| 03-Aug-2016| 17:08| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 270,336| 03-Aug-2016| 17:06| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 289,792| 03-Aug-2016| 17:03| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 230,912| 03-Aug-2016| 16:23| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 263,168| 03-Aug-2016| 17:04| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 229,376| 03-Aug-2016| 17:05| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 270,848| 03-Aug-2016| 17:08| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 253,440| 03-Aug-2016| 17:10| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 262,144| 03-Aug-2016| 17:11| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 144,384| 03-Aug-2016| 17:15| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 137,216| 03-Aug-2016| 17:07| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 229,376| 03-Aug-2016| 17:16| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 253,952| 03-Aug-2016| 17:09| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 248,320| 03-Aug-2016| 17:02| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 253,440| 03-Aug-2016| 17:09| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 261,120| 03-Aug-2016| 17:12| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 241,152| 03-Aug-2016| 17:11| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 231,936| 03-Aug-2016| 17:10| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 230,912| 03-Aug-2016| 17:12| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 99,840| 03-Aug-2016| 17:08| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 101,376| 03-Aug-2016| 17:12| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 233,984| 07-Apr-2017| 16:47| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 239,104| 07-Apr-2017| 16:47| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 270,336| 07-Apr-2017| 16:55| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 289,792| 07-Apr-2017| 16:56| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 230,912| 07-Apr-2017| 15:45| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 263,168| 07-Apr-2017| 16:58| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 229,376| 07-Apr-2017| 16:56| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 270,848| 07-Apr-2017| 16:47| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 253,440| 07-Apr-2017| 16:49| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 262,144| 07-Apr-2017| 17:02| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 144,384| 07-Apr-2017| 17:01| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 137,216| 07-Apr-2017| 16:53| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 229,376| 07-Apr-2017| 17:01| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 253,952| 07-Apr-2017| 17:01| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 248,320| 07-Apr-2017| 16:48| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 253,440| 07-Apr-2017| 16:56| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 261,120| 07-Apr-2017| 16:58| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,152| 07-Apr-2017| 16:55| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 231,936| 07-Apr-2017| 16:55| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 230,912| 07-Apr-2017| 16:57| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 99,840| 07-Apr-2017| 16:52| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 101,376| 07-Apr-2017| 16:53| Not applicable \nNetevent.dll| 6.0.6002.19673| 17,920| 03-Aug-2016| 16:23| x64 \nNetevent.dll| 6.0.6002.24089| 17,920| 07-Apr-2017| 15:43| x64 \nSrvnet.sys| 6.0.6002.19673| 147,456| 03-Aug-2016| 14:40| x64 \nSrvnet.sys| 6.0.6002.24089| 147,968| 07-Apr-2017| 14:42| x64 \nSrv.sys| 6.0.6002.19765| 446,464| 07-Apr-2017| 14:43| x64 \nSrv.sys| 6.0.6002.24089| 445,440| 07-Apr-2017| 14:42| x64 \nSrv2.sys| 6.0.6002.19765| 176,128| 07-Apr-2017| 14:42| x64 \nSrv2.sys| 6.0.6002.24089| 178,176| 07-Apr-2017| 14:42| x64 \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 16:22| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 249,856| 03-Aug-2016| 16:21| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 278,528| 03-Aug-2016| 16:20| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 299,008| 03-Aug-2016| 16:28| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 15:44| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 274,432| 03-Aug-2016| 16:19| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 237,568| 03-Aug-2016| 16:29| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 278,528| 03-Aug-2016| 16:19| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 262,144| 03-Aug-2016| 16:33| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 270,336| 03-Aug-2016| 16:40| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 155,648| 03-Aug-2016| 16:38| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 147,456| 03-Aug-2016| 16:31| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 237,568| 03-Aug-2016| 16:27| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 262,144| 03-Aug-2016| 16:39| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 258,048| 03-Aug-2016| 16:40| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 262,144| 03-Aug-2016| 16:40| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 270,336| 03-Aug-2016| 16:32| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 249,856| 03-Aug-2016| 16:33| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 110,592| 03-Aug-2016| 16:39| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 110,592| 03-Aug-2016| 16:27| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 16:38| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 249,856| 07-Apr-2017| 16:22| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 278,528| 07-Apr-2017| 16:20| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 299,008| 07-Apr-2017| 16:19| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 15:26| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 274,432| 07-Apr-2017| 16:36| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 237,568| 07-Apr-2017| 16:34| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 278,528| 07-Apr-2017| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 262,144| 07-Apr-2017| 16:29| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 270,336| 07-Apr-2017| 16:30| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 155,648| 07-Apr-2017| 16:34| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 147,456| 07-Apr-2017| 16:25| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 237,568| 07-Apr-2017| 16:21| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 262,144| 07-Apr-2017| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 258,048| 07-Apr-2017| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 262,144| 07-Apr-2017| 16:44| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 270,336| 07-Apr-2017| 16:42| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 249,856| 07-Apr-2017| 16:39| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 16:30| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 16:22| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 110,592| 07-Apr-2017| 16:38| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 110,592| 07-Apr-2017| 16:33| Not applicable \nNetevent.dll| 6.0.6002.19673| 17,920| 03-Aug-2016| 15:45| x86 \nNetevent.dll| 6.0.6002.24089| 17,920| 07-Apr-2017| 15:24| x86 \n \n## \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 16:22| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 249,856| 03-Aug-2016| 16:21| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 278,528| 03-Aug-2016| 16:20| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 299,008| 03-Aug-2016| 16:28| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 15:44| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 274,432| 03-Aug-2016| 16:19| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 237,568| 03-Aug-2016| 16:29| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 278,528| 03-Aug-2016| 16:19| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 262,144| 03-Aug-2016| 16:33| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 270,336| 03-Aug-2016| 16:40| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 155,648| 03-Aug-2016| 16:38| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 147,456| 03-Aug-2016| 16:31| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 237,568| 03-Aug-2016| 16:27| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 262,144| 03-Aug-2016| 16:39| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 258,048| 03-Aug-2016| 16:40| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 262,144| 03-Aug-2016| 16:40| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 270,336| 03-Aug-2016| 16:32| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 249,856| 03-Aug-2016| 16:33| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 241,664| 03-Aug-2016| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 110,592| 03-Aug-2016| 16:39| Not applicable \nNetevent.dll.mui| 6.0.6002.19673| 110,592| 03-Aug-2016| 16:27| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 16:38| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 249,856| 07-Apr-2017| 16:22| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 278,528| 07-Apr-2017| 16:20| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 299,008| 07-Apr-2017| 16:19| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 15:26| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 274,432| 07-Apr-2017| 16:36| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 237,568| 07-Apr-2017| 16:34| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 278,528| 07-Apr-2017| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 262,144| 07-Apr-2017| 16:29| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 270,336| 07-Apr-2017| 16:30| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 155,648| 07-Apr-2017| 16:34| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 147,456| 07-Apr-2017| 16:25| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 237,568| 07-Apr-2017| 16:21| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 262,144| 07-Apr-2017| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 258,048| 07-Apr-2017| 16:35| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 262,144| 07-Apr-2017| 16:44| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 270,336| 07-Apr-2017| 16:42| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 249,856| 07-Apr-2017| 16:39| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 16:30| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 241,664| 07-Apr-2017| 16:22| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 110,592| 07-Apr-2017| 16:38| Not applicable \nNetevent.dll.mui| 6.0.6002.24089| 110,592| 07-Apr-2017| 16:33| Not applicable \nNetevent.dll| 6.0.6002.19673| 17,920| 03-Aug-2016| 15:45| x86 \nNetevent.dll| 6.0.6002.24089| 17,920| 07-Apr-2017| 15:24| x86 \nSrvnet.sys| 6.0.6002.19673| 103,936| 03-Aug-2016| 14:20| x86 \nSrvnet.sys| 6.0.6002.24089| 103,936| 07-Apr-2017| 14:22| x86 \nSrv.sys| 6.0.6002.19765| 305,152| 07-Apr-2017| 14:19| x86 \nSrv.sys| 6.0.6002.24089| 305,152| 07-Apr-2017| 14:22| x86 \nSrv2.sys| 6.0.6002.19765| 146,432| 07-Apr-2017| 14:19| x86 \nSrv2.sys| 6.0.6002.24089| 148,480| 07-Apr-2017| 14:22| x86\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "Security update for the Windows SMB Information Disclosure Vulnerability in Windows Server 2008: May 9, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-09T00:00:00", "id": "KB4018466", "href": "https://support.microsoft.com/en-us/help/4018466", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:29:11", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Security updates to Microsoft Graphics Component, Windows COM, Windows Server, Windows Kernel and Microsoft Windows DNS.\nFor more information about the security vulnerabilities resolved, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update. \n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019214>) website.\n\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for update KB4019214](<http://download.microsoft.com/download/E/9/5/E9550DB7-A799-49F5-AD1D-A3D8EF04D86A/4019214.csv>).\n\n## More Information\n\n * This Security-Only Quality Update does not include security fixes for Internet Explorer. In order to obtain the security fixes for Internet Explorer, the Cumulative Security Update for Internet Explorer KB4018271 should also be installed. Note that the Security Monthly Quality Rollup does contain security updates for Internet Explorer.\n * If you use update management processes other than Windows Update, and you automatically approve all security updates classifications for deployment, this May 2017 Security-Only Quality Update KB4019214, April 2017 Security Monthly Quality Rollup KB4019216, and the Cumulative Security Update for Internet Explorer KB4018271 are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019214 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0245", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-09T00:00:00", "id": "KB4019214", "href": "https://support.microsoft.com/en-us/help/4019214", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:29:13", "description": "None\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update [KB4015552](<https://support.microsoft.com/help/4015552>) (released April 18, 2017) and also resolves the following:\n\n * Addressed issue where, after installing security update KB4015549, applications that use msado15.dll stop working.\n * Updated Internet Explorer 11\u2019s New Tab Page with an integrated newsfeed.\n * Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See [Advisory 4010323](<https://support.microsoft.com/help/4010323>) for more information.\n * Security updates to Internet Explorer, Microsoft Graphics Component, Windows COM, Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS.\nFor more information about the security vulnerabilities resolved, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nSymptom| Workaround \n---|--- \nIf the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.| This issue is resolved by [KB4022719](<https://support.microsoft.com/help/4022719>). \n \n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019264>) website.\n\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4019264](<http://download.microsoft.com/download/E/1/A/E1ACF334-4DD0-479F-8323-A2E4FE6E33BF/4019264.csv>).\n\n## More Information\n\n * The security fixes that are listed in this Security Monthly Quality Rollup KB4019264 are also included in the May 2017 Security-Only Quality Update, KB4019263, except for the security fixes for Internet Explorer. Those are instead included in the Cumulative Security Update for Internet Explorer KB4018271. Installing either this May 2017 Security Monthly Quality Rollup or both the May 2017 Security-Only Quality Update and the Cumulative Security Update for Internet Explorer will install the security fixes that are listed here. This Security Monthly Quality Rollup also includes improvements and fixes from previous monthly rollups.\n * If you use update management processes other than Windows Update, and you automatically approve all security update classifications for deployment, May 2017 Security Monthly Quality Rollup KB4019264, May 2017 Security-Only Quality Update KB4019263, and the Cumulative Security Update for Internet Explorer KB4018271 will be deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019264 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0175", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0222", "CVE-2017-0231", "CVE-2017-0242", "CVE-2017-0244", "CVE-2017-0245", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-09T00:00:00", "id": "KB4019264", "href": "https://support.microsoft.com/en-us/help/4019264", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:29:12", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication, including in Microsoft Edge and Internet Explorer 11 . See [Advisory 4010323](<https://support.microsoft.com/help/4010323>) for more information.\n * Security updates to Microsoft Graphics Component, Windows COM, Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS.\nFor more information about the security vulnerabilities resolved, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nSymptom| Workaround \n---|--- \nIf the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.| This issue is resovled by [KB4022722](<https://support.microsoft.com/help/4022722>). \n \n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4019263>) website.\n\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4019263](<http://download.microsoft.com/download/8/A/1/8A1866D7-D539-42D2-A928-68C91B87BC49/4019263.csv>).\n\n## More Information\n\n * This Security-Only Quality Update does not include security fixes for Internet Explorer. To obtain the security fixes for Internet Explorer, Cumulative Security Update for Internet Explorer KB4018271 should also be installed. Note that the Security Monthly Quality Rollup does contain security updates for Internet Explorer.\n * If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, this May 2017 Security-Only Quality Update KB4019263, the May 2017 Security Monthly Quality Rollup KB4018271, and the Cumulative Security Update for Internet Explorer KB4014661 are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4019263 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0175", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0242", "CVE-2017-0244", "CVE-2017-0245", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2017-05-09T00:00:00", "id": "KB4019263", "href": "https://support.microsoft.com/en-us/help/4019263", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:28:23", "description": "None\n## Summary\n\nThis security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-US/security-guidance/>). Additionally, see the following articles for more information about this cumulative update:\n\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history>)\n * [Windows 10 and Windows Server 2016 update history](<https://support.microsoft.com/en-us/help/4000825/windows-10-and-windows-server-2016-update-history>)\n**Important**\n\n * The fixes included in this Security Update for Internet Explorer 4018271 are also included in the May 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are resolved in this update.\n * If you use update management processes other than Windows Update, and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer 4018271, the May 2017 Security Only Quality Update, and the May 2017 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.\n * This Security Update for Internet Explorer is not applicable for installation on a computer where the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from May 2017 (or a later month) is already installed. This is because those updates contain all fixes in this Security Update for Internet Explorer.\nIf you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Deployment information\n\nFor deployment details for this security update, go to the following article in the Microsoft Knowledge Base:Security update deployment information: May 9, 2017\n\n## How to get and install the update \n\n### Method 1: Microsoft Update\n\nThis update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically.For more information about how to get security updates automatically, see [Windows Update: FAQ](<http://support.microsoft.com/en-us/help/12373/windows-update-faq>). \n \nNote For Windows RT and Windows RT 8.1, this update is available through Microsoft Update only.\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4018271>) website.\n\n## More Information\n\n## \n\n__\n\nHow to get help and support for this security update\n\nHelp for installing updates: [Windows Update: FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>)\n\nFile informationFor a list of the files that are provided in this cumulative update, download the [file information for cumulative update 4018271](<http://download.microsoft.com/download/4/0/9/4094F6C8-B16F-4AFE-81D6-58379CDCE2C3/4018271.csv>).\n\n## \n\n__\n\nFile hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows8.1-KB4018271-x86.msu| 9471B6EC61AFFFF81FF75591A8CDFF42F088DED2| 96833D33DE2A617416C3C81DAE8B9A93C73052418E41FBA3182E54850D836F3D \nWindows8.1-KB4018271-x64.msu| 73D231B6564968233D4E55D9B6B14077A3041AEF| C229DF805CE8B6F6A6A9FC2F839498C8665065284349AC5193F3F0C079AE17E3 \nIE11-Windows6.1-KB4018271-X64.msu| 7C8D8BEB9999D65C8DB17001C697E82A9A0BB1D1| E899AE1A2FBD41D2D5A0B3005BA2E6CB39795F47F64857F5F5C283B41DCA6476 \nIE11-Windows6.1-KB4018271-X86.msu| 3EB0C93394FCA87F3DE52AE200A57E1770E741D6| 63178E14811DEE09174D996FCC7859E25C6C1B43957A8DCB8621F78CF2B69B89\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "Cumulative security update for Internet Explorer: May 9, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0238"], "modified": "2017-05-09T00:00:00", "id": "KB4018271", "href": "https://support.microsoft.com/en-us/help/4018271", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:28:41", "description": "None\n## Summary\n\nAn elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploits the vulnerability could run arbitrary code with elevated privileges. \n \nTo learn more about the vulnerability, go to [the Security Update Guide](<https://portal.msrc.microsoft.com>).\n\n## More Information\n\nImportant\n\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## How to obtain and install the update \n\n### Method 1: Windows Update\n\nThis update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see [Get security updates automatically](<https://www.microsoft.com/en-us/safety/pc-security/updates.aspx>). \n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=4018556>) website. \n\n\n## Deployment information\n\nFor deployment details for this security update, go to the following article in the Microsoft Knowledge Base: \n[Security update deployment information: May 9, 2017](<http://support.microsoft.com/en-us/help/20170509>)\n\n## More Information\n\n## \n\n__\n\nHow to obtain help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>) \n\n\nFile Information\n\n## \n\n__\n\nFile hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows6.0-KB4018556-ia64.msu| 78887F2993AED4D8DCEBA958A362134E40F5B116| 8996176D602E9F25899C25CCD9052404F3CCB02FBC265BB38D4A29DFA6A61B2C \nWindows6.0-KB4018556-x64.msu| 4728E8EAC4BD21D2F037349A59540EF40888177D| F399A7F1A58A299C10C72E206665CD23C0182E339F128A4E3835D6DC0ADF3546 \nWindows6.0-KB4018556-x86.msu| 7766800F74B02A4062E52BE4F39B4BB1C17E9849| 254A546922E4052BC2DD0036C67AABED643E6A2F8182C1D1663C9F1582DE1EA6 \n \n \n**File information** \nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. \n \n**Windows Server 2008 file information** \n\n\n**Note: **The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n## \n\n__\n\nFor all supported ia64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform**| **Service branch** \n---|---|---|---|---|---|--- \nAdvapi32.dll.mui| 6.0.6002.19598| 373,760| 06-Feb-2016| 03:25| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 255,488| 06-Feb-2016| 01:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,536| 06-Feb-2016| 03:04| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 352,768| 06-Feb-2016| 04:03| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 349,696| 06-Feb-2016| 03:43| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 346,624| 06-Feb-2016| 04:20| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 338,944| 06-Feb-2016| 03:21| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 373,760| 07-Apr-2017| 16:55| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 255,488| 07-Apr-2017| 15:25| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,536| 07-Apr-2017| 16:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 352,768| 07-Apr-2017| 17:00| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 349,696| 07-Apr-2017| 16:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 346,624| 07-Apr-2017| 16:56| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 338,944| 07-Apr-2017| 16:49| Not applicable| Not applicable \nAdvapi32.dll| 6.0.6002.19598| 1,964,544| 06-Feb-2016| 01:39| IA-64| Not applicable \nAdvapi32.dll| 6.0.6002.24089| 1,963,520| 07-Apr-2017| 15:16| IA-64| Not applicable \nOle32.dll| 6.0.6002.19773| 4,193,792| 14-Apr-2017| 20:16| IA-64| IA64_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll| 6.0.6002.24089| 4,188,160| 07-Apr-2017| 15:17| IA-64| IA64_MICROSOFT-WINDOWS-COM-BASE-QFE \nRpcss.dll| 6.0.6002.19773| 1,216,000| 14-Apr-2017| 20:16| IA-64| IA64_MICROSOFT-WINDOWS-COM-BASE-QFE \nRpcss.dll| 6.0.6002.24089| 1,220,096| 07-Apr-2017| 15:17| IA-64| IA64_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll.mui| 6.0.6001.18000| 3,072| 19-Jan-2008| 08:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 23,040| 14-Apr-2017| 21:45| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6001.18000| 3,072| 19-Jan-2008| 08:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 20:18| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6001.18000| 3,072| 19-Jan-2008| 08:16| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,064| 14-Apr-2017| 21:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6001.18000| 3,072| 19-Jan-2008| 08:13| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 13,824| 14-Apr-2017| 21:41| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6001.18000| 3,072| 19-Jan-2008| 13:57| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 12,800| 14-Apr-2017| 21:49| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6001.18000| 3,072| 19-Jan-2008| 13:57| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 9,728| 14-Apr-2017| 21:52| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6001.18000| 3,072| 19-Jan-2008| 13:57| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 9,728| 14-Apr-2017| 21:56| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:49| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 23,040| 07-Apr-2017| 16:53| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 15:20| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 15:23| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:40| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,064| 07-Apr-2017| 16:45| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:54| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 13,824| 07-Apr-2017| 16:55| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:47| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 12,800| 07-Apr-2017| 16:51| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:52| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 9,728| 07-Apr-2017| 16:55| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:42| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 9,728| 07-Apr-2017| 16:46| Not applicable| Not applicable \nComcat.dll| 6.0.6001.18000| 13,312| 19-Jan-2008| 08:26| IA-64| Not applicable \nOleres.dll| 6.0.6002.19773| 23,552| 14-Apr-2017| 19:05| IA-64| Not applicable \nComcat.dll| 6.0.6002.24089| 13,312| 07-Apr-2017| 15:16| IA-64| Not applicable \nOleres.dll| 6.0.6002.24089| 23,552| 07-Apr-2017| 14:36| IA-64| Not applicable \nCsrsrv.dll| 6.0.6002.19680| 145,920| 12-Aug-2016| 18:54| IA-64| Not applicable \nCsrsrv.dll| 6.0.6002.24089| 150,016| 07-Apr-2017| 15:16| IA-64| Not applicable \nKernel32.dll| 6.0.6002.19623| 2,191,360| 18-Mar-2016| 16:33| Not applicable| Not applicable \nKernel32.dll| 6.0.6002.24089| 2,193,920| 07-Apr-2017| 15:16| IA-64| Not applicable \nNtdll.dll| 6.0.6002.19623| 2,575,672| 21-Mar-2016| 22:52| IA-64| Not applicable \nNtdll.dll| 6.0.6002.24089| 2,552,048| 11-Apr-2017| 04:03| IA-64| Not applicable \nOleaut32.dll| 6.0.6002.19773| 2,023,424| 14-Apr-2017| 20:16| IA-64| Not applicable \nOleaut32.dll| 6.0.6002.24089| 2,025,472| 07-Apr-2017| 15:17| IA-64| Not applicable \nNtoskrnl.exe| 6.0.6002.19764| 9,484,008| 06-Apr-2017| 15:57| IA-64| Not applicable \nNtoskrnl.exe| 6.0.6002.24089| 9,469,672| 07-Apr-2017| 15:44| IA-64| Not applicable \nRpcrt4.dll| 6.0.6002.19598| 3,298,816| 06-Feb-2016| 01:41| IA-64| Not applicable \nRpcrt4.dll| 6.0.6002.24089| 3,289,088| 07-Apr-2017| 15:17| IA-64| Not applicable \nSmss.exe| 6.0.6002.19598| 159,232| 06-Feb-2016| 00:36| IA-64| Not applicable \nSmss.exe| 6.0.6002.24089| 159,232| 07-Apr-2017| 14:22| IA-64| Not applicable \nIa32exec.bin| 6.5.6524.0| 8,262,048| 07-May-2014| 23:57| Not applicable| IA64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.19598| 27,648| 06-Feb-2016| 01:41| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64.dll| 6.0.6002.19598| 524,288| 06-Feb-2016| 01:42| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64cpu.dll| 6.0.6002.19598| 43,008| 06-Feb-2016| 01:42| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64win.dll| 6.0.6002.19598| 617,984| 06-Feb-2016| 01:42| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWowia32x.dll| 6.5.6563.0| 88,576| 06-Feb-2016| 01:42| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nIa32exec.bin| 6.5.6524.0| 8,262,048| 07-Mar-2016| 23:41| Not applicable| IA64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.24089| 27,648| 07-Apr-2017| 15:17| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64.dll| 6.0.6002.24089| 524,288| 07-Apr-2017| 15:18| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64cpu.dll| 6.0.6002.24089| 43,008| 07-Apr-2017| 15:18| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWow64win.dll| 6.0.6002.24089| 617,984| 07-Apr-2017| 15:18| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nWowia32x.dll| 6.5.6563.0| 88,576| 07-Apr-2017| 15:18| IA-64| IA64_MICROSOFT-WINDOWS-WOW \nComcat.dll| 6.0.6000.16386| 7,168| 02-Nov-2006| 09:46| x86| Not applicable \nOleres.dll| 6.0.6002.19773| 23,552| 14-Apr-2017| 19:01| x86| Not applicable \nComcat.dll| 6.0.6002.24089| 7,168| 07-Apr-2017| 15:23| x86| Not applicable \nOleres.dll| 6.0.6002.24089| 23,552| 07-Apr-2017| 14:31| x86| Not applicable \nKernel32.dll| 6.0.6002.19623| 861,696| 18-Mar-2016| 17:10| x86| Not applicable \nKernel32.dll| 6.0.6002.24089| 862,720| 07-Apr-2017| 15:25| x86| Not applicable \nNtdll.dll| 6.0.6002.19623| 1,171,488| 21-Mar-2016| 22:52| x86| Not applicable \nNtdll.dll| 6.0.6002.24089| 1,167,880| 11-Apr-2017| 04:03| x86| Not applicable \nOleaut32.dll| 6.0.6002.19773| 574,464| 14-Apr-2017| 20:31| x86| Not applicable \nOleaut32.dll| 6.0.6002.24089| 574,464| 07-Apr-2017| 15:24| x86| Not applicable \nRpcrt4.dll| 6.0.6002.19598| 679,424| 06-Feb-2016| 02:12| x86| Not applicable \nRpcrt4.dll| 6.0.6002.24089| 678,912| 07-Apr-2017| 15:25| x86| Not applicable \nAcwow64.dll| 6.0.6002.19598| 43,008| 06-Feb-2016| 02:11| x86| WOW64_MICROSOFT-WINDOWS-WOW \nInstnm.exe| 6.0.6002.19598| 7,680| 06-Feb-2016| 00:32| x86| WOW64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.19598| 14,336| 06-Feb-2016| 02:12| x86| WOW64_MICROSOFT-WINDOWS-WOW \nSetup16.exe| 3.1.0.1918| 26,112| 06-Feb-2016| 00:32| x86| WOW64_MICROSOFT-WINDOWS-WOW \nUser.exe| 6.0.6002.19598| 2,560| 06-Feb-2016| 00:32| x86| WOW64_MICROSOFT-WINDOWS-WOW \nWow32.dll| 6.0.6002.19598| 5,120| 06-Feb-2016| 02:12| x86| WOW64_MICROSOFT-WINDOWS-WOW \nAcwow64.dll| 6.0.6002.24089| 43,008| 07-Apr-2017| 15:22| x86| WOW64_MICROSOFT-WINDOWS-WOW \nInstnm.exe| 6.0.6002.24089| 7,680| 07-Apr-2017| 14:22| x86| WOW64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.24089| 14,336| 07-Apr-2017| 15:24| x86| WOW64_MICROSOFT-WINDOWS-WOW \nSetup16.exe| 3.1.0.1918| 26,112| 07-Apr-2017| 14:22| x86| WOW64_MICROSOFT-WINDOWS-WOW \nUser.exe| 6.0.6002.24089| 2,560| 07-Apr-2017| 14:22| x86| WOW64_MICROSOFT-WINDOWS-WOW \nWow32.dll| 6.0.6002.24089| 5,120| 07-Apr-2017| 15:25| x86| WOW64_MICROSOFT-WINDOWS-WOW \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 04:17| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 266,240| 06-Feb-2016| 02:20| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 02:57| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 360,448| 06-Feb-2016| 03:28| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 360,448| 06-Feb-2016| 04:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 356,352| 06-Feb-2016| 03:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 348,160| 06-Feb-2016| 04:33| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:36| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 266,240| 07-Apr-2017| 15:34| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 360,448| 07-Apr-2017| 16:43| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 360,448| 07-Apr-2017| 16:37| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 356,352| 07-Apr-2017| 16:52| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 348,160| 07-Apr-2017| 16:44| Not applicable| Not applicable \nAdvapi32.dll| 6.0.6002.19598| 802,304| 06-Feb-2016| 02:11| x86| Not applicable \nAdvapi32.dll| 6.0.6002.24089| 802,816| 07-Apr-2017| 15:22| x86| Not applicable \nOle32.dll| 6.0.6002.19773| 1,321,472| 14-Apr-2017| 20:31| x86| X86_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll| 6.0.6002.24089| 1,318,912| 07-Apr-2017| 15:24| x86| X86_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:48| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:30| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:50| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 20:31| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 10:43| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:36| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:48| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,576| 14-Apr-2017| 21:19| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 07-Nov-2006| 03:40| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:29| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Nov-2006| 23:23| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:33| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 08-Nov-2006| 07:09| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:22| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 15:25| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 15:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:37| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:32| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,576| 07-Apr-2017| 16:35| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:24| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:34| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:40| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:31| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:35| Not applicable| Not applicable \n \n## \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform**| **Service branch** \n---|---|---|---|---|---|--- \nAdvapi32.dll.mui| 6.0.6002.19598| 371,200| 06-Feb-2016| 04:25| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 379,392| 06-Feb-2016| 04:39| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 376,832| 06-Feb-2016| 04:22| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 373,760| 06-Feb-2016| 04:43| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 04:44| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 255,488| 06-Feb-2016| 02:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 381,952| 06-Feb-2016| 04:02| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 375,808| 06-Feb-2016| 03:20| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,536| 06-Feb-2016| 03:12| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 366,080| 06-Feb-2016| 03:13| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 383,488| 06-Feb-2016| 05:05| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 380,928| 06-Feb-2016| 03:03| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 352,768| 06-Feb-2016| 03:55| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 349,696| 06-Feb-2016| 05:00| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 374,272| 06-Feb-2016| 03:03| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 380,416| 06-Feb-2016| 04:29| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,536| 06-Feb-2016| 03:07| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 379,392| 06-Feb-2016| 04:33| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 379,904| 06-Feb-2016| 04:41| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,536| 06-Feb-2016| 03:18| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 375,296| 06-Feb-2016| 03:14| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 375,296| 06-Feb-2016| 04:00| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 346,624| 06-Feb-2016| 03:37| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 338,944| 06-Feb-2016| 04:19| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 371,200| 07-Apr-2017| 17:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 379,392| 07-Apr-2017| 17:03| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 376,832| 07-Apr-2017| 17:03| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 373,760| 07-Apr-2017| 17:10| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 17:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 255,488| 07-Apr-2017| 15:52| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 381,952| 07-Apr-2017| 17:12| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 375,808| 07-Apr-2017| 17:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,536| 07-Apr-2017| 17:04| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 366,080| 07-Apr-2017| 17:05| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 383,488| 07-Apr-2017| 17:07| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 380,928| 07-Apr-2017| 17:16| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 352,768| 07-Apr-2017| 17:13| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 349,696| 07-Apr-2017| 17:07| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 374,272| 07-Apr-2017| 17:14| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 380,416| 07-Apr-2017| 17:15| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,536| 07-Apr-2017| 17:06| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 379,392| 07-Apr-2017| 17:10| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 379,904| 07-Apr-2017| 17:12| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,536| 07-Apr-2017| 17:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 375,296| 07-Apr-2017| 17:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 375,296| 07-Apr-2017| 17:11| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 346,624| 07-Apr-2017| 17:05| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 338,944| 07-Apr-2017| 17:05| Not applicable| Not applicable \nAdvapi32.dll| 6.0.6002.19598| 1,067,008| 06-Feb-2016| 01:59| x64| Not applicable \nAdvapi32.dll| 6.0.6002.24089| 1,067,520| 07-Apr-2017| 15:42| x64| Not applicable \nOle32.dll| 6.0.6002.19773| 1,910,784| 14-Apr-2017| 20:38| x64| AMD64_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll| 6.0.6002.24089| 1,918,464| 07-Apr-2017| 15:43| x64| AMD64_MICROSOFT-WINDOWS-COM-BASE-QFE \nRpcss.dll| 6.0.6002.19773| 720,896| 14-Apr-2017| 20:38| x64| AMD64_MICROSOFT-WINDOWS-COM-BASE-QFE \nRpcss.dll| 6.0.6002.24089| 722,944| 07-Apr-2017| 15:44| x64| AMD64_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll.mui| 6.0.6000.16386| 3,072| 05-Dec-2006| 03:31| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 16,896| 14-Apr-2017| 21:54| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 08-Jan-2007| 19:56| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 19,968| 14-Apr-2017| 21:50| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 21-Nov-2006| 03:26| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,992| 14-Apr-2017| 21:47| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 02-Nov-2006| 11:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 23,040| 14-Apr-2017| 21:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 05-Jan-2007| 03:30| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,064| 14-Apr-2017| 21:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 02-Nov-2006| 11:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 20:38| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 02-Nov-2006| 12:57| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 22,528| 14-Apr-2017| 21:56| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 27-Nov-2006| 21:46| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 19,968| 14-Apr-2017| 21:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 02-Nov-2006| 12:56| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,064| 14-Apr-2017| 21:55| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 13-Dec-2006| 22:22| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 16,384| 14-Apr-2017| 21:47| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 16-Jan-2007| 03:31| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 22,528| 14-Apr-2017| 21:49| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 05-Nov-2006| 23:23| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 23,552| 14-Apr-2017| 21:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 02-Nov-2006| 11:18| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 13,824| 14-Apr-2017| 21:38| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 07-Nov-2006| 03:51| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 12,800| 14-Apr-2017| 21:44| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 21-Nov-2006| 03:31| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:47| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 02-Nov-2006| 13:10| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 22,016| 14-Apr-2017| 21:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 05-Dec-2006| 03:31| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 22,528| 14-Apr-2017| 21:50| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 05-Nov-2006| 23:06| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 22,016| 14-Apr-2017| 21:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 18-Jan-2007| 03:28| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 22,016| 14-Apr-2017| 21:44| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 09-Nov-2006| 03:33| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:49| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 21-Nov-2006| 03:26| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 19,968| 14-Apr-2017| 21:44| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 05-Jan-2007| 03:35| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 19,456| 14-Apr-2017| 21:47| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 05-Nov-2006| 23:10| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 9,728| 14-Apr-2017| 21:41| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,072| 08-Nov-2006| 07:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 9,728| 14-Apr-2017| 21:52| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:56| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 16,896| 07-Apr-2017| 16:59| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:46| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 19,968| 07-Apr-2017| 16:49| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:46| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,992| 07-Apr-2017| 16:49| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:53| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 23,040| 07-Apr-2017| 16:57| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:54| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,064| 07-Apr-2017| 16:57| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 15:44| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 15:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:56| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 22,528| 07-Apr-2017| 17:00| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:55| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 19,968| 07-Apr-2017| 16:58| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:46| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,064| 07-Apr-2017| 16:49| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:47| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 16,384| 07-Apr-2017| 16:50| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:47| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 22,528| 07-Apr-2017| 16:51| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 17:00| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 23,552| 07-Apr-2017| 17:04| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 17:00| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 13,824| 07-Apr-2017| 17:03| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:52| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 12,800| 07-Apr-2017| 16:55| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 17:00| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 17:03| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:59| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 22,016| 07-Apr-2017| 17:03| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:46| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 22,528| 07-Apr-2017| 16:50| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:55| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 22,016| 07-Apr-2017| 16:58| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:57| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 22,016| 07-Apr-2017| 16:59| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:53| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:56| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:54| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 19,968| 07-Apr-2017| 16:57| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:56| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 19,456| 07-Apr-2017| 16:59| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:49| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 9,728| 07-Apr-2017| 16:54| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,072| 07-Apr-2017| 16:51| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 9,728| 07-Apr-2017| 16:55| Not applicable| Not applicable \nComcat.dll| 6.0.6000.16386| 8,704| 02-Nov-2006| 11:16| x64| Not applicable \nOleres.dll| 6.0.6002.19773| 23,552| 14-Apr-2017| 19:20| x64| Not applicable \nComcat.dll| 6.0.6002.24089| 8,704| 07-Apr-2017| 15:42| x64| Not applicable \nOleres.dll| 6.0.6002.24089| 23,552| 07-Apr-2017| 14:55| x64| Not applicable \nCsrsrv.dll| 6.0.6002.19680| 86,016| 12-Aug-2016| 19:07| x64| Not applicable \nCsrsrv.dll| 6.0.6002.24089| 86,016| 07-Apr-2017| 15:42| x64| Not applicable \nKernel32.dll| 6.0.6002.19623| 1,212,928| 18-Mar-2016| 18:14| x64| Not applicable \nKernel32.dll| 6.0.6002.24089| 1,214,976| 07-Apr-2017| 15:43| x64| Not applicable \nNtdll.dll| 6.0.6002.19623| 1,589,168| 21-Mar-2016| 23:00| x64| Not applicable \nNtdll.dll| 6.0.6002.24089| 1,583,512| 11-Apr-2017| 04:07| x64| Not applicable \nOleaut32.dll| 6.0.6002.19773| 861,696| 14-Apr-2017| 20:38| x64| Not applicable \nOleaut32.dll| 6.0.6002.24089| 862,208| 07-Apr-2017| 15:43| x64| Not applicable \nNtoskrnl.exe| 6.0.6002.19764| 4,693,736| 06-Apr-2017| 16:21| x64| Not applicable \nNtoskrnl.exe| 6.0.6002.24089| 4,665,064| 07-Apr-2017| 15:50| x64| Not applicable \nRpcrt4.dll| 6.0.6002.19598| 1,304,576| 06-Feb-2016| 02:01| x64| Not applicable \nRpcrt4.dll| 6.0.6002.24089| 1,308,160| 07-Apr-2017| 15:44| x64| Not applicable \nSmss.exe| 6.0.6002.19598| 75,264| 06-Feb-2016| 00:48| x64| Not applicable \nSmss.exe| 6.0.6002.24089| 75,776| 07-Apr-2017| 14:43| x64| Not applicable \nNtvdm64.dll| 6.0.6002.19598| 16,896| 06-Feb-2016| 02:01| x64| AMD64_MICROSOFT-WINDOWS-WOW \nWow64.dll| 6.0.6002.19598| 234,496| 06-Feb-2016| 02:02| x64| AMD64_MICROSOFT-WINDOWS-WOW \nWow64cpu.dll| 6.0.6002.19598| 17,408| 06-Feb-2016| 02:02| x64| AMD64_MICROSOFT-WINDOWS-WOW \nWow64win.dll| 6.0.6002.19598| 301,568| 06-Feb-2016| 02:02| x64| AMD64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.24089| 16,896| 07-Apr-2017| 15:43| x64| AMD64_MICROSOFT-WINDOWS-WOW \nWow64.dll| 6.0.6002.24089| 234,496| 07-Apr-2017| 15:44| x64| AMD64_MICROSOFT-WINDOWS-WOW \nWow64cpu.dll| 6.0.6002.24089| 17,408| 07-Apr-2017| 15:44| x64| AMD64_MICROSOFT-WINDOWS-WOW \nWow64win.dll| 6.0.6002.24089| 301,568| 07-Apr-2017| 15:44| x64| AMD64_MICROSOFT-WINDOWS-WOW \nComcat.dll| 6.0.6000.16386| 7,168| 02-Nov-2006| 09:46| x86| Not applicable \nOleres.dll| 6.0.6002.19773| 23,552| 14-Apr-2017| 19:01| x86| Not applicable \nComcat.dll| 6.0.6002.24089| 7,168| 07-Apr-2017| 15:23| x86| Not applicable \nOleres.dll| 6.0.6002.24089| 23,552| 07-Apr-2017| 14:31| x86| Not applicable \nKernel32.dll| 6.0.6002.19623| 861,696| 18-Mar-2016| 17:10| x86| Not applicable \nKernel32.dll| 6.0.6002.24089| 862,720| 07-Apr-2017| 15:25| x86| Not applicable \nNtdll.dll| 6.0.6002.19623| 1,171,488| 21-Mar-2016| 23:00| x86| Not applicable \nNtdll.dll| 6.0.6002.24089| 1,167,880| 11-Apr-2017| 04:07| x86| Not applicable \nOleaut32.dll| 6.0.6002.19773| 574,464| 14-Apr-2017| 20:31| x86| Not applicable \nOleaut32.dll| 6.0.6002.24089| 574,464| 07-Apr-2017| 15:24| x86| Not applicable \nRpcrt4.dll| 6.0.6002.19598| 679,424| 06-Feb-2016| 02:12| x86| Not applicable \nRpcrt4.dll| 6.0.6002.24089| 678,912| 07-Apr-2017| 15:25| x86| Not applicable \nAcwow64.dll| 6.0.6002.19598| 43,008| 06-Feb-2016| 02:11| x86| WOW64_MICROSOFT-WINDOWS-WOW \nInstnm.exe| 6.0.6002.19598| 7,680| 06-Feb-2016| 00:32| x86| WOW64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.19598| 14,336| 06-Feb-2016| 02:12| x86| WOW64_MICROSOFT-WINDOWS-WOW \nSetup16.exe| 3.1.0.1918| 26,112| 06-Feb-2016| 00:32| x86| WOW64_MICROSOFT-WINDOWS-WOW \nUser.exe| 6.0.6002.19598| 2,560| 06-Feb-2016| 00:32| x86| WOW64_MICROSOFT-WINDOWS-WOW \nWow32.dll| 6.0.6002.19598| 5,120| 06-Feb-2016| 02:12| x86| WOW64_MICROSOFT-WINDOWS-WOW \nAcwow64.dll| 6.0.6002.24089| 43,008| 07-Apr-2017| 15:22| x86| WOW64_MICROSOFT-WINDOWS-WOW \nInstnm.exe| 6.0.6002.24089| 7,680| 07-Apr-2017| 14:22| x86| WOW64_MICROSOFT-WINDOWS-WOW \nNtvdm64.dll| 6.0.6002.24089| 14,336| 07-Apr-2017| 15:24| x86| WOW64_MICROSOFT-WINDOWS-WOW \nSetup16.exe| 3.1.0.1918| 26,112| 07-Apr-2017| 14:22| x86| WOW64_MICROSOFT-WINDOWS-WOW \nUser.exe| 6.0.6002.24089| 2,560| 07-Apr-2017| 14:22| x86| WOW64_MICROSOFT-WINDOWS-WOW \nWow32.dll| 6.0.6002.24089| 5,120| 07-Apr-2017| 15:25| x86| WOW64_MICROSOFT-WINDOWS-WOW \nAdvapi32.dll.mui| 6.0.6002.19598| 380,928| 06-Feb-2016| 02:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 04:12| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 04:00| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 04:17| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 401,408| 06-Feb-2016| 04:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 266,240| 06-Feb-2016| 02:20| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 03:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 04:03| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 02:57| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 376,832| 06-Feb-2016| 04:06| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 03:59| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 03:00| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 360,448| 06-Feb-2016| 03:28| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 360,448| 06-Feb-2016| 04:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 02:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 03:06| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 03:04| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 04:14| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 04:37| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 04:58| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 03:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 03:11| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 356,352| 06-Feb-2016| 03:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 348,160| 06-Feb-2016| 04:33| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 380,928| 07-Apr-2017| 16:39| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:49| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:39| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:36| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 401,408| 07-Apr-2017| 16:34| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 266,240| 07-Apr-2017| 15:34| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:46| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 376,832| 07-Apr-2017| 16:29| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:42| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:43| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 360,448| 07-Apr-2017| 16:43| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 360,448| 07-Apr-2017| 16:37| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:36| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:45| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:47| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:59| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:58| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:57| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:51| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:37| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 356,352| 07-Apr-2017| 16:52| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 348,160| 07-Apr-2017| 16:44| Not applicable| Not applicable \nAdvapi32.dll| 6.0.6002.19598| 802,304| 06-Feb-2016| 02:11| x86| Not applicable \nAdvapi32.dll| 6.0.6002.24089| 802,816| 07-Apr-2017| 15:22| x86| Not applicable \nOle32.dll| 6.0.6002.19773| 1,321,472| 14-Apr-2017| 20:31| x86| X86_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll| 6.0.6002.24089| 1,318,912| 07-Apr-2017| 15:24| x86| X86_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Dec-2006| 03:28| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,576| 14-Apr-2017| 21:30| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 08-Jan-2007| 19:48| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:33| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 21-Nov-2006| 03:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:34| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:48| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:30| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Jan-2007| 03:25| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:34| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:50| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 20:31| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 10:43| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:34| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 27-Nov-2006| 21:37| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:29| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 10:43| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:36| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 13-Dec-2006| 22:22| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,576| 14-Apr-2017| 21:21| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 16-Jan-2007| 03:26| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:22| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Nov-2006| 23:28| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:21| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:48| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,576| 14-Apr-2017| 21:19| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 07-Nov-2006| 03:40| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:29| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 21-Nov-2006| 03:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:24| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 10:52| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:23| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Dec-2006| 03:28| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:24| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Nov-2006| 23:23| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:28| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 18-Jan-2007| 03:20| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:26| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 09-Nov-2006| 03:58| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:31| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 21-Nov-2006| 03:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:28| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Jan-2007| 03:32| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:26| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Nov-2006| 23:23| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:33| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 08-Nov-2006| 07:09| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:21| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,576| 07-Apr-2017| 16:25| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:36| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:39| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:21| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:24| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:22| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:18| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:20| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 15:25| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 15:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:34| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:37| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:36| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:37| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:18| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,576| 07-Apr-2017| 16:20| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:26| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:31| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:32| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:32| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,576| 07-Apr-2017| 16:35| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:24| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:23| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:36| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:34| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:37| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:42| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:39| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:44| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:36| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:42| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:25| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:21| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:24| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:34| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:40| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:31| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:35| Not applicable| Not applicable \n \n## \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform**| **Service branch** \n---|---|---|---|---|---|--- \nAdvapi32.dll.mui| 6.0.6002.19598| 380,928| 06-Feb-2016| 02:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 04:12| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 04:00| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 04:17| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 401,408| 06-Feb-2016| 04:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 266,240| 06-Feb-2016| 02:20| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 03:09| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 04:03| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 02:57| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 376,832| 06-Feb-2016| 04:06| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 03:59| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 03:00| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 360,448| 06-Feb-2016| 03:28| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 360,448| 06-Feb-2016| 04:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 02:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 03:06| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 03:04| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 04:14| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 389,120| 06-Feb-2016| 04:37| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 393,216| 06-Feb-2016| 04:58| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 03:53| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 385,024| 06-Feb-2016| 03:11| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 356,352| 06-Feb-2016| 03:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.19598| 348,160| 06-Feb-2016| 04:33| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 380,928| 07-Apr-2017| 16:39| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:49| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:39| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:36| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 401,408| 07-Apr-2017| 16:34| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 266,240| 07-Apr-2017| 15:34| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:46| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:48| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 376,832| 07-Apr-2017| 16:29| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:42| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:43| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 360,448| 07-Apr-2017| 16:43| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 360,448| 07-Apr-2017| 16:37| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:36| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:45| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:47| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:59| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 389,120| 07-Apr-2017| 16:58| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 393,216| 07-Apr-2017| 16:57| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:51| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 385,024| 07-Apr-2017| 16:37| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 356,352| 07-Apr-2017| 16:52| Not applicable| Not applicable \nAdvapi32.dll.mui| 6.0.6002.24089| 348,160| 07-Apr-2017| 16:44| Not applicable| Not applicable \nAdvapi32.dll| 6.0.6002.19598| 802,304| 06-Feb-2016| 02:11| x86| Not applicable \nAdvapi32.dll| 6.0.6002.24089| 802,816| 07-Apr-2017| 15:22| x86| Not applicable \nOle32.dll| 6.0.6002.19773| 1,321,472| 14-Apr-2017| 20:31| x86| X86_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll| 6.0.6002.24089| 1,318,912| 07-Apr-2017| 15:24| x86| X86_MICROSOFT-WINDOWS-COM-BASE-QFE \nRpcss.dll| 6.0.6002.19773| 551,424| 14-Apr-2017| 20:31| x86| X86_MICROSOFT-WINDOWS-COM-BASE-QFE \nRpcss.dll| 6.0.6002.24089| 554,496| 07-Apr-2017| 15:24| x86| X86_MICROSOFT-WINDOWS-COM-BASE-QFE \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Dec-2006| 03:28| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,576| 14-Apr-2017| 21:30| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 08-Jan-2007| 19:48| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:33| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 21-Nov-2006| 03:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:34| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:48| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:30| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Jan-2007| 03:25| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:34| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:50| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 20:31| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 10:43| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:34| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 27-Nov-2006| 21:37| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:29| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 10:43| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:36| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 13-Dec-2006| 22:22| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,576| 14-Apr-2017| 21:21| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 16-Jan-2007| 03:26| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:22| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Nov-2006| 23:28| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:21| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 09:48| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 24,576| 14-Apr-2017| 21:19| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 07-Nov-2006| 03:40| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:29| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 21-Nov-2006| 03:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:24| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 02-Nov-2006| 10:52| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:23| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Dec-2006| 03:28| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:24| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Nov-2006| 23:23| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:28| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 18-Jan-2007| 03:20| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 32,768| 14-Apr-2017| 21:26| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 09-Nov-2006| 03:58| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:31| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 21-Nov-2006| 03:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:28| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Jan-2007| 03:32| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 28,672| 14-Apr-2017| 21:26| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 05-Nov-2006| 23:23| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:33| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6000.16386| 3,584| 08-Nov-2006| 07:09| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.19773| 20,480| 14-Apr-2017| 21:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:21| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,576| 07-Apr-2017| 16:25| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:36| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:39| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:21| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:24| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:22| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:18| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:20| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 15:25| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 15:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:34| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:37| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:36| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:37| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:18| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,576| 07-Apr-2017| 16:20| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:26| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:31| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:27| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:32| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:32| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 24,576| 07-Apr-2017| 16:35| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:24| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:27| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:19| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:23| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:36| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:34| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:37| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:42| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:46| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:39| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 32,768| 07-Apr-2017| 16:44| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:36| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:42| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:25| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:33| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:21| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 28,672| 07-Apr-2017| 16:24| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:34| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:40| Not applicable| Not applicable \nOle32.dll.mui| 6.0.6002.24089| 3,584| 07-Apr-2017| 16:31| Not applicable| Not applicable \nOleres.dll.mui| 6.0.6002.24089| 20,480| 07-Apr-2017| 16:35| Not applicable| Not applicable \nComcat.dll| 6.0.6000.16386| 7,168| 02-Nov-2006| 09:46| x86| Not applicable \nOleres.dll| 6.0.6002.19773| 23,552| 14-Apr-2017| 19:01| x86| Not applicable \nComcat.dll| 6.0.6002.24089| 7,168| 07-Apr-2017| 15:23| x86| Not applicable \nOleres.dll| 6.0.6002.24089| 23,552| 07-Apr-2017| 14:31| x86| Not applicable \nCsrsrv.dll| 6.0.6002.19680| 49,664| 12-Aug-2016| 18:55| x86| Not applicable \nCsrsrv.dll| 6.0.6002.24089| 49,664| 07-Apr-2017| 15:23| x86| Not applicable \nKernel32.dll| 6.0.6002.19623| 894,976| 18-Mar-2016| 17:09| x86| Not applicable \nKernel32.dll| 6.0.6002.24089| 895,488| 07-Apr-2017| 15:23| x86| Not applicable \nNtdll.dll| 6.0.6002.19623| 1,208,568| 21-Mar-2016| 22:57| x86| Not applicable \nNtdll.dll| 6.0.6002.24089| 1,209,592| 11-Apr-2017| 04:10| x86| Not applicable \nOleaut32.dll| 6.0.6002.19773| 574,464| 14-Apr-2017| 20:31| x86| Not applicable \nOleaut32.dll| 6.0.6002.24089| 574,464| 07-Apr-2017| 15:24| x86| Not applicable \nNtkrnlpa.exe| 6.0.6002.19764| 3,610,856| 06-Apr-2017| 16:06| Not applicable| Not applicable \nNtoskrnl.exe| 6.0.6002.19764| 3,558,120| 06-Apr-2017| 16:06| Not applicable| Not applicable \nNtkrnlpa.exe| 6.0.6002.24089| 3,613,416| 07-Apr-2017| 15:31| Not applicable| Not applicable \nNtoskrnl.exe| 6.0.6002.24089| 3,562,216| 07-Apr-2017| 15:31| Not applicable| Not applicable \nRpcrt4.dll| 6.0.6002.19598| 783,872| 06-Feb-2016| 02:12| x86| Not applicable \nRpcrt4.dll| 6.0.6002.24089| 783,872| 07-Apr-2017| 15:24| x86| Not applicable \nSmss.exe| 6.0.6002.19598| 64,000| 06-Feb-2016| 00:32| x86| Not applicable \nSmss.exe| 6.0.6002.24089| 64,512| 07-Apr-2017| 14:22| x86| Not applicable\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "Security update for the Windows COM Elevation of Privilege Vulnerability in Windows Server 2008: May 9, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0244", "CVE-2017-0258"], "modified": "2017-05-09T00:00:00", "id": "KB4018556", "href": "https://support.microsoft.com/en-us/help/4018556", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:39:51", "description": "<html><body><p>Resolves a vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009.</p><h2>Summary</h2><div class=\"kb-summary-section section\">An elevation of privilege exists in Windows COM Aggregate Marshaler. An elevation of privilege vulnerability exists when Windows does not validate input correctly before it loads type libraries.<br/><br/>To learn more about the vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):<ul class=\"sbody-free_list\"><li><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0213\" id=\"kb-link-2\" target=\"_self\">CVE-2017-0213</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0214\" id=\"kb-link-2\" target=\"_self\">CVE-2017-0214</a></li></ul></div><h2>Fixes that are included in this security update</h2><ul><li>Addresses an issue in which some scanners and serial devices may stop working after security update <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://support.microsoft.com/en-us/help/4074852/security-update-for-vulnerabilities-in-windows-wes09-and-posready-2009\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">4074852</a>\u00a0is applied.</li></ul><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"><h3>Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faqx\" id=\"kb-link-13\" target=\"_self\">Windows Update: FAQ</a>.</div><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3><div class=\"kb-collapsible kb-collapsible-expanded\">To get the stand-alone package for this update, go to the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=4466388\" id=\"kb-link-14\" target=\"_self\">Microsoft Update Catalog</a> website.</div></div><p><strong class=\"sbody-strong\">Important </strong></p><ul class=\"sbody-free_list\"><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</li></ul><h2>More information</h2><h3>Prerequisites</h3><p>There are no prerequisites for installing this update.</p><h3>Restart information</h3><p>You may have to restart the computer after you apply this update.</p><h3>Update replacement information</h3><p>This update doesn't replace a previously released update.</p><h2>More information</h2><div class=\"kb-moreinformation-section section\"><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=\"\"><div class=\"kb-collapsible kb-collapsible-collapsed\"><span>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/en-us/safety/pc-security/updates.aspx\" managed-link=\"\" target=\"_blank\">Protect yourself online</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" target=\"_self\">Microsoft Secure</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" target=\"_self\">International Support</a></span></div><span> </span></td></tr></tbody></table></div><h2>File Information</h2><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>WindowsXP-KB4466388-x86-Embedded-ENU.exe</td><td>A55F6E9011156548AB9722DE332F609B17B415D0</td><td>A742F8B84FF530CC7A0205B629C9677352EA85B258DE020224AC6D9E279A8A02</td></tr></tbody></table></td></tr></tbody></table><p><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.</span><br/><br/><strong>Windows XP</strong></p><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">x86 Windows XP</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">SP requirement</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Kernel32.dll</td><td>5.1.2600.7593</td><td>993,792</td><td>06-Nov-2018</td><td>22:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Ntdll.dll</td><td>5.1.2600.7593</td><td>720,384</td><td>06-Nov-2018</td><td>22:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Ole32.dll</td><td>5.1.2600.7593</td><td>1,299,968</td><td>06-Nov-2018</td><td>06:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Oleaut32.dll</td><td>5.1.2600.7593</td><td>563,200</td><td>06-Nov-2018</td><td>22:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Rpcss.dll</td><td>5.1.2600.7593</td><td>404,480</td><td>06-Nov-2018</td><td>22:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Updspapi.dll</td><td>6.3.13.0</td><td>382,840</td><td>01-Feb-2018</td><td>21:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-13T00:00:00", "type": "mskb", "title": "Description of the security update for the Windows COM elevation of privilege vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: November 13, 2018", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0214", "CVE-2017-0213"], "modified": "2018-11-14T01:06:17", "id": "KB4466388", "href": "https://support.microsoft.com/en-us/help/4466388/", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T09:29:11", "description": "None\n## Summary\n\nAn information disclosure vulnerability exists when the win32k component incorrectly provides kernel information. An attacker who successfully exploits the vulnerability could obtain information to further compromise the user\u2019s system. \n \nTo learn more about the vulnerability, go to [the Security Update Guide](<https://portal.msrc.microsoft.com>).\n\n## More Information\n\nImportant \n\n\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## How to obtain and install the update \n\n### Method 1: Windows Update\n\nThis update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see [Get security updates automatically](<https://www.microsoft.com/en-us/safety/pc-security/updates.aspx>). \n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=4019204>) website. \n\n\n## Deployment information\n\nFor deployment details for this security update, go to the following article in the Microsoft Knowledge Base: \n[Security update deployment information: May 9, 2017](<http://support.microsoft.com/en-us/help/20170509>)\n\n## More Information\n\n## \n\n__\n\nHow to obtain help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>) \n\n\nFile Information\n\n## \n\n__\n\nFile hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows6.0-KB4019204-x64.msu| 6F7B323D9865D8B88CAEB3FC83A8BB74222AFC3F| E44B48BD9F07FA10CC183931D35E89828681A49DF52049AE0D28002337FB87FA \nWindows6.0-KB4019204-ia64.msu| D16A080F7214A81D09FE1781685E84B0E55BBC71| 30D201FE117DFE3924B9E5E4ECBCE2F0E3921E76DD69FFC889DB8F7B78076FC9 \nWindows6.0-KB4019204-x86.msu| 8301605396E05D4B8E2EE38FCB3CD801AD019CCE| 61ED3DBC6DCA600139F6CA77D784B4C8EED77BC6762A1CE209A92642DBE7D23B \n \n \n**File information** \nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. \n \n**Windows Server 2008 file information**\n\n**Note: **The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n## \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nWin32k.sys| 6.0.6002.19778| 2,806,272| 28-Apr-2017| 01:59| x64 \nWin32k.sys| 6.0.6002.24095| 2,808,320| 28-Apr-2017| 02:45| x64 \n \n## \n\n__\n\nFor all supported ia64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nWin32k.sys| 6.0.6002.19778| 6,693,888| 28-Apr-2017| 01:45| IA-64 \nWin32k.sys| 6.0.6002.24095| 6,703,616| 28-Apr-2017| 02:21| IA-64 \n \n## \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nWin32k.sys| 6.0.6002.19778| 2,074,112| 28-Apr-2017| 03:15| x86 \nWin32k.sys| 6.0.6002.24095| 2,082,304| 28-Apr-2017| 03:51| x86\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "Security update for the Windows win32k Information Disclosure Vulnerability in Windows Server 2008: May 9, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0245", "CVE-2017-0246", "CVE-2017-0263"], "modified": "2017-05-09T00:00:00", "id": "KB4019204", "href": "https://support.microsoft.com/en-us/help/4019204", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T09:28:23", "description": "None\n## Summary\n\nA denial of service vulnerability exists in Windows DNS Server if the server is configured to answer version queries. An attacker who successfully exploits this vulnerability could cause the DNS Server service to become unresponsive. \nTo learn more about the vulnerability, go to [the Security Update Guide](<https://portal.msrc.microsoft.com>).\n\n## More Information\n\nImportant \n\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## How to obtain and install the update \n\n### Method 1: Windows Update\n\nThis update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see [Get security updates automatically](<https://www.microsoft.com/en-us/safety/pc-security/updates.aspx>). \n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=4018196>) website. \n\n\n## Deployment information\n\nFor deployment details for this security update, go to the following article in the Microsoft Knowledge Base: \n[Security update deployment information: May 9, 2017](<http://support.microsoft.com/en-us/help/20170509>)\n\n## More Information\n\n## \n\n__\n\nHow to obtain help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>) \n\n\nFile Information\n\n## \n\n__\n\nFile hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows6.0-KB4018196-x64.msu| 9DE300553C1CD0DF9A0E3349DF3F1674D795E4FB| 95371DB51917AB23C180F37D82299845DF4754CFDF41A0F0FFD89B1E88A50069 \nWindows6.0-KB4018196-x86.msu| 6A937C9FA6CF63298282E7CC29BC8EB1EA226616| 3501B601B7FAA785844DD996CC5B4E6A2D10E5793F1AFAF01DA122189E297AEA \n \n \n**File information** \nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. \n \n**Windows Server 2008 file information** \n\n\n**Note: **The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n## \n\n__\n\nFor all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nCache.dns| Not applicable| 3,179| 03-Sep-2008| 18:33| Not applicable \nDns.exe| 6.0.6002.19765| 640,000| 07-Apr-2017| 14:53| x64 \nDnsserver.events.xml| Not applicable| 609| 03-Sep-2008| 18:33| Not applicable \nCache.dns| Not applicable| 3,179| 07-Mar-2016| 23:34| Not applicable \nDns.exe| 6.0.6002.24089| 640,512| 07-Apr-2017| 14:53| x64 \nDnsserver.events.xml| Not applicable| 609| 07-Mar-2016| 23:34| Not applicable \n \n## \n\n__\n\nFor all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nCache.dns| Not applicable| 3,179| 16-Apr-2008| 00:31| Not applicable \nDns.exe| 6.0.6002.19765| 510,976| 07-Apr-2017| 14:27| x86 \nDnsserver.events.xml| Not applicable| 609| 16-Apr-2008| 00:31| Not applicable \nCache.dns| Not applicable| 3,179| 07-Mar-2016| 23:35| Not applicable \nDns.exe| 6.0.6002.24089| 511,488| 07-Apr-2017| 14:30| x86 \nDnsserver.events.xml| Not applicable| 609| 07-Mar-2016| 23:35| Not applicable\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-09T00:00:00", "type": "mskb", "title": "Security update for the Windows DNS Server Denial of Service Vulnerability in Microsoft Windows Server 2008: May 9, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0171"], "modified": "2017-05-09T00:00:00", "id": "KB4018196", "href": "https://support.microsoft.com/en-us/help/4018196", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-12-04T14:43:10", "description": "The remote Windows 10 version 1507 host is missing security update KB4019474. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "KB4019474: Windows 10 Version 1507 May 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_MAY_4019474.NASL", "href": "https://www.tenable.com/plugins/nessus/100061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100061);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0190\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98217,\n 98229,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98281,\n 98298\n );\n script_xref(name:\"MSKB\", value:\"4019474\");\n script_xref(name:\"MSFT\", value:\"MS17-4019474\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4019474: Windows 10 Version 1507 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1507 host is missing security update\nKB4019474. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics Device Interface (GDI) due to improper\n handling of objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4019474/windows-10-update-kb4019474\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01ec841b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4019474.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-0233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkbs = make_list(\n '4019474' # 10 1507\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\n # 10 (1507)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date: \"05_2017\",\n bulletin:bulletin,\n rollup_kb_list:kbs)\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:54:29", "description": "The remote Windows host is missing security update 4019213 or cumulative update 4019215. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "Windows 8.1 and Windows Server 2012 R2 May 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0228", "CVE-2017-0231", "CVE-2017-0238", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_MAY_4019215.NASL", "href": "https://www.tenable.com/plugins/nessus/100057", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100057);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0171\",\n \"CVE-2017-0190\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0228\",\n \"CVE-2017-0231\",\n \"CVE-2017-0238\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98097,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98164,\n 98173,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98298\n );\n script_xref(name:\"MSKB\", value:\"4019215\");\n script_xref(name:\"MSKB\", value:\"4019213\");\n script_xref(name:\"MSFT\", value:\"MS17-4019215\");\n script_xref(name:\"MSFT\", value:\"MS17-4019213\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 May 2017 Security Updates\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4019213\nor cumulative update 4019215. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - A denial of service vulnerability exists in the Windows\n DNS server when it's configured to answer version\n queries. An unauthenticated, remote attacker can exploit\n this, via a malicious DNS query, to cause the DNS server\n to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics Device Interface (GDI) due to improper\n handling of objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4019215/windows-8-update-kb4019215\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09cc032f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4019213 or Cumulative update KB4019215.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkbs = make_list(\n '4019213', # 8.1 / 2012 R2 Security Only\n '4019215' # 8.1 / 2012 R2 Monthly Rollup\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\n# Windows 8.1 / Windows Server 2012 R2\nif ( smb_check_rollup(os:\"6.3\", sp:0, rollup_date: \"05_2017\", bulletin:bulletin, rollup_kb_list:[4019213, 4019215]) )\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:54:27", "description": "The remote Windows 10 version 1511 host is missing security update KB4019473. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "KB4019473: Windows 10 Version 1511 May 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_MAY_4019473.NASL", "href": "https://www.tenable.com/plugins/nessus/100060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100060);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0190\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0266\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98217,\n 98229,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98276,\n 98281,\n 98298\n );\n script_xref(name:\"MSKB\", value:\"4019473\");\n script_xref(name:\"MSFT\", value:\"MS17-4019473\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4019473: Windows 10 Version 1511 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1511 host is missing security update\nKB4019473. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics Device Interface (GDI) due to improper\n handling of objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the\n Microsoft scripting engines due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n crafted web page or open a crafted Office document file,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4019473/windows-10-update-kb4019473\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4763dd01\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4019473.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-0233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkb = make_list(\n '4019473' # 10 1151\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kb, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # 10 (1511)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date: \"05_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4019473))\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:54:47", "description": "The remote Windows 10 version 1703 host is missing security update KB4016871. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0224)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0235)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "KB4016871: Windows 10 Version 1703 May 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0223", "CVE-2017-0224", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_MAY_4016871.NASL", "href": "https://www.tenable.com/plugins/nessus/100055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100055);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0222\",\n \"CVE-2017-0223\",\n \"CVE-2017-0224\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0230\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0235\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0266\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98214,\n 98217,\n 98222,\n 98229,\n 98230,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98276,\n 98281,\n 98452\n );\n script_xref(name:\"MSKB\", value:\"4016871\");\n script_xref(name:\"MSFT\", value:\"MS17-4016871\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4016871: Windows 10 Version 1703 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1703 host is missing security update\nKB4016871. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0224)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0235)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the\n Microsoft scripting engines due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n crafted web page or open a crafted Office document file,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4016871/windows-10-update-kb4016871\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f546dcfb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4016871.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-0223\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkbs = make_list(\n '4016871' # 10 1703 \n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\n # 10 (1703)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date: \"05_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4016871))\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:54:43", "description": "The remote Windows host has Microsoft Server Message Block 1.0 (SMBv1) enabled. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple information disclosure vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of SMBv1 packets. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted SMBv1 packet, to disclose sensitive information. (CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276)\n\n - Multiple denial of service vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted SMB request, to cause the system to stop responding. (CVE-2017-0269, CVE-2017-0273, CVE-2017-0280)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of SMBv1 packets. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted SMBv1 packet, to execute arbitrary code. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279)\n\nDepending on the host's security policy configuration, this plugin cannot always correctly determine if the Windows host is vulnerable if the host is running a later Windows version (i.e., Windows 8.1, 10, 2012, 2012 R2, and 2016) specifically that named pipes and shares are allowed to be accessed remotely and anonymously. Tenable does not recommend this configuration, and the hosts should be checked locally for patches with one of the following plugins, depending on the Windows version : 100054, 100055, 100057, 100059, 100060, or 100061.", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "nessus", "title": "Microsoft Windows SMBv1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "MS17_MAY_SMBV1.NASL", "href": "https://www.tenable.com/plugins/nessus/100464", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100464);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274\n );\n script_xref(name:\"MSKB\", value:\"4016871\");\n script_xref(name:\"MSKB\", value:\"4018466\");\n script_xref(name:\"MSKB\", value:\"4019213\");\n script_xref(name:\"MSKB\", value:\"4019214\");\n script_xref(name:\"MSKB\", value:\"4019215\");\n script_xref(name:\"MSKB\", value:\"4019216\");\n script_xref(name:\"MSKB\", value:\"4019263\");\n script_xref(name:\"MSKB\", value:\"4019264\");\n script_xref(name:\"MSKB\", value:\"4019472\");\n script_xref(name:\"MSKB\", value:\"4019473\");\n script_xref(name:\"MSKB\", value:\"4019474\");\n\n script_name(english:\"Microsoft Windows SMBv1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the response from the SMBv1 server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has Microsoft Server Message Block 1.0 (SMBv1)\nenabled. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple information disclosure vulnerabilities exist\n in Microsoft Server Message Block 1.0 (SMBv1) due to\n improper handling of SMBv1 packets. An unauthenticated,\n remote attacker can exploit these vulnerabilities, via a\n specially crafted SMBv1 packet, to disclose sensitive\n information. (CVE-2017-0267, CVE-2017-0268,\n CVE-2017-0270, CVE-2017-0271, CVE-2017-0274,\n CVE-2017-0275, CVE-2017-0276)\n\n - Multiple denial of service vulnerabilities exist in\n Microsoft Server Message Block 1.0 (SMBv1) due to\n improper handling of requests. An unauthenticated,\n remote attacker can exploit these vulnerabilities, via a\n specially crafted SMB request, to cause the system to\n stop responding. (CVE-2017-0269, CVE-2017-0273,\n CVE-2017-0280)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft Server Message Block 1.0 (SMBv1) due to\n improper handling of SMBv1 packets. An unauthenticated,\n remote attacker can exploit these vulnerabilities, via a\n specially crafted SMBv1 packet, to execute arbitrary\n code. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278,\n CVE-2017-0279)\n\nDepending on the host's security policy configuration, this plugin\ncannot always correctly determine if the Windows host is vulnerable if\nthe host is running a later Windows version (i.e., Windows 8.1, 10,\n2012, 2012 R2, and 2016) specifically that named pipes and shares are\nallowed to be accessed remotely and anonymously. Tenable does not\nrecommend this configuration, and the hosts should be checked locally\nfor patches with one of the following plugins, depending on the\nWindows version : 100054, 100055, 100057, 100059, 100060, or 100061.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c21268d4\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0268\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b9253982\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0269\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?23802c83\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0270\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8313bb60\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0271\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7677c678\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0272\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36da236c\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0273\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0981b934\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0274\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c88efefa\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0275\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?695bf5cc\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0276\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?459a1e8c\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0277\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea45bbc5\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0278\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4195776a\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbf092cf\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0280\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c0cc566\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the applicable security update for your Windows version :\n\n - Windows Server 2008 : KB4018466\n - Windows 7 : KB4019264\n - Windows Server 2008 R2 : KB4019264\n - Windows Server 2012 : KB4019216\n - Windows 8.1 / RT 8.1. : KB4019215\n - Windows Server 2012 R2 : KB4019215\n - Windows 10 : KB4019474\n - Windows 10 Version 1511 : KB4019473\n - Windows 10 Version 1607 : KB4019472\n - Windows 10 Version 1703 : KB4016871\n - Windows Server 2016 : KB4019472\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"smb_v1_enabled_remote.nasl\");\n script_require_keys(\"Host/OS\", \"SMB/SMBv1_is_supported\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\n\nfunction smb_get_error_code (data)\n{\n local_var header, flags2, code;\n\n # Some checks in the header first\n header = get_smb_header (smbblob:data);\n if (!header)\n return NULL;\n\n flags2 = get_header_flags2 (header:header);\n if (flags2 & SMB_FLAGS2_32BIT_STATUS)\n {\n code = get_header_nt_error_code (header:header);\n }\n else\n {\n code = get_header_dos_error_code (header:header);\n }\n\n return code;\n}\n\nfunction my_smb_trans2(setup, param, plen, data, max_pcount, max_dcount, max_scount)\n{\n local_var header, parameters, dat, packet, ret, pad1, p_offset, d_offset, dlen, slen, pad2; \n\n pad1 = pad2 = NULL;\n\n header = smb_header (Command: SMB_COM_TRANSACTION2,\n Status: nt_status (Status: STATUS_SUCCESS));\n\n p_offset = 32 + 1 + 28 + strlen(setup) + 2 + 1;\n\n # Parameter is aligned to 4 byte\n pad1 = crap(data:'\\x00', length: (4 - p_offset % 4) % 4);\n p_offset += strlen(pad1);\n\n # Data is aligned to 4 byte\n d_offset = p_offset + strlen (param);\n pad2 = crap(data:'\\x00', length: (4 - d_offset % 4) % 4);\n d_offset += strlen(pad2);\n\n if(isnull(plen)) plen = strlen(param); \n dlen = strlen(data);\n slen = strlen(setup);\n\n if(slen % 2) return NULL; \n\n if(isnull(max_pcount)) max_pcount = 0x1000;\n if(isnull(max_dcount)) max_dcount = 0x1000;\n if(isnull(max_scount)) max_scount = 0x20;\n\n parameters = \n raw_word (w:plen) + # total parameter count\n\t raw_word (w:dlen) + # total data count\n\t raw_word (w:max_pcount) + # Max parameter count\n\t raw_word (w:max_dcount) + # Max data count\n\t raw_byte (b:max_scount) + # Max setup count\n raw_byte (b:0) + # Reserved1\n\t raw_word (w:0) + # Flags\n\t raw_dword (d:0) + # Timeout\n\t raw_word (w:0) + # Reserved2\n\t raw_word (w:plen) + # Parameter count\n\t raw_word (w:p_offset) + # Parameter offset\n\t raw_word (w:dlen) + # Data count\n\t raw_word (w:d_offset) + # Data offset\n\t raw_byte (b:slen/2) + # Setup count\n\t raw_byte (b:0); # Reserved3\n\n parameters += setup;\n\n parameters = smb_parameters (data:parameters);\n\n dat = '\\x00' + # Name \n pad1 +\n param +\n pad2 +\n data;\n\n dat = smb_data (data:dat);\n\n packet = netbios_packet (header:header, parameters:parameters, data:dat);\n\n ret = smb_sendrecv (data:packet);\n if (!ret)\n return NULL;\n\n return smb_get_error_code (data:ret);\n}\n\n\n#\n# MAIN\n#\n\n# Make sure it's Windows \nos = get_kb_item_or_exit(\"Host/OS\");\nif (\"Windows\" >!< os)\n audit(AUDIT_HOST_NOT, \"Windows\"); \n \n# Make sure SMBv1 is enabled\nif (! get_kb_item(\"SMB/SMBv1_is_supported\"))\n exit(0, \"SMB version 1 does not appear to be enabled on the remote host.\"); \n\nif (!smb_session_init(smb2:FALSE)) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nr = NetUseAdd(share:\"IPC$\");\nif (r != 1)\n{\n exit(1, 'Failed to connect to the IPC$ share anonymously.');\n}\n\nsetup = raw_word(w:0x06); \nparam = raw_word(w:0xbeef) + raw_dword(d:0); \nstatus = my_smb_trans2(setup: setup, data: NULL, param:param);\nNetUseDel();\n\nif(! isnull(status))\n{\n if(status == 0x00000001) \n {\n audit(AUDIT_HOST_NOT , \"affected\"); \n }\n else if (status == STATUS_NOT_SUPPORTED)\n {\n port = kb_smb_transport();\n security_report_v4(port: port, severity: SECURITY_HOLE);\n }\n else\n {\n port = kb_smb_transport();\n status = \"0x\" + toupper(hexstr(mkdword(status)));\n audit(AUDIT_RESP_BAD, port, \"an SMB_COM_TRANSACTION2 request. Status code: \" + status);\n }\n}\nelse\n{\n exit(1, \"Failed to get response status for an SMB_COM_TRANSACTION2 request. Possibly 'NullSessionPipes' and 'NullSessionShares' are not configured on the server.\"); \n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:54:27", "description": "The remote Windows host is missing security update 4019214 or cumulative update 4019216. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0220)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "Windows Server 2012 May 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0238", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17-MAY_4019214.NASL", "href": "https://www.tenable.com/plugins/nessus/100054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100054);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0220\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0238\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98102,\n 98103,\n 98111,\n 98127,\n 98139,\n 98237,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274\n );\n script_xref(name:\"MSKB\", value:\"4019214\");\n script_xref(name:\"MSKB\", value:\"4019216\");\n script_xref(name:\"MSFT\", value:\"MS17-4019214\");\n script_xref(name:\"MSFT\", value:\"MS17-4019216\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Windows Server 2012 May 2017 Security Updates\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4019214\nor cumulative update 4019216. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0220)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4019214/windows-server-2012-update-kb4019214\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ae1f0e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4019214 or Cumulative update KB4019216.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkbs = make_list(\n '4019214', # 2012 Monthly Rollup\n '4019216' # 2012 Security Rollup\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif ( smb_check_rollup(os:\"6.2\", sp:0, rollup_date: \"05_2017\", bulletin:bulletin, rollup_kb_list:[4019214,4019216]) )\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:55:17", "description": "The remote Windows host is missing security update 4019263 or cumulative update 4019264. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0175)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0220)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)\n\n - An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "Windows 7 and Windows Server 2008 R2 May 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0171", "CVE-2017-0175", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0222", "CVE-2017-0231", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280", "CVE-2017-8552"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_MAY_4019264.NASL", "href": "https://www.tenable.com/plugins/nessus/100058", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100058);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0171\",\n \"CVE-2017-0175\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0220\",\n \"CVE-2017-0222\",\n \"CVE-2017-0231\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\",\n \"CVE-2017-8552\"\n );\n script_bugtraq_id(\n 98097,\n 98102,\n 98103,\n 98110,\n 98111,\n 98127,\n 98173,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274\n );\n script_xref(name:\"MSKB\", value:\"4019263\");\n script_xref(name:\"MSKB\", value:\"4019264\");\n script_xref(name:\"MSFT\", value:\"MS17-4019263\");\n script_xref(name:\"MSFT\", value:\"MS17-4019264\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 May 2017 Security Updates\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4019263\nor cumulative update 4019264. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A denial of service vulnerability exists in the Windows\n DNS server when it's configured to answer version\n queries. An unauthenticated, remote attacker can exploit\n this, via a malicious DNS query, to cause the DNS server\n to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0175)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0220)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\n\n - An information disclosure vulnerability exists in the\n GDI component due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n document or visit a specially crafted website, to\n disclose the contents of memory. (CVE-2017-8552)\");\n # https://support.microsoft.com/en-us/help/4019264/windows-7-update-kb4019264\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?89dd1a9e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4019263 or Cumulative update KB4019264.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\n## NB: Microsoft\nbulletin = 'MS17-05';\nkbs = make_list(\"4019264\", \"4019263\");\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KB only applies to Window 7 / 2008 R2, SP1\nif (hotfix_check_sp_range(win7:'1') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 7 / 2008 R2\n smb_check_rollup(os:\"6.1\", sp:1, rollup_date:\"05_2017\", bulletin:bulletin, rollup_kb_list:[4019264, 4019263])\n)\n{\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:56:01", "description": "The remote Windows Vista host is missing a security update. It is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - Multiple information disclosure vulnerabilities exist in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit these, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276)\n\n - Multiple denial of service vulnerabilities exist in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit these, via a crafted SMB request, to cause the system to stop responding. (CVE-2017-0269, CVE-2017-0273, CVE-2017-0280)\n\n - Multiple remote code execution vulnerabilities exist in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit these, via a specially crafted packet, to execute arbitrary code on a target server. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279)\n\n - A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)\n\n - A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "nessus", "title": "Microsoft Security Advisory 4025685: Windows Vista (June 2017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0222", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280", "CVE-2017-8464", "CVE-2017-8543", "CVE-2017-8552"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_JUN_4025685_VISTA.NASL", "href": "https://www.tenable.com/plugins/nessus/100785", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100785);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2017-0222\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\",\n \"CVE-2017-8464\",\n \"CVE-2017-8543\",\n \"CVE-2017-8552\"\n );\n script_bugtraq_id(\n 98127,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98818,\n 98824,\n 99035\n );\n script_xref(name:\"MSKB\", value:\"4018271\");\n script_xref(name:\"MSKB\", value:\"4018466\");\n script_xref(name:\"MSKB\", value:\"4019204\");\n script_xref(name:\"MSKB\", value:\"4021903\");\n script_xref(name:\"MSKB\", value:\"4024402\");\n script_xref(name:\"MSFT\", value:\"MS17-4018271\");\n script_xref(name:\"MSFT\", value:\"MS17-4018466\");\n script_xref(name:\"MSFT\", value:\"MS17-4019204\");\n script_xref(name:\"MSFT\", value:\"MS17-4021903\");\n script_xref(name:\"MSFT\", value:\"MS17-4024402\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/14\");\n\n script_name(english:\"Microsoft Security Advisory 4025685: Windows Vista (June 2017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows Vista host is missing a security update. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - Multiple information disclosure vulnerabilities exist in\n the Microsoft Server Message Block 1.0 (SMBv1) server\n when handling certain requests. An unauthenticated,\n remote attacker can exploit these, via a specially\n crafted packet, to disclose sensitive information.\n (CVE-2017-0267, CVE-2017-0268, CVE-2017-0270,\n CVE-2017-0271, CVE-2017-0274, CVE-2017-0275,\n CVE-2017-0276)\n\n - Multiple denial of service vulnerabilities exist in\n Microsoft Server Message Block (SMB) when handling a\n specially crafted request to the server. An\n unauthenticated, remote attacker can exploit these, via\n a crafted SMB request, to cause the system to stop\n responding. (CVE-2017-0269, CVE-2017-0273,\n CVE-2017-0280)\n\n - Multiple remote code execution vulnerabilities exist in\n the Microsoft Server Message Block 1.0 (SMBv1) server\n when handling certain requests. An unauthenticated,\n remote attacker can exploit these, via a specially\n crafted packet, to execute arbitrary code on a target\n server. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278,\n CVE-2017-0279)\n\n - A remote code execution vulnerability exists in Windows\n due to improper handling of shortcuts. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to insert a removable drive containing\n a malicious shortcut and binary, to automatically\n execute arbitrary code in the context of the current\n user. (CVE-2017-8464)\n\n - A remote code execution vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the\n GDI component due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n document or visit a specially crafted website, to\n disclose the contents of memory. (CVE-2017-8552)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2017/4025685\");\n # https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0780816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'LNK Code Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-06\";\nkbs = make_list(\n \"4018271\",\n \"4018466\",\n \"4021903\",\n \"4024402\",\n \"4019204\"\n);\n\nvuln = 0;\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\n# Only Vista\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share))\n audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # 4018271 aka CVE-2017-0222\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.16896\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21007\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n\n # 4018466 aka CVE-2017-0267 to 0280\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"netevent.dll\", version:\"6.0.6002.19673\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018466\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"netevent.dll\", version:\"6.0.6002.24089\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018466\") ||\n\n # 4021903 aka CVE-2017-8464\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"shell32.dll\", version:\"6.0.6002.19785\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4021903\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"shell32.dll\", version:\"6.0.6002.24102\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4021903\") ||\n\n # 4024402 aka CVE-2017-8543\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"searchindexer.exe\", version:\"7.0.6002.19805\", min_version:\"7.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4024402\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"searchindexer.exe\", version:\"7.0.6002.24123\", min_version:\"7.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4024402\") ||\n\n # 4019204 aka CVE-2017-8552\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"win32k.sys\", version:\"6.0.6002.19778\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4019204\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"win32k.sys\", version:\"6.0.6002.24095\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4019204\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:54:48", "description": "The remote Windows host is missing multiple security updates released on 2017/05/09. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory.\n (CVE-2017-0077)\n\n - A denial of service vulnerability exists in Windows DNS Server if the server is configured to answer version queries. An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system.\n (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0175, CVE-2017-0220)\n\n - An information disclosure vulnerability exists in the way some ActiveX objects are instantiated. An attacker who successfully exploited this vulnerability could gain access to protected memory contents. (CVE-2017-0242)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability can lead to denial of service.\n (CVE-2017-0244)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-0245)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. On computers with Windows 7 for x64-based systems or later installed, this vulnerability can lead to denial of service.\n (CVE-2017-0246)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2017-0258)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory.\n (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)\n\n - An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "Windows 2008 May 2017 Multiple Security Updates", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0175", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0242", "CVE-2017-0244", "CVE-2017-0245", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280", "CVE-2017-8552"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_MAY_WIN2008.NASL", "href": "https://www.tenable.com/plugins/nessus/100063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100063);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0077\",\n \"CVE-2017-0171\",\n \"CVE-2017-0175\",\n \"CVE-2017-0190\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0220\",\n \"CVE-2017-0242\",\n \"CVE-2017-0244\",\n \"CVE-2017-0245\",\n \"CVE-2017-0246\",\n \"CVE-2017-0258\",\n \"CVE-2017-0263\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\",\n \"CVE-2017-8552\"\n );\n script_bugtraq_id(\n 98097,\n 98102,\n 98103,\n 98108,\n 98109,\n 98110,\n 98111,\n 98112,\n 98114,\n 98115,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98275,\n 98298\n );\n script_xref(name:\"MSKB\", value:\"4018196\");\n script_xref(name:\"MSKB\", value:\"4018466\");\n script_xref(name:\"MSKB\", value:\"4018556\");\n script_xref(name:\"MSKB\", value:\"4018821\");\n script_xref(name:\"MSKB\", value:\"4018885\");\n script_xref(name:\"MSKB\", value:\"4018927\");\n script_xref(name:\"MSKB\", value:\"4019149\");\n script_xref(name:\"MSKB\", value:\"4019204\");\n script_xref(name:\"MSKB\", value:\"4019206\");\n script_xref(name:\"MSFT\", value:\"MS17-4018196\");\n script_xref(name:\"MSFT\", value:\"MS17-4018466\");\n script_xref(name:\"MSFT\", value:\"MS17-4018556\");\n script_xref(name:\"MSFT\", value:\"MS17-4018821\");\n script_xref(name:\"MSFT\", value:\"MS17-4018885\");\n script_xref(name:\"MSFT\", value:\"MS17-4018927\");\n script_xref(name:\"MSFT\", value:\"MS17-4019149\");\n script_xref(name:\"MSFT\", value:\"MS17-4019204\");\n script_xref(name:\"MSFT\", value:\"MS17-4019206\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"Windows 2008 May 2017 Multiple Security Updates\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing multiple security updates released\non 2017/05/09. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows improperly handles objects in memory.\n (CVE-2017-0077)\n\n - A denial of service vulnerability exists in Windows DNS\n Server if the server is configured to answer version\n queries. An attacker who successfully exploited this\n vulnerability could cause the DNS Server service to\n become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system.\n (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0175, CVE-2017-0220)\n\n - An information disclosure vulnerability exists in the\n way some ActiveX objects are instantiated. An attacker\n who successfully exploited this vulnerability could gain\n access to protected memory contents. (CVE-2017-0242)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. On systems\n with Windows 7 for x64-based Systems or later installed,\n this vulnerability can lead to denial of service.\n (CVE-2017-0244)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-0245)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. On computers\n with Windows 7 for x64-based systems or later installed,\n this vulnerability can lead to denial of service.\n (CVE-2017-0246)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-0258)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory.\n (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\n\n - An information disclosure vulnerability exists in the\n GDI component due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n document or visit a specially crafted website, to\n disclose the contents of memory. (CVE-2017-8552)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4018196/title\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4018466/title\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4018556/title\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4018821/title\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4018885/title\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4018927/title\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4019149/title\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4019204/title\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4019206/title\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the following security updates :\n\n - KB4018196\n - KB4018466\n - KB4018556\n - KB4018821\n - KB4018885\n - KB4018927\n - KB4019149\n - KB4019204\n - KB4019206\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-05';\n\nkbs = make_list(\n \"4018196\", \n \"4018466\",\n \"4018556\",\n \"4018821\",\n \"4018885\",\n \"4018927\",\n \"4019149\",\n \"4019204\",\n \"4019206\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KB4018196 Applies only to hosts having 'DNS Server' role installed\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\ndns_role_installed = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Services\\DNS\\DisplayName\"\n);\nRegCloseKey(handle:hklm);\nclose_registry(close:TRUE);\n\n# KBs only apply to Windows 2008\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nthe_session = make_array(\n 'login', login,\n 'password', pass,\n 'domain', domain,\n 'share', winsxs_share\n);\n\nvuln = 0;\n\n# 4018196\nif (!isnull(dns_role_installed))\n{\n files = list_dir(basedir:winsxs, level:0, dir_pat:\"dns-server-service_31bf3856ad364e35_\", file_pat:\"^dns\\.exe$\", max_recurse:1);\n vuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19765','6.0.6002.24089'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4018196\", session:the_session);\n}\n\n# 4018466\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"smbserver-common_31bf3856ad364e35_\", file_pat:\"^srvnet\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19673','6.0.6002.24089'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4018466\", session:the_session);\n\n# 4018556\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"com-base-qfe-ole32_31bf3856ad364e35_\", file_pat:\"^ole32\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19773','6.0.6002.24089'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4018556\", session:the_session);\n\n# 4018821\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"tdi-over-tcpip_31bf3856ad364e35_\", file_pat:\"^tdx\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19762','6.0.6002.24087'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4018821\", session:the_session);\n\n# 4018885\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"tcpip-binaries_31bf3856ad364e35_\", file_pat:\"^tcpip\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19763','6.0.6002.24087'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4018885\", session:the_session);\n\n# 4018927\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"rds-datafactory-dll_31bf3856ad364e35_\", file_pat:\"^msadcf\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19770','6.0.6002.24089'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4018927\", session:the_session);\n\n# 4019149\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"lddmcore_31bf3856ad364e35_\", file_pat:\"^dxgkrnl\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('7.0.6002.19765','7.0.6002.24089'),\n max_versions:make_list('7.0.6002.20000','7.0.6002.99999'),\n bulletin:bulletin,\n kb:\"4019149\", session:the_session);\n\n# 4019204\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"win32k_31bf3856ad364e35_\", file_pat:\"^win32k\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19778','6.0.6002.24095'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4019204\", session:the_session);\n\n# 4019206\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"gdi32_31bf3856ad364e35_\", file_pat:\"^gdi32\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19765','6.0.6002.24089'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4019206\", session:the_session);\n\nif (vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:26", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could then either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. (CVE-2017-0231)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-0222)\n\n - A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings. This could allow for the loading of unsecure content (HTTP) from secure locations (HTTPS).\n (CVE-2017-0064)", "cvss3": {}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (May 2017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0064", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0238"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS17_MAY_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/104893", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104893);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0231\",\n \"CVE-2017-0238\"\n );\n script_bugtraq_id(\n 98121,\n 98127,\n 98139,\n 98173,\n 98237\n );\n script_xref(name:\"MSKB\", value:\"4019215\");\n script_xref(name:\"MSKB\", value:\"4019216\");\n script_xref(name:\"MSKB\", value:\"4019264\");\n script_xref(name:\"MSKB\", value:\"4018271\");\n script_xref(name:\"MSFT\", value:\"MS17-4019215\");\n script_xref(name:\"MSFT\", value:\"MS17-4019216\");\n script_xref(name:\"MSFT\", value:\"MS17-4019264\");\n script_xref(name:\"MSFT\", value:\"MS17-4018271\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n\n script_name(english:\"Security Updates for Internet Explorer (May 2017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n This vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-0226)\n\n - A spoofing vulnerability exists when Microsoft browsers\n render SmartScreen Filter. An attacker who successfully\n exploited this vulnerability could trick a user by\n redirecting the user to a specially crafted website. The\n specially crafted website could then either spoof\n content or serve as a pivot to chain an attack with\n other vulnerabilities in web services. (CVE-2017-0231)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0222)\n\n - A security feature bypass vulnerability exists in\n Internet Explorer that allows for bypassing Mixed\n Content warnings. This could allow for the loading of\n unsecure content (HTTP) from secure locations (HTTPS).\n (CVE-2017-0064)\");\n # https://support.microsoft.com/en-us/help/4019215/windows-8-update-kb4019215\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09cc032f\");\n # https://support.microsoft.com/en-us/help/4019216/windows-server-2012-update-kb4019216\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3c95ae3\");\n # https://support.microsoft.com/en-us/help/4019264/windows-7-update-kb4019264\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?89dd1a9e\");\n # https://support.microsoft.com/en-us/help/4018271/cumulative-security-update-for-internet-explorer-may-9-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5470f743\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for the affected versions of Internet Explorer.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0238\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-05';\nkbs = make_list(\n '4019215',\n '4019216',\n '4019264',\n '4018271'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18666\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22137\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 8/9/10/11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18666\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"10.0.9200.22137\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"9.0.8112.21007\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"9.0.8112.16896\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"8.0.7601.23764\", min_version:\"8.0.7601.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n\n # Vista / Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21007\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.16896\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4018271 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4019215 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-05', kb:'4019215', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4019216 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-05', kb:'4019216', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4019264 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-05', kb:'4019264', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:35:21", "description": "The remote Windows 8 host is missing a security update. It is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)\n\n - A remote code execution vulnerability exists in Windows OLE due to improper validation of user-supplied input.\n An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted file or email message, to execute arbitrary code in the context of the current user. (CVE-2017-8487)\n\n - A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "nessus", "title": "Windows 8 June 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0222", "CVE-2017-0267", "CVE-2017-8464", "CVE-2017-8487", "CVE-2017-8543"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_JUN_WINDOWS8.NASL", "href": "https://www.tenable.com/plugins/nessus/100788", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100788);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2017-0222\",\n \"CVE-2017-0267\",\n \"CVE-2017-8464\",\n \"CVE-2017-8487\",\n \"CVE-2017-8543\"\n );\n script_bugtraq_id(\n 98127,\n 98259,\n 98818,\n 98824,\n 99013\n );\n script_xref(name:\"MSKB\", value:\"4022839\");\n script_xref(name:\"MSKB\", value:\"4019623\");\n script_xref(name:\"MSKB\", value:\"4018271\");\n script_xref(name:\"MSFT\", value:\"MS17-4022839\");\n script_xref(name:\"MSFT\", value:\"MS17-4019623\");\n script_xref(name:\"MSFT\", value:\"MS17-4018271\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/14\");\n\n script_name(english:\"Windows 8 June 2017 Security Updates\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 8 host is missing a security update. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - A remote code execution vulnerability exists in Windows\n due to improper handling of shortcuts. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to insert a removable drive containing\n a malicious shortcut and binary, to automatically\n execute arbitrary code in the context of the current\n user. (CVE-2017-8464)\n\n - A remote code execution vulnerability exists in Windows\n OLE due to improper validation of user-supplied input.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website or\n to open a specially crafted file or email message, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8487)\n\n - A remote code execution vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to execute arbitrary code. (CVE-2017-8543)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4012598/title\");\n # https://support.microsoft.com/en-us/help/4012583/ms17-011-and-ms17-013-description-of-the-security-update-for-microsoft\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba79a274\");\n # https://support.microsoft.com/en-ca/help/4022839/description-of-the-security-update-for-windows-8-june-13-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d15161da\");\n # http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019623\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00067ec3\");\n # https://support.microsoft.com/en-us/help/4018271/cumulative-security-update-for-internet-explorer-may-9-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5470f743\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released emergency patches for Windows 8. Apply security\nupdates KB4022839, KB4019623, and KB4018271\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'LNK Code Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-06';\nkbs = make_list(\n \"4022839\",\n \"4019623\",\n \"4018271\"\n);\n\nvuln = 0;\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Server\" >< productname)\n audit(AUDIT_OS_NOT, \"Windows 8\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share))\n audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # 4022839\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"shell32.dll\", version:\"6.2.9200.22164\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4022839\")\n ||\n # 4019623\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"srv.sys\", version:\"6.2.9200.22137\", min_version:\"6.2.9200.16000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4019623\")\n ||\n # 4018271\n # x86\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"hlink.dll\", version:\"6.0.6002.22092\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\")\n ||\n # x64\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"hlink.dll\", version:\"6.0.6002.22104\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\")\n\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-12-05T21:26:58", "description": "### *Detect date*:\n05/09/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, gain privileges.\n\n### *Affected products*:\nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 \nWindows RT 8.1 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2012 R2 \nWindows 10 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2016 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0280](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0280>) \n[CVE-2017-0274](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0274>) \n[CVE-2017-0272](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0272>) \n[CVE-2017-0279](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0279>) \n[CVE-2017-0273](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0273>) \n[CVE-2017-0276](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0276>) \n[CVE-2017-0278](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0278>) \n[CVE-2017-0213](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0213>) \n[CVE-2017-0212](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0212>) \n[CVE-2017-0270](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0270>) \n[CVE-2017-0245](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0245>) \n[CVE-2017-0171](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0171>) \n[CVE-2017-0259](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0259>) \n[CVE-2017-0246](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0246>) \n[CVE-2017-0277](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0277>) \n[CVE-2017-0258](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0258>) \n[CVE-2017-0269](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0269>) \n[CVE-2017-0267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0267>) \n[CVE-2017-0077](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0077>) \n[CVE-2017-0190](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0190>) \n[CVE-2017-0275](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0275>) \n[CVE-2017-0271](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0271>) \n[CVE-2017-0214](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0214>) \n[CVE-2017-0263](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0263>) \n[CVE-2017-0268](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0268>) \n[CVE-2017-0220](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0220>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Server 2012](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/>)\n\n### *CVE-IDS*:\n[CVE-2017-0280](<https://vulners.com/cve/CVE-2017-0280>)7.1High \n[CVE-2017-0279](<https://vulners.com/cve/CVE-2017-0279>)6.8High \n[CVE-2017-0278](<https://vulners.com/cve/CVE-2017-0278>)6.8High \n[CVE-2017-0277](<https://vulners.com/cve/CVE-2017-0277>)6.8High \n[CVE-2017-0276](<https://vulners.com/cve/CVE-2017-0276>)4.3Warning \n[CVE-2017-0275](<https://vulners.com/cve/CVE-2017-0275>)4.3Warning \n[CVE-2017-0274](<https://vulners.com/cve/CVE-2017-0274>)4.3Warning \n[CVE-2017-0273](<https://vulners.com/cve/CVE-2017-0273>)4.3Warning \n[CVE-2017-0272](<https://vulners.com/cve/CVE-2017-0272>)9.3Critical \n[CVE-2017-0271](<https://vulners.com/cve/CVE-2017-0271>)4.3Warning \n[CVE-2017-0270](<https://vulners.com/cve/CVE-2017-0270>)4.3Warning \n[CVE-2017-0269](<https://vulners.com/cve/CVE-2017-0269>)4.3Warning \n[CVE-2017-0268](<https://vulners.com/cve/CVE-2017-0268>)4.3Warning \n[CVE-2017-0267](<https://vulners.com/cve/CVE-2017-0267>)4.3Warning \n[CVE-2017-0263](<https://vulners.com/cve/CVE-2017-0263>)7.2High \n[CVE-2017-0259](<https://vulners.com/cve/CVE-2017-0259>)1.9Warning \n[CVE-2017-0258](<https://vulners.com/cve/CVE-2017-0258>)1.9Warning \n[CVE-2017-0246](<https://vulners.com/cve/CVE-2017-0246>)6.9High \n[CVE-2017-0245](<https://vulners.com/cve/CVE-2017-0245>)1.9Warning \n[CVE-2017-0220](<https://vulners.com/cve/CVE-2017-0220>)1.9Warning \n[CVE-2017-0214](<https://vulners.com/cve/CVE-2017-0214>)4.4Warning \n[CVE-2017-0213](<https://vulners.com/cve/CVE-2017-0213>)1.9Warning \n[CVE-2017-0212](<https://vulners.com/cve/CVE-2017-0212>)5.4High \n[CVE-2017-0190](<https://vulners.com/cve/CVE-2017-0190>)2.1Warning \n[CVE-2017-0171](<https://vulners.com/cve/CVE-2017-0171>)4.3Warning \n[CVE-2017-0077](<https://vulners.com/cve/CVE-2017-0077>)7.2High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4038788](<http://support.microsoft.com/kb/4038788>) \n[4016871](<http://support.microsoft.com/kb/4016871>) \n[4019474](<http://support.microsoft.com/kb/4019474>) \n[4019215](<http://support.microsoft.com/kb/4019215>) \n[4019216](<http://support.microsoft.com/kb/4019216>) \n[4019473](<http://support.microsoft.com/kb/4019473>) \n[4019472](<http://support.microsoft.com/kb/4019472>) \n[4019213](<http://support.microsoft.com/kb/4019213>) \n[4019214](<http://support.microsoft.com/kb/4019214>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "kaspersky", "title": "KLA11009 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0245", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2020-09-29T00:00:00", "id": "KLA11009", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11009/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-05T21:26:27", "description": "### *Detect date*:\n05/09/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges.\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows RT 8.1 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nInternet Explorer 10 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0220](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0220>) \n[CVE-2017-0222](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0222>) \n[CVE-2017-0280](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0280>) \n[CVE-2017-0064](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0064>) \n[CVE-2017-0272](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0272>) \n[CVE-2017-0246](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0246>) \n[CVE-2017-0278](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0278>) \n[CVE-2017-0279](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0279>) \n[CVE-2017-0190](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0190>) \n[CVE-2017-0214](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0214>) \n[CVE-2017-0273](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0273>) \n[CVE-2017-0270](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0270>) \n[CVE-2017-0271](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0271>) \n[CVE-2017-0276](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0276>) \n[CVE-2017-0277](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0277>) \n[CVE-2017-0274](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0274>) \n[CVE-2017-0213](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0213>) \n[CVE-2017-0238](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0238>) \n[CVE-2017-0258](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0258>) \n[CVE-2017-0077](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0077>) \n[CVE-2017-0175](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0175>) \n[CVE-2017-0171](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0171>) \n[CVE-2017-0269](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0269>) \n[CVE-2017-0268](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0268>) \n[CVE-2017-0245](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0245>) \n[CVE-2017-0244](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0244>) \n[CVE-2017-0242](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0242>) \n[CVE-2017-0263](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0263>) \n[CVE-2017-0275](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0275>) \n[CVE-2017-0267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0267>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-0238](<https://vulners.com/cve/CVE-2017-0238>)7.6Critical \n[CVE-2017-0222](<https://vulners.com/cve/CVE-2017-0222>)7.6Critical \n[CVE-2017-0064](<https://vulners.com/cve/CVE-2017-0064>)4.3Warning \n[CVE-2017-0280](<https://vulners.com/cve/CVE-2017-0280>)7.1High \n[CVE-2017-0279](<https://vulners.com/cve/CVE-2017-0279>)6.8High \n[CVE-2017-0278](<https://vulners.com/cve/CVE-2017-0278>)6.8High \n[CVE-2017-0277](<https://vulners.com/cve/CVE-2017-0277>)6.8High \n[CVE-2017-0276](<https://vulners.com/cve/CVE-2017-0276>)4.3Warning \n[CVE-2017-0275](<https://vulners.com/cve/CVE-2017-0275>)4.3Warning \n[CVE-2017-0274](<https://vulners.com/cve/CVE-2017-0274>)4.3Warning \n[CVE-2017-0273](<https://vulners.com/cve/CVE-2017-0273>)4.3Warning \n[CVE-2017-0272](<https://vulners.com/cve/CVE-2017-0272>)9.3Critical \n[CVE-2017-0271](<https://vulners.com/cve/CVE-2017-0271>)4.3Warning \n[CVE-2017-0270](<https://vulners.com/cve/CVE-2017-0270>)4.3Warning \n[CVE-2017-0269](<https://vulners.com/cve/CVE-2017-0269>)4.3Warning \n[CVE-2017-0268](<https://vulners.com/cve/CVE-2017-0268>)4.3Warning \n[CVE-2017-0267](<https://vulners.com/cve/CVE-2017-0267>)4.3Warning \n[CVE-2017-0263](<https://vulners.com/cve/CVE-2017-0263>)7.2High \n[CVE-2017-0258](<https://vulners.com/cve/CVE-2017-0258>)1.9Warning \n[CVE-2017-0246](<https://vulners.com/cve/CVE-2017-0246>)6.9High \n[CVE-2017-0245](<https://vulners.com/cve/CVE-2017-0245>)1.9Warning \n[CVE-2017-0244](<https://vulners.com/cve/CVE-2017-0244>)6.9High \n[CVE-2017-0242](<https://vulners.com/cve/CVE-2017-0242>)4.3Warning \n[CVE-2017-0220](<https://vulners.com/cve/CVE-2017-0220>)1.9Warning \n[CVE-2017-0214](<https://vulners.com/cve/CVE-2017-0214>)4.4Warning \n[CVE-2017-0213](<https://vulners.com/cve/CVE-2017-0213>)1.9Warning \n[CVE-2017-0190](<https://vulners.com/cve/CVE-2017-0190>)2.1Warning \n[CVE-2017-0175](<https://vulners.com/cve/CVE-2017-0175>)2.1Warning \n[CVE-2017-0171](<https://vulners.com/cve/CVE-2017-0171>)4.3Warning \n[CVE-2017-0077](<https://vulners.com/cve/CVE-2017-0077>)7.2High\n\n### *Exploitation*:\nPublic exploits exist for this vulnerability.\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4018271](<http://support.microsoft.com/kb/4018271>) \n[4019264](<http://support.microsoft.com/kb/4019264>) \n[4019263](<http://support.microsoft.com/kb/4019263>) \n[4019149](<http://support.microsoft.com/kb/4019149>) \n[4018885](<http://support.microsoft.com/kb/4018885>) \n[4019206](<http://support.microsoft.com/kb/4019206>) \n[4018821](<http://support.microsoft.com/kb/4018821>) \n[4018927](<http://support.microsoft.com/kb/4018927>) \n[4018556](<http://support.microsoft.com/kb/4018556>) \n[4019204](<http://support.microsoft.com/kb/4019204>) \n[4018466](<http://support.microsoft.com/kb/4018466>) \n[4018196](<http://support.microsoft.com/kb/4018196>)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "kaspersky", "title": "KLA11077 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0175", "CVE-2017-0190", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0220", "CVE-2017-0222", "CVE-2017-0238", "CVE-2017-0242", "CVE-2017-0244", "CVE-2017-0245", "CVE-2017-0246", "CVE-2017-0258", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2023-09-26T00:00:00", "id": "KLA11077", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11077/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-05T21:27:03", "description": "### *Detect date*:\n05/09/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, bypass security restrictions.\n\n### *Affected products*:\nInternet Explorer 9 \nInternet Explorer 11 \nInternet Explorer 10 \nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0266](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0266>) \n[CVE-2017-0241](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0241>) \n[CVE-2017-0240](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0240>) \n[CVE-2017-0238](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0238>) \n[CVE-2017-0236](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0236>) \n[CVE-2017-0235](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0235>) \n[CVE-2017-0234](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0234>) \n[CVE-2017-0233](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0233>) \n[CVE-2017-0231](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0231>) \n[CVE-2017-0230](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0230>) \n[CVE-2017-0229](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0229>) \n[CVE-2017-0228](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0228>) \n[CVE-2017-0227](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0227>) \n[CVE-2017-0226](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0226>) \n[CVE-2017-0224](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0224>) \n[CVE-2017-0222](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0222>) \n[CVE-2017-0221](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0221>) \n[CVE-2017-0064](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0064>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-0266](<https://vulners.com/cve/CVE-2017-0266>)7.6Critical \n[CVE-2017-0241](<https://vulners.com/cve/CVE-2017-0241>)5.4High \n[CVE-2017-0240](<https://vulners.com/cve/CVE-2017-0240>)7.6Critical \n[CVE-2017-0238](<https://vulners.com/cve/CVE-2017-0238>)7.6Critical \n[CVE-2017-0236](<https://vulners.com/cve/CVE-2017-0236>)7.6Critical \n[CVE-2017-0235](<https://vulners.com/cve/CVE-2017-0235>)7.6Critical \n[CVE-2017-0234](<https://vulners.com/cve/CVE-2017-0234>)7.6Critical \n[CVE-2017-0233](<https://vulners.com/cve/CVE-2017-0233>)5.1High \n[CVE-2017-0231](<https://vulners.com/cve/CVE-2017-0231>)4.3Warning \n[CVE-2017-0230](<https://vulners.com/cve/CVE-2017-0230>)7.6Critical \n[CVE-2017-0229](<https://vulners.com/cve/CVE-2017-0229>)7.6Critical \n[CVE-2017-0228](<https://vulners.com/cve/CVE-2017-0228>)7.6Critical \n[CVE-2017-0227](<https://vulners.com/cve/CVE-2017-0227>)7.6Critical \n[CVE-2017-0226](<https://vulners.com/cve/CVE-2017-0226>)7.6Critical \n[CVE-2017-0224](<https://vulners.com/cve/CVE-2017-0224>)7.6Critical \n[CVE-2017-0222](<https://vulners.com/cve/CVE-2017-0222>)7.6Critical \n[CVE-2017-0221](<https://vulners.com/cve/CVE-2017-0221>)7.6Critical \n[CVE-2017-0064](<https://vulners.com/cve/CVE-2017-0064>)4.3Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4016871](<http://support.microsoft.com/kb/4016871>) \n[4019474](<http://support.microsoft.com/kb/4019474>) \n[4018271](<http://support.microsoft.com/kb/4018271>) \n[4019215](<http://support.microsoft.com/kb/4019215>) \n[4019264](<http://support.microsoft.com/kb/4019264>) \n[4019216](<http://support.microsoft.com/kb/4019216>) \n[4034668](<http://support.microsoft.com/kb/4034668>) \n[4034733](<http://support.microsoft.com/kb/4034733>) \n[4034674](<http://support.microsoft.com/kb/4034674>) \n[4034681](<http://support.microsoft.com/kb/4034681>) \n[4034658](<http://support.microsoft.com/kb/4034658>) \n[4034660](<http://support.microsoft.com/kb/4034660>) \n[4019473](<http://support.microsoft.com/kb/4019473>) \n[4019472](<http://support.microsoft.com/kb/4019472>)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-09T00:00:00", "type": "kaspersky", "title": "KLA11002 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0221", "CVE-2017-0222", "CVE-2017-0224", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0266"], "modified": "2020-07-17T00:00:00", "id": "KLA11002", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11002/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2017-05-18T08:47:17", "description": "\n\nAlthough I\u2019m still dreaming of the sandy beaches of Cancun, it\u2019s time to get back to reality. Security vulnerabilities never take a holiday and this week is no exception. In addition to our normal Digital Vaccine (DV) package delivered earlier this week, we also issued an out-of-band DV package to address zero-day vulnerabilities for Intel Active Management Technology (AMT) ([CVE-2017-5689](<https://nvd.nist.gov/vuln/detail/CVE-2017-5689>)) and Windows Defender ([CVE-2017-0290](<https://nvd.nist.gov/vuln/detail/CVE-2017-0290>)).\n\nThe Intel AMT vulnerability is an escalation of privilege vulnerability that allows an unprivileged attacker to gain control of the manageability features provided by the affected Intel AMT products. The Windows Defender vulnerability is much scarier because allows a remote attacker to take over a system without any interaction from the system owner. Just the mere execution of Windows Defender scanning an email or instant message from an attacker is enough. But don\u2019t worry \u2013 customers using TippingPoint solutions are protected from these vulnerabilities with the following DV filters:\n\n| \n\n * 28214: HTTP: Null response digest\n * 28221: HTTP: Microsoft Malware Protection Engine mpengine Type Confusion Vulnerability \n---|--- \n| \n \n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before May 9, 2017. Microsoft released patches for 55 new CVEs in Internet Explorer, Edge, Office, Windows, and .NET Framework. A total of 14 of these CVEs are rated Critical while the rest are rated Important in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [May 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/5/5/the-may-2017-security-update-review>):\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0064 | | Insufficient Vendor Information \nCVE-2017-0077 | 28112 | \nCVE-2017-0171 | | Insufficient Vendor Information \nCVE-2017-0175 | 28183 | \nCVE-2017-0190 | | Insufficient Vendor Information \nCVE-2017-0212 | | Insufficient Vendor Information \nCVE-2017-0213 | 28184 | \nCVE-2017-0214 | 28189 | \nCVE-2017-0220 | 28198 | \nCVE-2017-0221 | 28114 | \nCVE-2017-0222 | | Insufficient Vendor Information \nCVE-2017-0224 | | Insufficient Vendor Information \nCVE-2017-0226 | | Insufficient Vendor Information \nCVE-2017-0227 | 28130 | \nCVE-2017-0228 | *27538 | \nCVE-2017-0229 | | Insufficient Vendor Information \nCVE-2017-0230 | | Insufficient Vendor Information \nCVE-2017-0231 | | Insufficient Vendor Information \nCVE-2017-0233 | | Insufficient Vendor Information \nCVE-2017-0234 | *27532 | \nCVE-2017-0235 | | Insufficient Vendor Information \nCVE-2017-0236 | *27536 | \nCVE-2017-0238 | *27540 | \nCVE-2017-0240 | *27541, *27542 | \nCVE-2017-0241 | | Insufficient Vendor Information \nCVE-2017-0242 | | Insufficient Vendor Information \nCVE-2017-0243 | 28192 | \nCVE-2017-0244 | | Insufficient Vendor Information \nCVE-2017-0245 | 28185 | \nCVE-2017-0246 | 28111 | \nCVE-2017-0248 | | Insufficient Vendor Information \nCVE-2017-0254 | | Insufficient Vendor Information \nCVE-2017-0255 | | Insufficient Vendor Information \nCVE-2017-0258 | 28199 | \nCVE-2017-0259 | 28200 | \nCVE-2017-0261 | | Insufficient Vendor Information \nCVE-2017-0262 | | Insufficient Vendor Information \nCVE-2017-0263 | 28186 | \nCVE-2017-0264 | | Insufficient Vendor Information \nCVE-2017-0265 | | Insufficient Vendor Information \nCVE-2017-0266 | 28193 | \nCVE-2017-0267 | | Insufficient Vendor Information \nCVE-2017-0268 | | Insufficient Vendor Information \nCVE-2017-0269 | | Insufficient Vendor Information \nCVE-2017-0270 | | Insufficient Vendor Information \nCVE-2017-0271 | | Insufficient Vendor Information \nCVE-2017-0272 | | Insufficient Vendor Information \nCVE-2017-0273 | | Insufficient Vendor Information \nCVE-2017-0274 | | Insufficient Vendor Information \nCVE-2017-0275 | | Insufficient Vendor Information \nCVE-2017-0276 | | Insufficient Vendor Information \nCVE-2017-0277 | | Insufficient Vendor Information \nCVE-2017-0278 | | Insufficient Vendor Information \nCVE-2017-0279 | | Insufficient Vendor Information \nCVE-2017-0280 | | Insufficient Vendor Information \nCVE-2017-0281 | | Insufficient Vendor Information \n \n \n\n**Zero-Day Filters**\n\nThere are 14 new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (5)_**\n\n| \n\n * 28094: ZDI-CAN-4564: Zero Day Initiative Vulnerability (Adobe Flash)\n * 28099: ZDI-CAN-4565: Zero Day Initiative Vulnerability (Adobe Flash)\n * 28100: ZDI-CAN-4566: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28101: ZDI-CAN-4567: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28202: ZDI-CAN-4715, 4716: Zero Day Initiative Vulnerability (Adobe Reader DC)**_ _** \n---|--- \n| \n \n**_EMC (6)_**\n\n| \n\n * 28102: ZDI-CAN-4694: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28103: ZDI-CAN-4695: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28104: ZDI-CAN-4696: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28105: ZDI-CAN-4698: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28106: ZDI-CAN-4699: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28107: ZDI-CAN-4710: Zero Day Initiative Vulnerability (EMC AppSync)**_ _** \n---|--- \n| \n \n**_NetGain (3)_**\n\n| \n\n * 28108: ZDI-CAN-4749: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)\n * 28109: ZDI-CAN-4750: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)\n * 28110: ZDI-CAN-4751: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)**_ _** \n---|--- \n| \n \n**Updated Existing Zero-Day Filters**\n\nThis section highlights specific filter(s) of interest in this week\u2019s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its [Disclosure Policy](<http://zerodayinitiative.com/advisories/disclosure_policy/>).\n\nThree of the filters we have for this month\u2019s Microsoft bulletins are a direct result of the Zero Day Initiative\u2019s Pwn2Own contest held in March. These filters have been updated to reflect the fact that the vulnerabilities have been patched:\n\n| \n\n * 27532: HTTP: Microsoft Edge Chakra JIT Array Memory Corruption Vulnerability (Pwn2Own)\n * 27538: HTTP: Microsoft Edge Chakra Array Splice Use-After-Free Vulnerability (Pwn2Own)\n * 27540: HTTP: Microsoft Edge Chakra Array Unshift Buffer Overflow Vulnerability (Pwn2Own)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-may-1-2017/>).", "cvss3": {}, "published": "2017-05-12T16:47:57", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of May 8, 2017", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0244", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0290", "CVE-2017-0248", "CVE-2017-5689", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0235", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0220", "CVE-2017-0224", "CVE-2017-0281", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0254", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0264", "CVE-2017-0077", "CVE-2017-0255", "CVE-2017-0221", "CVE-2017-0243", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0242", "CVE-2017-0262", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0265", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246", "CVE-2017-0261", "CVE-2017-0175"], "modified": "2017-05-12T16:47:57", "id": "TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-may-8-2017/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-16T23:16:51", "description": "\n\nHave you ever read something online and you read a word as something else? Sometimes the weight of our eyelids makes our eyes deceive us after hours staring at a computer screen. As I stated to read a [Zero Day Initiative blog](<https://www.zerodayinitiative.com/blog/2017/10/5/check-it-out-enforcement-of-bounds-checks-in-native-jit-code>) published this week by Simon Zuckerbraun, instead of reading the word \u201cChakra,\u201d which is the JavaScript engine present in Microsoft Edge, I read \u201cChaka Khan.\u201d Just typing the words Chaka Khan \u2013 now I can\u2019t get the beginning of her song \u201cI Feel For You\u201d out of my head.\n\nAfter realizing my reading error, I starting reading more. So does the blog \u201ctell me something good\u201d about Chakra?\n\nAs it turns out, one of the winning entries from the [2017 Pwn2Own competition](<https://www.zerodayinitiative.com/blog/2017/3/23/pwn2own-2017-an-event-for-the-ages>) held earlier this year was a vulnerability found within the execution engine of Chakra ([CVE-2017-0234](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0234>)) that gained remote code execution. Simon Zuckerbraun goes into a deep dive of the vulnerability, the patch to correct the vulnerability and walks through the conditions required to safely remove bounds checking in the just-in-time (JIT) engine. You can the full blog [here](<https://www.zerodayinitiative.com/blog/2017/10/5/check-it-out-enforcement-of-bounds-checks-in-native-jit-code>).\n\n**Zero-Day Filters**\n\nThere are nine new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Advantech (3)_**\n\n| \n\n * 29657: ZDI-CAN-4992,4993,5042-5055,5061-5065: Zero Day Initiative Vulnerability (Advantech WebAccess)\n * 29683: ZDI-CAN-5057: Zero Day Initiative Vulnerability (Advantech WebAccess)\n * 29684: ZDI-CAN-5058: Zero Day Initiative Vulnerability (Advantech WebAccess) \n---|--- \n| \n \n**_EMC (2)_**\n\n| \n\n * 29660: HTTP: EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Vulnerability (ZDI-17-491)\n * 29661: HTTPS: EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Vulnerability(ZDI-17-491) \n---|--- \n| \n \n**_Foxit (1)_**\n\n| \n\n * 29135: HTTP: Foxit Reader launchURL Command Injection Vulnerability (ZDI-17-691) \n---|--- \n| \n \n**_Microsoft (3)_**\n\n| \n\n * 29685: HTTP: Microsoft Office WordPerfect Document Converter Buffer Overflow Vulnerability (ZDI-17-730)\n * 29687: ZDI-CAN-5059: Zero Day Initiative Vulnerability (Microsoft Edge)\n * 29694: ZDI-CAN-5069: Zero Day Initiative Vulnerability (Microsoft Windows SMB) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-september-25-2017/>).", "cvss3": {}, "published": "2017-10-06T14:55:49", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of October 2, 2017", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0234"], "modified": "2017-10-06T14:55:49", "id": "TRENDMICROBLOG:19E8275962B505769288D026F9990B4A", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-october-2-2017/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "prion": [{"lastseen": "2023-11-22T02:54:55", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0267", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0267", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:56", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0275", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0275", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:56", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0268", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0268", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:56", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0274", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0274", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:56", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0276", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0276", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:55", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0270", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0270", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:56", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0271", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0271", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:52", "description": "A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T18:39:00", "id": "PRION:CVE-2017-0238", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0238", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:53", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-07-08T01:29:00", "id": "PRION:CVE-2017-0236", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0236", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:56", "description": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0272", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0278", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0278", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:54:56", "description": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0272", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0272", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0272", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:57", "description": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0272", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0277", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0277", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:54:58", "description": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0272", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0279", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0279", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:54:52", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T18:10:00", "id": "PRION:CVE-2017-0235", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0235", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:53", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-07-08T01:29:00", "id": "PRION:CVE-2017-0234", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0234", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:51", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T18:09:00", "id": "PRION:CVE-2017-0229", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0229", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:51", "description": "A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-07-08T01:29:00", "id": "PRION:CVE-2017-0228", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0228", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:51", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T18:09:00", "id": "PRION:CVE-2017-0230", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0230", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:50", "description": "A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T17:42:00", "id": "PRION:CVE-2017-0224", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0224", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:57", "description": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Denial of service", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0269", "CVE-2017-0273", "CVE-2017-0280"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0273", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0273", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T02:54:55", "description": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Denial of service", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0269", "CVE-2017-0273", "CVE-2017-0280"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0269", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0269", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T02:54:56", "description": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Denial of service", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0269", "CVE-2017-0273", "CVE-2017-0280"], "modified": "2018-03-28T01:29:00", "id": "PRION:CVE-2017-0280", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0280", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T02:54:50", "description": "A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "modified": "2017-05-23T19:17:00", "id": "PRION:CVE-2017-0221", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0221", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:51", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "modified": "2017-07-08T01:29:00", "id": "PRION:CVE-2017-0227", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0227", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:52", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "modified": "2017-07-08T01:29:00", "id": "PRION:CVE-2017-0240", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0240", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:52", "description": "An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This CVE ID is unique from CVE-2017-0233.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "COMPLETE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0233", "CVE-2017-0241"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0241", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0241", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:C/A:N"}}, {"lastseen": "2023-11-22T02:54:53", "description": "An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This CVE ID is unique from CVE-2017-0241.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0233", "CVE-2017-0241"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0233", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0233", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:54:51", "description": "Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka \"Windows COM Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-0214.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0213", "CVE-2017-0214"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0213", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0213", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T02:54:51", "description": "Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka \"Windows COM Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-0213.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0213", "CVE-2017-0214"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0214", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0214", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:54:50", "description": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0226.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0222", "CVE-2017-0226"], "modified": "2017-07-08T01:29:00", "id": "PRION:CVE-2017-0222", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0222", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:51", "description": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0222.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0222", "CVE-2017-0226"], "modified": "2017-05-23T18:05:00", "id": "PRION:CVE-2017-0226", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0226", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:54", "description": "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0175", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0259"], "modified": "2020-09-28T12:58:00", "id": "PRION:CVE-2017-0258", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0258", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:47", "description": "The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0175", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0259"], "modified": "2018-10-30T16:28:00", "id": "PRION:CVE-2017-0175", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0175", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:50", "description": "The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0175", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0259"], "modified": "2017-08-13T01:29:00", "id": "PRION:CVE-2017-0220", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0220", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:55", "description": "The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0175", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0259"], "modified": "2017-08-13T01:29:00", "id": "PRION:CVE-2017-0259", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0259", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:54:53", "description": "The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka \"Win32k Elevation of Privilege Vulnerability.\"", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0246"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0246", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0246", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:55", "description": "The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0263"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0263", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0263", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T02:54:50", "description": "Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka \"Windows Hyper-V vSMB Elevation of Privilege Vulnerability\".", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.6, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2017-05-12T14:29:00", "type": "prion", "title": "Privilege escalation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0212"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-0212", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-0212", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-05T14:01:54", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0271", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0271", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0271", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:57", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0275", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0275", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0275", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:56", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0267", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0267", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0267", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:57", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0276", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0276", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0276", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:53", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0268", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0268", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0268", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:58", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0270", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0270", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0270", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:57", "description": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0274", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0274", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0274", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:54", "description": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0272", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0272", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0272", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:58", "description": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0278", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0272", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0278", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0278", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:57", "description": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0279", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0272", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0279", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0279", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:02:00", "description": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0277", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0272", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0277", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0277", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:33", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0229", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T18:09:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0229", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0229", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:33", "description": "A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0228", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-07-08T01:29:00", "cpe": ["cpe:/a:microsoft:edge:*", "cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2017-0228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0228", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:34", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0230", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T18:09:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0230", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0230", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:35", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0235", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T18:10:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0235", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0235", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:42", "description": "A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0238", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T18:39:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:edge:*", "cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2017-0238", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0238", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:32", "description": "A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0224", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-05-23T17:42:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0224", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0224", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:41", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0234", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-07-08T01:29:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0234", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:37", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0236", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0224", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238"], "modified": "2017-07-08T01:29:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0236", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0236", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:53", "description": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0269", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0269", "CVE-2017-0273", "CVE-2017-0280"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0269", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0269", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:57", "description": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0280", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0269", "CVE-2017-0273", "CVE-2017-0280"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0280", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0280", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:59", "description": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0273", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0269", "CVE-2017-0273", "CVE-2017-0280"], "modified": "2018-03-28T01:29:00", "cpe": ["cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1511"], "id": "CVE-2017-0273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0273", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:29", "description": "A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0221", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "modified": "2017-05-23T19:17:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0221", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0221", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:33", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0227", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "modified": "2017-07-08T01:29:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0227", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0227", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:37", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0240", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "modified": "2017-07-08T01:29:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0240", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0240", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:34", "description": "An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This CVE ID is unique from CVE-2017-0241.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0233", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0233", "CVE-2017-0241"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0233", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0233", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:01:38", "description": "An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This CVE ID is unique from CVE-2017-0233.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0241", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "COMPLETE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:N", "version"