Search...

Microsoft COM Multiple Vulnerabilities (KB4018556)

2017-05-10T00:00:00

ID OPENVAS:1361412562310811118
Type openvas
Reporter Copyright (C) 2017 Greenbone Networks GmbH
Modified 2017-05-29T00:00:00

Description

This host is missing an important security update according to Microsoft KB4018556

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ms_com_mult_vuln_kb4018556.nasl 6231 2017-05-29 09:29:50Z teissa $
#
# Microsoft COM Multiple Vulnerabilities (KB4018556)
#
# Authors:
# Kashinath T &lt;tkashinath@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.811118");
  script_version("$Revision: 6231 $");
  script_cve_id("CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0244", "CVE-2017-0258");
  script_bugtraq_id(98112, 98109, 98103, 98102); 
  script_tag(name:"cvss_base", value:"6.9");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-05-29 11:29:50 +0200 (Mon, 29 May 2017) $");
  script_tag(name:"creation_date", value:"2017-05-10 12:51:18 +0530 (Wed, 10 May 2017)");
  script_tag(name:"qod_type", value:"executable_version");
  script_name("Microsoft COM Multiple Vulnerabilities (KB4018556)");

  script_tag(name: "summary" , value:"This host is missing an important security
  update according to Microsoft KB4018556");

  script_tag(name: "vuldetect" , value:"Get the vulnerable file version and check
  appropriate patch is applied or not.");

  script_tag(name: "insight" , value:"Multiple flaws exists due to,
  - The Windows kernel improperly initializes objects in memory.
  - The way that the Windows Kernel handles objects in memory.
  - Windows fails to properly validate input before loading type libraries.
  - An unspecified error in Windows COM Aggregate Marshaler.");

  script_tag(name:"impact", value:"An attacker who successfully exploited the
  vulnerability can elevate their privilege level, can lead to denial of
  service condition, could obtain information to further compromise the users
  system and run arbitrary code with elevated privileges.

  Impact Level: System");

  script_tag(name:"affected", value:"
  Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2");

  script_tag(name:"solution", value:"Run Windows Update and update the
  listed hotfixes or download and update mentioned hotfixes in the advisory
  from the below link,
  https://support.microsoft.com/en-gb/help/4018556");

  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name : "URL" , value : "https://support.microsoft.com/en-gb/help/4018556");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_reg_enum.nasl");
  script_mandatory_keys("SMB/WindowsVersion");
  exit(0);
}


include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

## Variables Initialization
sysPath = "";
asVer  = "";

## Check for OS and Service Pack
if(hotfix_check_sp(win2008:3, win2008x64:3) &lt;= 0){
  exit(0);
}

## Get System Path
sysPath = smb_get_system32root();
if(!sysPath ){
  exit(0);
}

##Fetch the version of 'Ole32.dll'
if(!asVer = fetch_file_version(sysPath, file_name:"Ole32.dll")){
  exit(0);
}

## Check for Ole32.dll version 
if(version_is_less(version:asVer, test_version:"6.0.6002.19773"))
{
  Vulnerable_range = "Less than 6.0.6002.19773";
  VULN = TRUE ;
}

else if(version_in_range(version:asVer, test_version:"6.0.6002.23000", test_version2:"6.0.6002.24088"))
{
  Vulnerable_range = "6.0.6002.23000 - 6.0.6002.24088";
  VULN = TRUE ;
}

if(VULN)
{
  report = 'File checked:     ' + sysPath + "\Ole32.dll" + '\n' +
           'File version:     ' + asVer  + '\n' +
           'Vulnerable range: ' + Vulnerable_range + '\n' ;
  security_message(data:report);
  exit(0);
}
exit(0);

JSON Vulners Source

Initial Source

{"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811118", "history": [], "naslFamily": "Windows : Microsoft Bulletins", "id": "OPENVAS:1361412562310811118", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-05-10T00:00:00", "description": "This host is missing an important security\n update according to Microsoft KB4018556", "title": "Microsoft COM Multiple Vulnerabilities (KB4018556)", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms_com_mult_vuln_kb4018556.nasl 6231 2017-05-29 09:29:50Z teissa $\n#\n# Microsoft COM Multiple Vulnerabilities (KB4018556)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811118\");\n script_version(\"$Revision: 6231 $\");\n script_cve_id(\"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0244\", \"CVE-2017-0258\");\n script_bugtraq_id(98112, 98109, 98103, 98102); \n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-29 11:29:50 +0200 (Mon, 29 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 12:51:18 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft COM Multiple Vulnerabilities (KB4018556)\");\n\n script_tag(name: \"summary\" , value:\"This host is missing an important security\n update according to Microsoft KB4018556\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the vulnerable file version and check\n appropriate patch is applied or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists due to,\n - The Windows kernel improperly initializes objects in memory.\n - The way that the Windows Kernel handles objects in memory.\n - Windows fails to properly validate input before loading type libraries.\n - An unspecified error in Windows COM Aggregate Marshaler.\");\n\n script_tag(name:\"impact\", value:\"An attacker who successfully exploited the\n vulnerability can elevate their privilege level, can lead to denial of\n service condition, could obtain information to further compromise the users\n system and run arbitrary code with elevated privileges.\n\n Impact Level: System\");\n\n script_tag(name:\"affected\", value:\"\n Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the\n listed hotfixes or download and update mentioned hotfixes in the advisory\n from the below link,\n https://support.microsoft.com/en-gb/help/4018556\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"https://support.microsoft.com/en-gb/help/4018556\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\nsysPath = \"\";\nasVer = \"\";\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\n## Get System Path\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\n##Fetch the version of 'Ole32.dll'\nif(!asVer = fetch_file_version(sysPath, file_name:\"Ole32.dll\")){\n exit(0);\n}\n\n## Check for Ole32.dll version \nif(version_is_less(version:asVer, test_version:\"6.0.6002.19773\"))\n{\n Vulnerable_range = \"Less than 6.0.6002.19773\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:asVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.24088\"))\n{\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.24088\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\Ole32.dll\" + '\\n' +\n 'File version: ' + asVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "pluginID": "1361412562310811118", "hash": "01ea1cca470c4a9fd039e6f97f4828301be1338d4f5a911affb42ba57c44d739", "references": ["https://support.microsoft.com/en-gb/help/4018556"], "edition": 1, "cvelist": ["CVE-2017-0244", "CVE-2017-0214", "CVE-2017-0258", "CVE-2017-0213"], "lastseen": "2017-07-02T21:14:45", "viewCount": 0, "enchantments": {"vulnersScore": 10.0}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "9c784b1b243bb08d39335296ab4d9dcf"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "1ce24f1b15067cd9580ace70265aa4f7"}, {"key": "href", "hash": "8f2eeef3efb74ea3db555bad088f3e86"}, {"key": "modified", "hash": "8261c6758282db58ef5e36b4da39bde2"}, {"key": "naslFamily", "hash": "c9898bc973bfffca5119f1a3bfa73a8d"}, {"key": "pluginID", "hash": "fe7de77d0a55787aae70174d421aeb9e"}, {"key": "published", "hash": "251f7e82e99b45e17b6cf8e939e6b119"}, {"key": "references", "hash": "f854270143b9a378e6cbe0a22716faf8"}, {"key": "reporter", "hash": "a2323bbbec1269474bb5afba0147298f"}, {"key": "sourceData", "hash": "cb7647ef2ee3bbad6c4596e12e0d0a92"}, {"key": "title", "hash": "128e891b4ebb963a015454d8cf7a43e5"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-05-29T00:00:00"}

{"result": {"cve": [{"id": "CVE-2017-0244", "type": "cve", "title": "CVE-2017-0244", "description": "The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka \"Windows Kernel Elevation of Privilege Vulnerability.\"", "published": "2017-05-12T10:29:03", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0244", "cvelist": ["CVE-2017-0244"], "lastseen": "2017-07-08T10:47:27"}, {"id": "CVE-2017-0214", "type": "cve", "title": "CVE-2017-0214", "description": "Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka \"Windows COM Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-0213.", "published": "2017-05-12T10:29:01", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0214", "cvelist": ["CVE-2017-0214"], "lastseen": "2017-08-13T10:43:25"}, {"id": "CVE-2017-0258", "type": "cve", "title": "CVE-2017-0258", "description": "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259.", "published": "2017-05-12T10:29:04", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0258", "cvelist": ["CVE-2017-0258"], "lastseen": "2017-08-13T10:43:26"}, {"id": "CVE-2017-0213", "type": "cve", "title": "CVE-2017-0213", "description": "Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka \"Windows COM Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-0214.", "published": "2017-05-12T10:29:01", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0213", "cvelist": ["CVE-2017-0213"], "lastseen": "2017-08-13T10:43:25"}], "symantec": [{"id": "SMNTC-98109", "type": "symantec", "title": "Microsoft Windows Kernel CVE-2017-0244 Local Privilege Escalation Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2017-05-09T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98109", "cvelist": ["CVE-2017-0244"], "lastseen": "2018-03-13T12:07:30"}, {"id": "SMNTC-98103", "type": "symantec", "title": "Microsoft Windows COM CVE-2017-0214 Local Privilege Escalation Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as non-executable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2017-05-09T00:00:00", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98103", "cvelist": ["CVE-2017-0214"], "lastseen": "2018-03-13T12:07:46"}, {"id": "SMNTC-98112", "type": "symantec", "title": "Microsoft Windows Kernel CVE-2017-0258 Local Information Disclosure Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to disclose sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2017-05-09T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98112", "cvelist": ["CVE-2017-0258"], "lastseen": "2018-03-14T22:39:24"}, {"id": "SMNTC-98102", "type": "symantec", "title": "Microsoft Windows COM CVE-2017-0213 Local Privilege Escalation Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code within the context of the application.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2017-05-09T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98102", "cvelist": ["CVE-2017-0213"], "lastseen": "2018-03-14T22:41:06"}], "openvas": [{"id": "OPENVAS:1361412562310811114", "type": "openvas", "title": "Microsoft Windows Monthly Rollup (KB4019264)", "description": "This host is missing a critical security\n update (monthly rollup) according to Microsoft KB4019264.", "published": "2017-05-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811114", "cvelist": ["CVE-2017-0231", "CVE-2017-0244", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-8552", "CVE-2017-0268", "CVE-2017-0242", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246", "CVE-2017-0175"], "lastseen": "2017-07-05T10:56:07"}, {"id": "OPENVAS:1361412562310811112", "type": "openvas", "title": "Microsoft Windows Monthly Rollup (KB4019214)", "description": "This host is missing a critical security\n update (monthly rollup) according to microsoft KB4019214", "published": "2017-05-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811112", "cvelist": ["CVE-2017-0226", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "lastseen": "2017-07-02T21:14:32"}, {"id": "OPENVAS:1361412562310811111", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019474)", "description": "This host is missing important/critical\n security update according to Microsoft Security update KB4019474.", "published": "2017-05-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811111", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "lastseen": "2017-07-02T21:14:45"}, {"id": "OPENVAS:1361412562310811113", "type": "openvas", "title": "Microsoft Windows Monthly Rollup (KB4019215)", "description": "This host is missing a critical security\n update (monthly rollup) according to microsoft KB4019215.", "published": "2017-05-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811113", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "lastseen": "2017-07-02T21:14:28"}, {"id": "OPENVAS:1361412562310811107", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019472)", "description": "This host is missing a critical/important\n security update according to Microsoft KB4019472.", "published": "2017-05-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811107", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0221", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "lastseen": "2017-07-02T21:14:35"}, {"id": "OPENVAS:1361412562310811108", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4016871)", "description": "This host is missing a critical security\n update according to Microsoft Security update KB4016871.", "published": "2017-05-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811108", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0235", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0224", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "lastseen": "2017-07-02T21:14:43"}, {"id": "OPENVAS:1361412562310811110", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019473)", "description": "This host is missing a critical/important\n security update according to Microsoft KB4019473.", "published": "2017-05-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811110", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "lastseen": "2017-07-02T21:14:42"}], "kaspersky": [{"id": "KLA11009", "type": "kaspersky", "title": "\r KLA11009Multiple vulnerabilities in Microsoft Windows ", "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n05/09/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause a denial of service, gain privileges, obtain sensitive information or execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Windows Vista Service Pack 2 \nMicrosoft Windows 7 Service Pack 1 \nMicrosoft Windows 8.1 \nMicrosoft Windows RT 8.1 \nMicrosoft Windows 10 \nMicrosoft Windows Server 2008 Service Pack 2 \nMicrosoft Windows Server 2008 R2 Service Pack 1 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0280](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0280>) \n[CVE-2017-0279](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279>) \n[CVE-2017-0278](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0278>) \n[CVE-2017-0277](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0277>) \n[CVE-2017-0276](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0276>) \n[CVE-2017-0275](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0275>) \n[CVE-2017-0274](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0274>) \n[CVE-2017-0273](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0273>) \n[CVE-2017-0272](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0272>) \n[CVE-2017-0271](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0271>) \n[CVE-2017-0270](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0270>) \n[CVE-2017-0269](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0269>) \n[CVE-2017-0268](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0268>) \n[CVE-2017-0267](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267>) \n[CVE-2017-0263](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263>) \n[CVE-2017-0259](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0259>) \n[CVE-2017-0258](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0258>) \n[CVE-2017-0246](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246>) \n[CVE-2017-0245](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245>) \n[CVE-2017-0244](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0244>) \n[CVE-2017-0242](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0242>) \n[CVE-2017-0220](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0220>) \n[CVE-2017-0214](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0214>) \n[CVE-2017-0213](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213>) \n[CVE-2017-0212](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0212>) \n[CVE-2017-0190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0190>) \n[CVE-2017-0175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0175>) \n[CVE-2017-0171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0171>) \n[CVE-2017-0077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0077>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Windows RT](<https://threats.kaspersky.com/en/product/Windows-RT/>)\n\n### *CVE-IDS*:\n[CVE-2017-0280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0280>) \n[CVE-2017-0279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0279>) \n[CVE-2017-0278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0278>) \n[CVE-2017-0277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0277>) \n[CVE-2017-0276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0276>) \n[CVE-2017-0275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0275>) \n[CVE-2017-0274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0274>) \n[CVE-2017-0273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0273>) \n[CVE-2017-0272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0272>) \n[CVE-2017-0271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0271>) \n[CVE-2017-0270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0270>) \n[CVE-2017-0269](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0269>) \n[CVE-2017-0268](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0268>) \n[CVE-2017-0267](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0267>) \n[CVE-2017-0263](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0263>) \n[CVE-2017-0259](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0259>) \n[CVE-2017-0258](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0258>) \n[CVE-2017-0246](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0246>) \n[CVE-2017-0245](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0245>) \n[CVE-2017-0244](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0244>) \n[CVE-2017-0242](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0242>) \n[CVE-2017-0220](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0220>) \n[CVE-2017-0214](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0214>) \n[CVE-2017-0213](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0213>) \n[CVE-2017-0212](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0212>) \n[CVE-2017-0190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0190>) \n[CVE-2017-0175](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0175>) \n[CVE-2017-0171](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0171>) \n[CVE-2017-0077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0077>) \n\n\n### *Microsoft official advisories*:\n[CVE-2017-0280](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0280>)\n\n### *KB list*:\n[4019474](<http://support.microsoft.com/kb/4019474>) \n[4019473](<http://support.microsoft.com/kb/4019473>) \n[4019472](<http://support.microsoft.com/kb/4019472>) \n[4016871](<http://support.microsoft.com/kb/4016871>) \n[4019264](<http://support.microsoft.com/kb/4019264>) \n[4019263](<http://support.microsoft.com/kb/4019263>) \n[4019215](<http://support.microsoft.com/kb/4019215>) \n[4019213](<http://support.microsoft.com/kb/4019213>) \n[4019149](<http://support.microsoft.com/kb/4019149>) \n[4019216](<http://support.microsoft.com/kb/4019216>) \n[4019214](<http://support.microsoft.com/kb/4019214>) \n[4019216](<http://support.microsoft.com/kb/4019216>) \n[4018885](<http://support.microsoft.com/kb/4018885>) \n[4019206](<http://support.microsoft.com/kb/4019206>) \n[4018821](<http://support.microsoft.com/kb/4018821>) \n[4018927](<http://support.microsoft.com/kb/4018927>) \n[4018556](<http://support.microsoft.com/kb/4018556>) \n[4019204](<http://support.microsoft.com/kb/4019204>) \n[4018466](<http://support.microsoft.com/kb/4018466>) \n[4018196](<http://support.microsoft.com/kb/4018196>) \n[4038788](<http://support.microsoft.com/kb/4038788>)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA11009", "cvelist": ["CVE-2017-0244", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0259", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0263", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-0268", "CVE-2017-0242", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246", "CVE-2017-0175"], "lastseen": "2018-05-19T04:22:52"}], "nessus": [{"id": "SMB_NT_MS17_MAY_WIN2008.NASL", "type": "nessus", "title": "Windows 2008 May 2017 Multiple Security Updates", "description": "The remote Windows host is missing multiple security updates released on 2017/05/09. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory.\n (CVE-2017-0077)\n\n - A denial of service vulnerability exists in Windows DNS Server if the server is configured to answer version queries. An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system.\n (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0175, CVE-2017-0220)\n\n - An information disclosure vulnerability exists in the way some ActiveX objects are instantiated. An attacker who successfully exploited this vulnerability could gain access to protected memory contents. (CVE-2017-0242)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability can lead to denial of service.\n (CVE-2017-0244)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-0245)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. On computers with Windows 7 for x64-based systems or later installed, this vulnerability can lead to denial of service.\n (CVE-2017-0246)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2017-0258)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory.\n (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)\n\n - An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100063", "cvelist": ["CVE-2017-0244", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0220", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0263", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-8552", "CVE-2017-0268", "CVE-2017-0242", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246", "CVE-2017-0175"], "lastseen": "2018-03-08T09:55:53"}, {"id": "SMB_NT_MS17-MAY_4019214.NASL", "type": "nessus", "title": "Windows Server 2012 May 2017 Security Updates", "description": "The remote Windows host is missing security update 4019214 or cumulative update 4019216. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0220)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100054", "cvelist": ["CVE-2017-0226", "CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0220", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0238", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0213", "CVE-2017-0276"], "lastseen": "2017-12-14T05:46:28"}, {"id": "SMB_NT_MS17_MAY_4019264.NASL", "type": "nessus", "title": "Windows 7 and Windows Server 2008 R2 May 2017 Security Updates", "description": "The remote Windows host is missing security update 4019263 or cumulative update 4019264. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0175)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0220)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)\n\n - An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100058", "cvelist": ["CVE-2017-0231", "CVE-2017-0280", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0220", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-8552", "CVE-2017-0268", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0175"], "lastseen": "2017-12-14T05:42:02"}, {"id": "SMB_NT_MS17_MAY_4019215.NASL", "type": "nessus", "title": "Windows 8.1 and Windows Server 2012 R2 May 2017 Security Updates", "description": "The remote Windows host is missing security update 4019213 or cumulative update 4019215. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100057", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0269", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0213", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "lastseen": "2017-12-14T05:43:32"}, {"id": "SMB_NT_MS17_MAY_4019474.NASL", "type": "nessus", "title": "KB4019474: Windows 10 Version 1507 May 2017 Cumulative Update", "description": "The remote Windows 10 version 1507 host is missing security update KB4019474. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100061", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "lastseen": "2017-10-29T13:34:47"}, {"id": "SMB_NT_MS17_MAY_4019473.NASL", "type": "nessus", "title": "KB4019473: Windows 10 Version 1511 May 2017 Cumulative Update", "description": "The remote Windows 10 version 1511 host is missing security update KB4019473. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100060", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "lastseen": "2017-10-29T13:38:38"}, {"id": "SMB_NT_MS17_MAY_4016871.NASL", "type": "nessus", "title": "KB4016871: Windows 10 Version 1703 May 2017 Cumulative Update", "description": "The remote Windows 10 version 1703 host is missing security update KB4016871. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0224)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0235)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100055", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0235", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0224", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0223", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "lastseen": "2018-03-08T10:26:44"}, {"id": "SMB_NT_MS17_MAY_4019472.NASL", "type": "nessus", "title": "KB4019472: Windows 10 Version 1607 and Windows Server 2016 May 2017 Cumulative Update", "description": "The remote Windows host is missing security update KB4019472. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Edge due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0221)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "published": "2017-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=100059", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0221", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "lastseen": "2017-11-29T01:28:56"}], "trendmicroblog": [{"id": "TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of May 8, 2017", "description": "![](http://blog.trendmicro.com/wp-content/uploads/2016/04/TP-WeeklyBlog-300x205-300x205.jpg)\n\nAlthough I\u2019m still dreaming of the sandy beaches of Cancun, it\u2019s time to get back to reality. Security vulnerabilities never take a holiday and this week is no exception. In addition to our normal Digital Vaccine (DV) package delivered earlier this week, we also issued an out-of-band DV package to address zero-day vulnerabilities for Intel Active Management Technology (AMT) ([CVE-2017-5689](<https://nvd.nist.gov/vuln/detail/CVE-2017-5689>)) and Windows Defender ([CVE-2017-0290](<https://nvd.nist.gov/vuln/detail/CVE-2017-0290>)).\n\nThe Intel AMT vulnerability is an escalation of privilege vulnerability that allows an unprivileged attacker to gain control of the manageability features provided by the affected Intel AMT products. The Windows Defender vulnerability is much scarier because allows a remote attacker to take over a system without any interaction from the system owner. Just the mere execution of Windows Defender scanning an email or instant message from an attacker is enough. But don\u2019t worry \u2013 customers using TippingPoint solutions are protected from these vulnerabilities with the following DV filters:\n\n| \n\n * 28214: HTTP: Null response digest\n * 28221: HTTP: Microsoft Malware Protection Engine mpengine Type Confusion Vulnerability \n---|--- \n| \n \n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before May 9, 2017. Microsoft released patches for 55 new CVEs in Internet Explorer, Edge, Office, Windows, and .NET Framework. A total of 14 of these CVEs are rated Critical while the rest are rated Important in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [May 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/5/5/the-may-2017-security-update-review>):\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0064 | | Insufficient Vendor Information \nCVE-2017-0077 | 28112 | \nCVE-2017-0171 | | Insufficient Vendor Information \nCVE-2017-0175 | 28183 | \nCVE-2017-0190 | | Insufficient Vendor Information \nCVE-2017-0212 | | Insufficient Vendor Information \nCVE-2017-0213 | 28184 | \nCVE-2017-0214 | 28189 | \nCVE-2017-0220 | 28198 | \nCVE-2017-0221 | 28114 | \nCVE-2017-0222 | | Insufficient Vendor Information \nCVE-2017-0224 | | Insufficient Vendor Information \nCVE-2017-0226 | | Insufficient Vendor Information \nCVE-2017-0227 | 28130 | \nCVE-2017-0228 | *27538 | \nCVE-2017-0229 | | Insufficient Vendor Information \nCVE-2017-0230 | | Insufficient Vendor Information \nCVE-2017-0231 | | Insufficient Vendor Information \nCVE-2017-0233 | | Insufficient Vendor Information \nCVE-2017-0234 | *27532 | \nCVE-2017-0235 | | Insufficient Vendor Information \nCVE-2017-0236 | *27536 | \nCVE-2017-0238 | *27540 | \nCVE-2017-0240 | *27541, *27542 | \nCVE-2017-0241 | | Insufficient Vendor Information \nCVE-2017-0242 | | Insufficient Vendor Information \nCVE-2017-0243 | 28192 | \nCVE-2017-0244 | | Insufficient Vendor Information \nCVE-2017-0245 | 28185 | \nCVE-2017-0246 | 28111 | \nCVE-2017-0248 | | Insufficient Vendor Information \nCVE-2017-0254 | | Insufficient Vendor Information \nCVE-2017-0255 | | Insufficient Vendor Information \nCVE-2017-0258 | 28199 | \nCVE-2017-0259 | 28200 | \nCVE-2017-0261 | | Insufficient Vendor Information \nCVE-2017-0262 | | Insufficient Vendor Information \nCVE-2017-0263 | 28186 | \nCVE-2017-0264 | | Insufficient Vendor Information \nCVE-2017-0265 | | Insufficient Vendor Information \nCVE-2017-0266 | 28193 | \nCVE-2017-0267 | | Insufficient Vendor Information \nCVE-2017-0268 | | Insufficient Vendor Information \nCVE-2017-0269 | | Insufficient Vendor Information \nCVE-2017-0270 | | Insufficient Vendor Information \nCVE-2017-0271 | | Insufficient Vendor Information \nCVE-2017-0272 | | Insufficient Vendor Information \nCVE-2017-0273 | | Insufficient Vendor Information \nCVE-2017-0274 | | Insufficient Vendor Information \nCVE-2017-0275 | | Insufficient Vendor Information \nCVE-2017-0276 | | Insufficient Vendor Information \nCVE-2017-0277 | | Insufficient Vendor Information \nCVE-2017-0278 | | Insufficient Vendor Information \nCVE-2017-0279 | | Insufficient Vendor Information \nCVE-2017-0280 | | Insufficient Vendor Information \nCVE-2017-0281 | | Insufficient Vendor Information \n \n \n\n**Zero-Day Filters**\n\nThere are 14 new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (5)_**\n\n| \n\n * 28094: ZDI-CAN-4564: Zero Day Initiative Vulnerability (Adobe Flash)\n * 28099: ZDI-CAN-4565: Zero Day Initiative Vulnerability (Adobe Flash)\n * 28100: ZDI-CAN-4566: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28101: ZDI-CAN-4567: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28202: ZDI-CAN-4715, 4716: Zero Day Initiative Vulnerability (Adobe Reader DC)**_ _** \n---|--- \n| \n \n**_EMC (6)_**\n\n| \n\n * 28102: ZDI-CAN-4694: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28103: ZDI-CAN-4695: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28104: ZDI-CAN-4696: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28105: ZDI-CAN-4698: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28106: ZDI-CAN-4699: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28107: ZDI-CAN-4710: Zero Day Initiative Vulnerability (EMC AppSync)**_ _** \n---|--- \n| \n \n**_NetGain (3)_**\n\n| \n\n * 28108: ZDI-CAN-4749: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)\n * 28109: ZDI-CAN-4750: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)\n * 28110: ZDI-CAN-4751: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)**_ _** \n---|--- \n| \n \n**Updated Existing Zero-Day Filters**\n\nThis section highlights specific filter(s) of interest in this week\u2019s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its [Disclosure Policy](<http://zerodayinitiative.com/advisories/disclosure_policy/>).\n\nThree of the filters we have for this month\u2019s Microsoft bulletins are a direct result of the Zero Day Initiative\u2019s Pwn2Own contest held in March. These filters have been updated to reflect the fact that the vulnerabilities have been patched:\n\n| \n\n * 27532: HTTP: Microsoft Edge Chakra JIT Array Memory Corruption Vulnerability (Pwn2Own)\n * 27538: HTTP: Microsoft Edge Chakra Array Splice Use-After-Free Vulnerability (Pwn2Own)\n * 27540: HTTP: Microsoft Edge Chakra Array Unshift Buffer Overflow Vulnerability (Pwn2Own)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-may-1-2017/>).", "published": "2017-05-12T16:47:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-may-8-2017/", "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0244", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0290", "CVE-2017-0248", "CVE-2017-5689", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0235", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0220", "CVE-2017-0224", "CVE-2017-0281", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0254", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0264", "CVE-2017-0077", "CVE-2017-0255", "CVE-2017-0221", "CVE-2017-0243", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0242", "CVE-2017-0262", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0265", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246", "CVE-2017-0261", "CVE-2017-0175"], "lastseen": "2017-05-18T08:47:17"}], "zdt": [{"id": "1337DAY-ID-27797", "type": "zdt", "title": "Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation Explo", "description": "Exploit for windows platform in category local exploits", "published": "2017-05-17T00:00:00", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://0day.today/exploit/description/27797", "cvelist": ["CVE-2017-0214"], "lastseen": "2018-01-05T05:13:31"}, {"id": "1337DAY-ID-27776", "type": "zdt", "title": "Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes", "description": "Exploit for windows platform in category dos / poc", "published": "2017-05-16T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://0day.today/exploit/description/27776", "cvelist": ["CVE-2017-0258"], "lastseen": "2018-04-10T07:41:06"}, {"id": "1337DAY-ID-27798", "type": "zdt", "title": "Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation Exploit", "description": "Exploit for windows platform in category local exploits", "published": "2017-05-17T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://0day.today/exploit/description/27798", "cvelist": ["CVE-2017-0213"], "lastseen": "2018-02-21T15:35:29"}], "exploitdb": [{"id": "EDB-ID:42021", "type": "exploitdb", "title": "Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation", "description": "Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation. CVE-2017-0214. Dos exploit for Windows platform. Tags: Denial...", "published": "2017-05-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/42021/", "cvelist": ["CVE-2017-0214"], "lastseen": "2017-05-17T16:49:36"}, {"id": "EDB-ID:42006", "type": "exploitdb", "title": "Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token", "description": "Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token. CVE-2017-0258. Dos exploit for Windows platform", "published": "2017-05-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/42006/", "cvelist": ["CVE-2017-0258"], "lastseen": "2017-05-16T00:48:47"}], "seebug": [{"id": "SSV:96267", "type": "seebug", "title": "Microsoft Windows COM Local Privilege Escalation Vulnerability(CVE-2017-0213)", "description": "### Summary:\r\nWhen accessing an OOP COM object using IRemUnknown2 the local unmarshaled proxy can be for a different interface to that requested by QueryInterface resulting in a type confusion which can result in EoP.\r\n\r\n### Description:\r\n\r\nQuerying for an IID on a OOP (or remote) COM object calls the ORPC method RemQueryInterface or RemQueryInterface2 on the default proxy. This request is passed to the remote object which queries the implementation object and if successful returns a marshaled representation of that interface to the caller. \r\n\r\nThe difference between RemQueryInterface and RemQueryInterface2 (RQI2) is how the objects are passed back to the caller. For RemQueryInterface the interface is passed back as a STDOBJREF which only contains the basic OXID/OID/IPID information to connect back. RemQueryInterface2 on the other hand passes back MInterfacePointer structures which is an entire OBJREF. The rationale, as far as I can tell, is that RQI2 is used for implementing in-process handlers, some interfaces can be marshaled using the standard marshaler and others can be custom marshaled. This is exposed through the Aggregate Standard Marshaler. \r\n\r\nThe bug lies in the implementation of unpacking the results of the the RQI2 request in CStdMarshal::Finish_RemQIAndUnmarshal2. For each MInterfacePointer CStdMarshal::UnmarshalInterface is called passing the IID of the expected interface and the binary data wrapped in an IStream. CStdMarshal::UnmarshalInterface blindly unmarshals the interface, which creates a local proxy object but the proxy is created for the IID in the OBJREF stream and NOT the IID requested in RQI2. No further verification occurs at this point and the created proxy is passed back up the call stack until the received by the caller (through a void** obviously). \r\n\r\nIf the IID in the OBJREF doesn\u2019t match the IID requested the caller doesn\u2019t know, if it calls any methods on the expected interface it will be calling a type confused object. This could result in crashes in the caller when it tries to access methods on the expected interface which aren\u2019t there or are implemented differently. You could probably also return a standard OBJREF to a object local to the caller, this will result in returning the local object itself which might have more scope for exploiting the type confusion. In order to get the caller to use RQI2 we just need to pass it back an object which is custom marshaled with the Aggregate Standard Marshaler. This will set a flag on the marshaler which indicates to always use the aggregate marshaler which results in using RQI2 instead of RQI. As this class is a core component of COM it\u2019s trusted and so isn\u2019t affected by the EOAC_NO_CUSTOM_MARSHAL setting.\r\n\r\nIn order to exploit this a different caller needs to call QueryInterface on an object under a less trusted user's control. This could be a more privileged user (such as a sandbox broker), or a privileged service. This is pretty easy pattern to find, any method in an exposed interface on a more trusted COM object which takes an interface pointer or variant would potentially be vulnerable. For example IPersistStream takes an IStream interface pointer and will call methods on it. Another type of method is one of the various notification interfaces such as IBackgroundCopyCallback for BITS. This can probably also be used remotely if the attacker has the opportunity to inject an OBJREF stream into a connection which is set to CONNECT level security (which seems to be the default activation security). \r\n\r\nOn to exploitation, as you well know I\u2019ve little interest in exploiting memory corruptions, especially as this would either this will trigger CFG on modern systems or would require a very precise lineup of expected method and actual called method which could be tricky to exploit reliably. However I think at least using this to escape a sandbox it might be your only option. So I\u2019m not going to do that, instead I\u2019m going to exploit it logically, the only problem is this is probably unexploitable from a sandbox (maybe) and requires a very specific type of callback into our object. \r\n\r\nThe thing I\u2019m going to exploit is in the handling of OLE Automation auto-proxy creation from type libraries. When you implement an Automation compatible object you could implement an explicit proxy but if you\u2019ve already got a Type library built from your IDL then OLEAUT32 provides an alternative. If you register your interface with a Proxy CLSID for PSOAInterface or PSDispatch then instead of loading your PS DLL it will load OLEAUT32. The proxy loader code will lookup the interface entry for the passed IID to see if there\u2019s a registered type library associated with it. If there is the code will call LoadTypeLib on that library and look up the interface entry in the type library. It will then construct a custom proxy object based on the type library information. \r\n\r\nThe trick here is while in general we don\u2019t control the location of the type library (so it\u2019s probably in a location we can write to such as system32) if we can get an object unmarshaled which indicates it\u2019s IID is one of these auto-proxy interfaces while the privileged service is impersonating us we can redirect the C: drive to anywhere we like and so get the service to load an arbitrary type library file instead of a the system one. One easy place where this exact scenario occurs is in the aforementioned BITS SetNotifyInterface function. The service first impersonates the caller before calling QI on the notify interface. We can then return an OBJREF for a automation IID even though the service asked for a BITS callback interface.\r\n\r\nSo what? Well it\u2019s been known for almost 10 years that the Type library file format is completely unsafe. It was reported and it wasn\u2019t changed, Tombkeeper highlighted this in his \u201cSexrets [sic] of LoadLibrary\u201d presentation at CSW 2015. You can craft a TLB which will directly control EIP. Now you\u2019d assume therefore I\u2019m trading a unreliable way of getting EIP control for one which is much easier, if you assume that you\u2019d be wrong. Instead I\u2019m going to abuse the fact that TLBs can have referenced type libraries, which is used instead of embedding the type definitions inside the TLB itself. When a reference type is loaded the loader will try and look up the TLB by its GUID, if that fails it will take the filename string and pass it verbatim to LoadTypeLib. It\u2019s a lesser know fact that this function, if it fails to find a file with the correct name will try and parse the name as a moniker. Therefore we can insert a scriptlet moniker into the type library, when the auto-proxy generator tries to find how many functions the interface implements it walks the inheritance chain, which causes the referenced TLB to be loaded, which causes a scriptlet moniker to be loaded and bound which results in arbitrary execution in a scripting language inside the privileged COM caller. \r\n\r\nThe need to replace the C: drive is why this won\u2019t work as a sandbox escape. Also it's a more general technique, not specific to this vulnerability as such, you could exploit it in the low-level NDR marshaler layer, however it\u2019s rare to find something impersonating the caller during the low-level unmarshal. Type libraries are not loaded using the flag added after CVE-2015-1644 which prevent DLLs being loaded from the impersonate device map. I think you might want to fix this as well as there\u2019s other places and scenarios this can occur, for example there\u2019s a number of WMI services (such as anything which touches GPOs) which result in the ActiveDS com object being created, this is automation compatible and so will load a type library while impersonating the caller. Perhaps the auto-proxy generated should temporarily disable impersonation when loading the type library to prevent this happening. \r\n\r\n### Technologies Affected\r\n* Microsoft Windows 10 Version 1607 for 32-bit Systems\r\n* Microsoft Windows 10 Version 1607 for x64-based Systems\r\n* Microsoft Windows 10 for 32-bit Systems\r\n* Microsoft Windows 10 for x64-based Systems\r\n* Microsoft Windows 10 version 1511 for 32-bit Systems\r\n* Microsoft Windows 10 version 1511 for x64-based Systems\r\n* Microsoft Windows 10 version 1703 for 32-bit Systems\r\n* Microsoft Windows 10 version 1703 for x64-based Systems\r\n* Microsoft Windows 7 for 32-bit Systems SP1\r\n* Microsoft Windows 7 for x64-based Systems SP1\r\n* Microsoft Windows 8.1 for 32-bit Systems\r\n* Microsoft Windows 8.1 for x64-based Systems\r\n* Microsoft Windows RT 8.1\r\n* Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1\r\n* Microsoft Windows Server 2008 R2 for x64-based Systems SP1\r\n* Microsoft Windows Server 2008 for 32-bit Systems SP2\r\n* Microsoft Windows Server 2008 for Itanium-based Systems SP2\r\n* Microsoft Windows Server 2008 for x64-based Systems SP2\r\n* Microsoft Windows Server 2012\r\n* Microsoft Windows Server 2012 R2\r\n* Microsoft Windows Server 2016\r\n\r\n### Proof of Concept\r\n`https://github.com/WindowsExploits/Exploits/tree/master/CVE-2017-0213`", "published": "2017-07-04T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-96267", "cvelist": ["CVE-2015-1644", "CVE-2017-0213"], "lastseen": "2017-11-19T11:56:57"}], "myhack58": [{"id": "MYHACK58:62201786826", "type": "myhack58", "title": "CVE-2017-0213 Windows COM elevation of privilege vulnerability-vulnerability warning-the black bar safety net", "description": "CVE-2017-0213 Windows COM elevation of privilege vulnerability components take a look at this vulnerability:\n\n<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213>\n\nWindows COM Aggregate Marshaler in the realization of the presence of Privilege escalation vulnerability allows a remote attacker to elevate privileges to execute arbitrary code.\n\nVernacular: in package a COM component can provide the right\n\nMicrosoft's official said:\n\nElevation of privileges exists in the Windows COM package. An attacker successfully exploited the vulnerability could run arbitrary code with higher privileges. In order to exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability itself does not allow arbitrary code to run. However, the vulnerability may be associated with one or more vulnerabilities such as remote code execution vulnerabilities and the another privilege level, used together, can be in the running with elevated privileges.\n\nThe affected versions are as follows:\n\n| | | | \n---|---|---|--- \nProduct | Version | Update | Tested \nWindows 10 | | | \u221a \nWindows 10 | 1511 | | \nWindows 10 | 1607 | | \nWindows 10 | 1703 | | \u221a \nWindows 7 | | SP1 | \u221a \nWindows 8.1 | | | \nWindows RT 8.1 | | | \nWindows Server 2008 | | SP2 | \nWindows Server 2008 | R2 | SP1 | \nWindows Server 2012 | | | \nWindows Server 2012 | R2 | | \nWindows Server 2016 | | | \n\n**[1] [[2]](<86826_2.htm>) [next](<86826_2.htm>)**\n", "published": "2017-06-08T00:00:00", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://www.myhack58.com/Article/html/3/62/2017/86826.htm", "cvelist": ["CVE-2017-0213"], "lastseen": "2017-06-08T06:18:38"}]}}