Microsoft Windows Error Reporting CVE-2017-8633 Remote Privilege Escalation Vulnerability
2017-08-08T00:00:00
ID SMNTC-100069 Type symantec Reporter Symantec Security Response Modified 2017-08-08T00:00:00
Description
Description
Microsoft Windows is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges.
Technologies Affected
Microsoft Windows 10 Version 1607 for 32-bit Systems
Microsoft Windows 10 Version 1607 for x64-based Systems
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 version 1511 for 32-bit Systems
Microsoft Windows 10 version 1511 for x64-based Systems
Microsoft Windows 10 version 1703 for 32-bit Systems
Microsoft Windows 10 version 1703 for x64-based Systems
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8.1 for 32-bit Systems
Microsoft Windows 8.1 for x64-based Systems
Microsoft Windows RT 8.1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Recommendations
Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Updates are available. Please see the references or vendor advisory for more information.
{"id": "SMNTC-100069", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Windows Error Reporting CVE-2017-8633 Remote Privilege Escalation Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2017-08-08T00:00:00", "modified": "2017-08-08T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/100069", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2017-8633"], "lastseen": "2018-03-13T10:05:37", "viewCount": 2, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2018-03-13T10:05:37", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-8633"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811280", "OPENVAS:1361412562310811563", "OPENVAS:1361412562310811562", "OPENVAS:1361412562310811606", "OPENVAS:1361412562310811277", "OPENVAS:1361412562310811600", "OPENVAS:1361412562310811605", "OPENVAS:1361412562310811283", "OPENVAS:1361412562310811564"]}, {"type": "zdi", "idList": ["ZDI-17-639"]}, {"type": "mskb", "idList": ["KB4035679"]}, {"type": "thn", "idList": ["THN:81B4CBE5F5938C2A1A9A05F37CFF8A8F"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:5E360655BE25ED8FE7E5EBBFACEDD115"]}, {"type": "threatpost", "idList": ["THREATPOST:E2847DC02F5867ECA6FD0DF53EABD08A"]}, {"type": "nessus", "idList": ["SMB_NT_MS17_AUG_4034658.NASL", "SMB_NT_MS17_AUG_4034674.NASL", "SMB_NT_MS17_AUG_4034681.NASL", "SMB_NT_MS17_AUG_4034668.NASL", "SMB_NT_MS17_AUG_4034664.NASL", "SMB_NT_MS17_AUG_WIN2008.NASL", "SMB_NT_MS17_AUG_4034665.NASL", "SMB_NT_MS17_AUG_4034660.NASL"]}, {"type": "kaspersky", "idList": ["KLA11087", "KLA11846"]}, {"type": "talosblog", "idList": ["TALOSBLOG:74542820136FE100D138D02D9A549776"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:69CE152C75321BE9991EA1AD9027F827"]}], "modified": "2018-03-13T10:05:37", "rev": 2}, "vulnersScore": 6.5}, "affectedSoftware": [{"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1607 for x64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2012 R2 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1703 for x64-based Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 for x64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2016 "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 R2 for x64-based Systems SP1 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1607 for 32-bit Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "8.1 for 32-bit Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for 32-bit Systems SP2 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 for 32-bit Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1511 for x64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2012 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "7 for 32-bit Systems SP1 "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for x64-based Systems SP2 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1511 for 32-bit Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "7 for x64-based Systems SP1 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "8.1 for x64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for Itanium-based Systems SP2 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1703 for 32-bit Systems "}, {"name": "Microsoft Windows RT", "operator": "eq", "version": "8.1 "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 R2 for Itanium-based Systems SP1 "}]}
{"cve": [{"lastseen": "2021-02-02T06:36:51", "description": "Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka \"Windows Error Reporting Elevation of Privilege Vulnerability\".", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-08T21:29:00", "title": "CVE-2017-8633", "type": "cve", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8633"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-8633", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8633", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-06-08T23:29:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8633"], "description": "This host is missing an important security\n update according to Microsoft KB4035679", "modified": "2020-06-04T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811562", "type": "openvas", "title": "Microsoft Windows Error Reporting Elevation of Privilege Vulnerability (KB4035679)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Error Reporting Elevation of Privilege Vulnerability (KB4035679)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811562\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8633\");\n script_bugtraq_id(100069);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 08:36:02 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Error Reporting Elevation of Privilege Vulnerability (KB4035679)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4035679\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in\n Windows Error Reporting (WER).\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited this vulnerability to gain\n access to sensitive information and system functionality.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4035679\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"wer.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.0.6002.19848\"))\n{\n Vulnerable_range = \"Less than 6.0.6002.19848\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:fileVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.24168\"))\n{\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.24168\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\wer.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:48:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8624", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8664", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174"], "description": "This host is missing a critical security\n update according to Microsoft KB4034672", "modified": "2019-12-20T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811563", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4034672)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4034672)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811563\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-0174\", \"CVE-2017-0250\", \"CVE-2017-0293\", \"CVE-2017-8591\",\n \"CVE-2017-8593\", \"CVE-2017-8620\", \"CVE-2017-8624\", \"CVE-2017-8633\",\n \"CVE-2017-8664\", \"CVE-2017-8666\", \"CVE-2017-8668\");\n script_bugtraq_id(100038, 98100, 100039, 99430, 100032, 100034, 100061, 100069,\n 100085, 100089, 100092);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 12:06:29 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4034672)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034672\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Windows Input Method Editor (IME) when IME improperly handles parameters in\n a method of a DCOM class.\n\n - An error in Windows Error Reporting (WER).\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Microsoft JET Database Engine that could allow remote code execution on\n an affected system.\n\n - Windows Search improperly handles objects in memory memory.\n\n - Microsoft Windows PDF Library improperly handles objects in memory.\n\n - Microsoft Windows improperly handles NetBIOS packets.\n\n - The win32k component improperly provides kernel information.\n\n - The Volume Manager Extension Driver component improperly provides\n kernel information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in kernel mode, instantiate the DCOM class and exploit the\n system even if IME is not enabled, gain access to sensitive information and\n system functionality, take complete control of an affected system, cause denial\n of service condition and further compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2012 R2\n\n - Microsoft Windows 8.1 for 32-bit/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034672\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"mssrch.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"7.0.9600.18731\"))\n{\n report = 'File checked: ' + sysPath + \"\\mssrch.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 7.0.9600.18731\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8691", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174"], "description": "This host is missing a critical security\n update according to Microsoft KB4034664", "modified": "2020-06-04T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811600", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4034664)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4034664)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811600\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0174\", \"CVE-2017-0250\", \"CVE-2017-0293\", \"CVE-2017-8593\",\n \"CVE-2017-8620\", \"CVE-2017-8624\", \"CVE-2017-8633\", \"CVE-2017-8636\",\n \"CVE-2017-8641\", \"CVE-2017-8653\", \"CVE-2017-8666\", \"CVE-2017-8668\",\n \"CVE-2017-8691\");\n script_bugtraq_id(100038, 98100, 100039, 100032, 100034, 100061, 100069, 100056,\n 100057, 100059, 100089, 100092, 100090);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 08:59:58 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4034664)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034664\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Windows Error Reporting (WER).\n\n - Improperly accessing objects in memory.\n\n - Windows font library improperly handles specially crafted embedded fonts.\n\n - The Microsoft JET Database Engine that could allow remote code execution on\n an affected system.\n\n - Windows Search handles objects in memory.\n\n - The way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - When the win32k component improperly provides kernel information.\n\n - When the Volume Manager Extension Driver component improperly provides\n kernel information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to\n run arbitrary code in kernel mode, gain access to sensitive information and system\n functionality, gain the same user rights as the current user and obtain information\n to further compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\n\n - Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034664\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008r2:2, win7:2, win7x64:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"mssph.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"7.0.7601.23877\"))\n{\n report = 'File checked: ' + sysPath + \"\\mssph.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 7.0.7601.23877\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:45:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8664", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8635"], "description": "This host is missing a critical security\n update according to Microsoft KB4034681", "modified": "2019-12-20T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811280", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4034681)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4034681)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811280\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-0174\", \"CVE-2017-0250\", \"CVE-2017-0293\", \"CVE-2017-8591\",\n \"CVE-2017-8593\", \"CVE-2017-8620\", \"CVE-2017-8624\", \"CVE-2017-8633\",\n \"CVE-2017-8635\", \"CVE-2017-8636\", \"CVE-2017-8641\", \"CVE-2017-8653\",\n \"CVE-2017-8664\", \"CVE-2017-8666\", \"CVE-2017-8668\", \"CVE-2017-8669\");\n script_bugtraq_id(100038, 98100, 100039, 99430, 100032, 100034, 100061, 100069,\n 100055, 100056, 100057, 100059, 100085, 100089, 100092, 100068);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 09:06:54 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4034681)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034681\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in Windows when the Win32k component fails to properly handle\n objects in memory.\n\n - An error in Windows Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class.\n\n - An error when Microsoft browsers improperly access objects in memory.\n\n - An error in Windows Error Reporting (WER).\n\n - An error in the way JavaScript engines render when handling objects in\n memory in Microsoft browsers.\n\n - An error when Windows Hyper-V on a host server fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - An error in the Microsoft JET Database Engine that could allow remote code\n execution on an affected system.\n\n - An error when Windows Search handles objects in memory.\n\n - An error in the way that Microsoft browser JavaScript engines render content\n when handling objects in memory.\n\n - An error when Microsoft Windows PDF Library improperly handles objects in\n memory.\n\n - An error when Microsoft Windows improperly handles NetBIOS packets.\n\n - An error when the win32k component improperly provides kernel information.\n\n - An error when the Volume Manager Extension Driver component improperly provides\n kernel information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attacker to run arbitrary code in kernel mode, gain the same user rights as\n the current user, access to sensitive information and system functionality\n and conduct a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2012 R2\n\n - Microsoft Windows 8.1 for 32-bit/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034681\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Drivers\\tdx.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.18783\"))\n{\n report = 'File checked: ' + sysPath + \"\\Drivers\\tdx.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.3.9600.18783\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:22:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8664", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8651", "CVE-2017-8635"], "description": "This host is missing a critical security\n update according to Microsoft KB4034665", "modified": "2020-06-04T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811605", "type": "openvas", "title": "Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4034665)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4034665)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811605\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0174\", \"CVE-2017-0250\", \"CVE-2017-0293\", \"CVE-2017-8591\",\n \"CVE-2017-8593\", \"CVE-2017-8620\", \"CVE-2017-8624\", \"CVE-2017-8633\",\n \"CVE-2017-8635\", \"CVE-2017-8636\", \"CVE-2017-8641\", \"CVE-2017-8651\",\n \"CVE-2017-8653\", \"CVE-2017-8664\", \"CVE-2017-8666\", \"CVE-2017-8668\");\n script_bugtraq_id(100038, 98100, 100039, 99430, 100032, 100034, 100061, 100069,\n 100055, 100056, 100057, 100058, 100059, 100085, 100089, 100092);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 08:53:58 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4034665)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034665\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Input Method Editor (IME) when IME improperly handles parameters in\n a method of a DCOM class.\n\n - When Microsoft browsers improperly access objects in memory.\n\n - When handling objects in memory in microsoft browsers.\n\n - When Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Microsoft JET Database Engine that could allow remote code execution on an\n affected system.\n\n - When Windows Search handles objects in memory.\n\n - The way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - When Internet Explorer improperly accesses objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to\n run arbitrary code in kernel mode, gain access to sensitive information and system\n functionality, also can gain the same user rights as the current user and obtain\n information to further compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034665\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034665\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"drivers\\tdx.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.2.9200.22244\"))\n{\n report = 'File checked: ' + sysPath + \"\\drivers\\tdx.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.2.9200.22244\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:26:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8625", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8635"], "description": "This host is missing a critical security\n update according to Microsoft KB4034668", "modified": "2020-06-04T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811564", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4034668)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4034668)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811564\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0174\", \"CVE-2017-0250\", \"CVE-2017-0293\", \"CVE-2017-8591\",\n \"CVE-2017-8593\", \"CVE-2017-8620\", \"CVE-2017-8624\", \"CVE-2017-8625\",\n \"CVE-2017-8633\", \"CVE-2017-8635\", \"CVE-2017-8644\", \"CVE-2017-8652\",\n \"CVE-2017-8653\", \"CVE-2017-8655\", \"CVE-2017-8664\", \"CVE-2017-8666\",\n \"CVE-2017-8669\", \"CVE-2017-8672\", \"CVE-2017-8636\", \"CVE-2017-8640\",\n \"CVE-2017-8641\");\n script_bugtraq_id(100038, 98100, 100039, 99430, 100032, 100034, 100061, 100063,\n 100069, 100055, 100056, 100051, 100057, 100044, 100047, 100059,\n 100027, 100085, 100089, 100068, 100072);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 12:09:14 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4034668)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034668\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The Win32k component fails to properly handle objects in\n memory.\n\n - Windows Input Method Editor (IME) when IME improperly handles parameters in\n a method of a DCOM class.\n\n - The way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - Microsoft browsers improperly access objects in memory.\n\n - An error in Windows Error Reporting (WER).\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - The Microsoft JET Database Engine that could allow remote code execution on\n an affected system.\n\n - Windows Search improperly handles objects in memory.\n\n - Internet Explorer fails to validate User Mode Code Integrity (UMCI)\n policies.\n\n - Microsoft Edge improperly handles objects in memory.\n\n - Microsoft Windows PDF Library improperly handles objects in memory.\n\n - Microsoft Windows improperly handles NetBIOS packets.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited this vulnerability to run arbitrary\n code in kernel mode, instantiate the DCOM class and exploit the system even if IME\n is not enabled, gain access to sensitive information and system functionality and\n cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034668\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17532\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10240.0 - 11.0.10240.17532\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:21:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8503", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8645", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8625", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8657", "CVE-2017-8653", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8646", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8671", "CVE-2017-8635"], "description": "This host is missing a critical security\n update according to Microsoft KB4034660", "modified": "2020-06-04T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811606", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4034660)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4034660)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811606\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0174\", \"CVE-2017-0250\", \"CVE-2017-0293\", \"CVE-2017-8503\",\n \"CVE-2017-8591\", \"CVE-2017-8593\", \"CVE-2017-8620\", \"CVE-2017-8624\",\n \"CVE-2017-8625\", \"CVE-2017-8633\", \"CVE-2017-8635\", \"CVE-2017-8636\",\n \"CVE-2017-8640\", \"CVE-2017-8641\", \"CVE-2017-8644\", \"CVE-2017-8645\",\n \"CVE-2017-8646\", \"CVE-2017-8652\", \"CVE-2017-8653\", \"CVE-2017-8655\",\n \"CVE-2017-8657\", \"CVE-2017-8664\", \"CVE-2017-8666\", \"CVE-2017-8669\",\n \"CVE-2017-8671\", \"CVE-2017-8672\");\n script_bugtraq_id(100038, 98100, 100039, 99395, 99430, 100032, 100034, 100061,\n 100063, 100069, 100055, 100056, 100051, 100057, 100044, 100052,\n 100053, 100047, 100059, 100027, 100035, 100085, 100089, 100068,\n 100071, 100072);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 11:37:34 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4034660)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034660\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - When Windows Search handles objects in memory.\n\n - When Internet Explorer fails to validate User Mode Code Integrity (UMCI)\n policies.\n\n - Microsoft Edge that could allow an attacker to escape from the AppContainer\n sandbox in the browser.\n\n - When Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - The way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - When Microsoft Edge improperly handles objects in memory.\n\n - When the win32k component improperly provides kernel information.\n\n - When Microsoft Windows PDF Library improperly handles objects in memory.\n\n - When the Microsoft JET Database Engine that could allow remote code execution on\n an affected system.\n\n - When the Win32k component fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to\n run arbitrary code in kernel mode, gain access to sensitive information and system\n functionality, gain the same user rights as the current user and obtain information\n to further compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034660\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.1044\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10586.0 - 11.0.10586.1044\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:47:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8503", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8645", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8670", "CVE-2017-8623", "CVE-2017-8633", "CVE-2017-8625", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8656", "CVE-2017-8657", "CVE-2017-8653", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8639", "CVE-2017-8646", "CVE-2017-8661", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8671", "CVE-2017-8635"], "description": "This host is missing a critical security\n update according to Microsoft KB4034658", "modified": "2019-12-20T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811277", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811277", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4034658)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4034658)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811277\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-0174\", \"CVE-2017-0250\", \"CVE-2017-0293\", \"CVE-2017-8503\",\n \"CVE-2017-8591\", \"CVE-2017-8593\", \"CVE-2017-8620\", \"CVE-2017-8623\",\n \"CVE-2017-8624\", \"CVE-2017-8625\", \"CVE-2017-8633\", \"CVE-2017-8635\",\n \"CVE-2017-8636\", \"CVE-2017-8639\", \"CVE-2017-8640\", \"CVE-2017-8641\",\n \"CVE-2017-8644\", \"CVE-2017-8645\", \"CVE-2017-8646\", \"CVE-2017-8652\",\n \"CVE-2017-8653\", \"CVE-2017-8655\", \"CVE-2017-8656\", \"CVE-2017-8657\",\n \"CVE-2017-8661\", \"CVE-2017-8664\", \"CVE-2017-8666\", \"CVE-2017-8672\",\n \"CVE-2017-8669\", \"CVE-2017-8670\", \"CVE-2017-8671\");\n script_bugtraq_id(100038, 98100, 100039, 99395, 99430, 100032, 100034, 100042,\n 100061, 100063, 100069, 100055, 100056, 100050, 100051, 100057,\n 100044, 100052, 100053, 100047, 100059, 100027, 100033, 100035,\n 100037, 100085, 100089, 100072, 100068, 100070, 100071);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 08:31:54 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4034658)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034658\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in the way JavaScript engines render when handling objects in memory\n in Microsoft browsers.\n\n - An error when Windows Search handles objects in memory.\n\n - An error when Microsoft Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a guest operating system.\n\n - An error when Internet Explorer fails to validate User Mode Code Integrity (UMCI)\n policies.\n\n - An error in Microsoft Edge that could allow an attacker to escape from the\n AppContainer sandbox in the browser.\n\n - An error when Microsoft Edge improperly handles objects in memory.\n\n - An error when the win32k component improperly provides kernel information.\n\n - An error when Microsoft Windows PDF Library improperly handles objects in\n memory.\n\n - An error in the Microsoft JET Database Engine that could allow remote code\n execution on an affected system.\n\n - An error in Windows when the Win32k component fails to properly handle objects\n in memory.\n\n - An error in Windows Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class.\n\n - An error when Microsoft Windows improperly handles NetBIOS packets.\n\n - This security update resolves a vulnerability in Windows Error Reporting\n (WER).\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attacker to gain the same user rights as the current user, take control\n of the affected system, cause the host server to crash, run unsigned\n malicious code as though it were signed by a trusted source, run processes\n in an elevated context, install programs. View, change, or delete data\n or create new accounts with full user rights and gain access to sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034658\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1592\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.14393.0 - 11.0.14393.1592\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:25:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8674", "CVE-2017-8503", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8637", "CVE-2017-8673", "CVE-2017-8645", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8650", "CVE-2017-8670", "CVE-2017-8623", "CVE-2017-8622", "CVE-2017-8633", "CVE-2017-8638", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8642", "CVE-2017-8656", "CVE-2017-8657", "CVE-2017-8653", "CVE-2017-8647", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8659", "CVE-2017-8627", "CVE-2017-8639", "CVE-2017-8646", "CVE-2017-8661", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8634", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8662", "CVE-2017-8671", "CVE-2017-8635"], "description": "This host is missing a critical security\n update according to Microsoft KB4034674", "modified": "2020-06-04T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811283", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4034674)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4034674)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811283\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0174\", \"CVE-2017-0250\", \"CVE-2017-0293\", \"CVE-2017-8503\",\n \"CVE-2017-8591\", \"CVE-2017-8593\", \"CVE-2017-8620\", \"CVE-2017-8622\",\n \"CVE-2017-8623\", \"CVE-2017-8624\", \"CVE-2017-8627\", \"CVE-2017-8633\",\n \"CVE-2017-8634\", \"CVE-2017-8635\", \"CVE-2017-8636\", \"CVE-2017-8637\",\n \"CVE-2017-8638\", \"CVE-2017-8639\", \"CVE-2017-8640\", \"CVE-2017-8641\",\n \"CVE-2017-8642\", \"CVE-2017-8644\", \"CVE-2017-8645\", \"CVE-2017-8646\",\n \"CVE-2017-8647\", \"CVE-2017-8650\", \"CVE-2017-8652\", \"CVE-2017-8653\",\n \"CVE-2017-8655\", \"CVE-2017-8656\", \"CVE-2017-8657\", \"CVE-2017-8659\",\n \"CVE-2017-8661\", \"CVE-2017-8662\", \"CVE-2017-8664\", \"CVE-2017-8672\",\n \"CVE-2017-8673\", \"CVE-2017-8674\", \"CVE-2017-8666\", \"CVE-2017-8669\",\n \"CVE-2017-8670\", \"CVE-2017-8671\");\n script_bugtraq_id(100038, 98100, 100039, 99395, 99430, 100032, 100034, 100040,\n 100042, 100061, 100065, 100069, 100043, 100055, 100056, 100045,\n 100049, 100050, 100051, 100057, 100046, 100044, 100052, 100053,\n 100054, 100048, 100047, 100059, 100027, 100033, 100035, 100029,\n 100037, 100031, 100085, 100072, 100079, 100081, 100089, 100068,\n 100070, 100071);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 10:22:15 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4034674)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034674\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error when Microsoft Edge improperly handles objects in memory.\n\n - An error when Microsoft browsers improperly access objects in memory.\n\n - An error when Microsoft Windows PDF Library improperly handles objects in\n memory.\n\n - An error when Windows Hyper-V on a host server fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - An error when Windows Search handles objects in memory.\n\n - An error when Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - An error in the way that the Windows Subsystem for Linux handles NT pipes.\n\n - An error in the way Microsoft browsers handle objects in memory while rendering\n content.\n\n - An error when Windows Subsystem for Linux improperly handles objects in memory.\n\n - An error in Microsoft Edge that could allow an attacker to escape from\n the AppContainer sandbox in the browser.\n\n - An error when Microsoft Edge does not properly validate JavaScript under\n specific conditions..\n\n - An error in the way JavaScript engines render when handling objects in memory\n in Microsoft browsers.\n\n - An error when the win32k component improperly provides kernel information and\n fails to properly handle objects in memory..\n\n - An error in the way affected Microsoft scripting engines render when handling\n objects in memory.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the Microsoft JET Database Engine that could allow remote code\n execution on an affected system.\n\n - An error in Edge how strings are validated in specific scenarios.\n\n - An error in Windows Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class.\n\n - An error in Windows Error Reporting (WER).\n\n - An error in Microsoft Edge as a result of how memory is accessed in code compiled by\n the Edge Just-In-Time (JIT) compiler.\n\n - An error when Microsoft Windows improperly handles NetBIOS packets.\n\n - An error when the Chakra scripting engine does not properly handle objects in memory.\n\n - An error when Microsoft Edge does not properly enforce same-origin policies.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to sensitive information, gain the same user rights as the current\n user, execute arbitrary code on the host operating system, take control of the\n affected system, execute code with elevated permissions, run processes in an\n elevated context, cause a denial of service against the local system, cause the\n RDP service on the target system to stop responding, read sensitive data from\n memory and thereby potentially bypass Address Space Layout Randomization (ASLR),\n and bypass security feature.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4034674\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.539\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.15063.0 - 11.0.15063.539\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:42:07", "bulletinFamily": "microsoft", "cvelist": ["CVE-2017-8633"], "description": "<html><body><p>Resolves a vulnerability in Windows that could allow an attacker to access sensitive information and system functionality.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploits\u00a0this vulnerability could gain greater access to sensitive information and system functionality. This update corrects the way that WER handles and executes files.<br/><br/>To learn more about the vulnerability, go to <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8633\" id=\"kb-link-2\" target=\"_self\"> CVE-2017-8633</a>.</div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><span class=\"text-base\">Important</span><br/>\u00a0<ul class=\"sbody-free_list\"><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</li></ul></div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"> <h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href=\"https://www.microsoft.com/en-us/safety/pc-security/updates.aspx\" id=\"kb-link-13\" target=\"_self\">Windows Update: FAQ</a>. </div><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3><div class=\"kb-collapsible kb-collapsible-expanded\">To get the stand-alone package for this update, go to the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=4035679\" id=\"kb-link-14\" target=\"_self\">Microsoft Update Catalog</a> website. <br/></div></div><h2>Deployment information</h2>For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:<br/> <div class=\"indent\"> <a href=\"https://support.microsoft.com/en-us/help/20170808\" id=\"kb-link-9\">Security update deployment information: August 8, 2017</a></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-15\" target=\"_self\">Windows Update: FAQ</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-16\" target=\"_self\">TechNet Security Support and Troubleshooting</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" target=\"_self\">Microsoft Secure</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" target=\"_self\">International Support</a></div><br/></span></td></tr></tbody></table><a class=\"bookmark\" id=\"fileinfo\"></a></div><h2>File Information</h2><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Windows6.0-KB4035679-x86.msu</td><td>14D26C481D53164D7795958F05804F7C146CFD2B</td><td>782949A316703023CFDDA920461E2D0AF636F856C0B86F293D87B04FC94800F0</td></tr><tr><td>Windows6.0-KB4035679-ia64.msu</td><td>5D949B1587F7AB260F506D87BA3074866D95461C</td><td>C65A06C98797CD8245D9FCABC4080028F1484882FD6BA484A96B874054E335B0</td></tr><tr><td>Windows6.0-KB4035679-x64.msu</td><td>20C26AB44C7953983A77AEB8215FD718697AE7BB</td><td>FF78C8B8A44D9A988C1168BB62324B4930EF7D99FE735D1944415059ADFE0245</td></tr></tbody></table></td></tr></tbody></table><p><br/><strong>File information</strong><br/><br/><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.</span><br/><br/><strong>Windows Server 2008 file information</strong></p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"alert-title\">Notes</div><div class=\"row\"><div class=\"col-xs-24\"><p>The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.</p></div></div></div></div><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Wer.dll</td><td>6.0.6002.19848</td><td>877,568</td><td>14-Jul-2017</td><td>17:42</td><td>x86</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.19848</td><td>30,208</td><td>14-Jul-2017</td><td>17:42</td><td>x86</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.19848</td><td>56,320</td><td>14-Jul-2017</td><td>15:58</td><td>x86</td></tr><tr><td>Wer.dll</td><td>6.0.6002.24169</td><td>877,568</td><td>14-Jul-2017</td><td>18:00</td><td>x86</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.24169</td><td>30,208</td><td>14-Jul-2017</td><td>18:00</td><td>x86</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.24169</td><td>56,320</td><td>14-Jul-2017</td><td>15:29</td><td>x86</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported ia64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Wer.dll</td><td>6.0.6002.19848</td><td>2,181,120</td><td>14-Jul-2017</td><td>17:29</td><td>IA-64</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.19848</td><td>57,344</td><td>14-Jul-2017</td><td>17:29</td><td>IA-64</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.19848</td><td>131,072</td><td>14-Jul-2017</td><td>16:02</td><td>IA-64</td></tr><tr><td>Wer.dll</td><td>6.0.6002.24169</td><td>2,181,120</td><td>14-Jul-2017</td><td>16:22</td><td>IA-64</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.24169</td><td>57,344</td><td>14-Jul-2017</td><td>16:22</td><td>IA-64</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.24169</td><td>131,072</td><td>14-Jul-2017</td><td>15:31</td><td>IA-64</td></tr><tr><td>Wer.dll</td><td>6.0.6002.19848</td><td>877,568</td><td>14-Jul-2017</td><td>17:42</td><td>x86</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.19848</td><td>30,208</td><td>14-Jul-2017</td><td>17:42</td><td>x86</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.19848</td><td>56,320</td><td>14-Jul-2017</td><td>15:58</td><td>x86</td></tr><tr><td>Wer.dll</td><td>6.0.6002.24169</td><td>877,568</td><td>14-Jul-2017</td><td>18:00</td><td>x86</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.24169</td><td>30,208</td><td>14-Jul-2017</td><td>18:00</td><td>x86</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.24169</td><td>56,320</td><td>14-Jul-2017</td><td>15:29</td><td>x86</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Wer.dll</td><td>6.0.6002.19848</td><td>1,112,064</td><td>14-Jul-2017</td><td>17:52</td><td>x64</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.19848</td><td>34,816</td><td>14-Jul-2017</td><td>17:52</td><td>x64</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.19848</td><td>57,856</td><td>14-Jul-2017</td><td>16:14</td><td>x64</td></tr><tr><td>Wer.dll</td><td>6.0.6002.24169</td><td>1,112,064</td><td>14-Jul-2017</td><td>16:49</td><td>x64</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.24169</td><td>34,816</td><td>14-Jul-2017</td><td>16:49</td><td>x64</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.24169</td><td>57,856</td><td>14-Jul-2017</td><td>15:51</td><td>x64</td></tr><tr><td>Wer.dll</td><td>6.0.6002.19848</td><td>877,568</td><td>14-Jul-2017</td><td>17:42</td><td>x86</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.19848</td><td>30,208</td><td>14-Jul-2017</td><td>17:42</td><td>x86</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.19848</td><td>56,320</td><td>14-Jul-2017</td><td>15:58</td><td>x86</td></tr><tr><td>Wer.dll</td><td>6.0.6002.24169</td><td>877,568</td><td>14-Jul-2017</td><td>18:00</td><td>x86</td></tr><tr><td>Werdiagcontroller.dll</td><td>6.0.6002.24169</td><td>30,208</td><td>14-Jul-2017</td><td>18:00</td><td>x86</td></tr><tr><td>Wermgr.exe</td><td>6.0.6002.24169</td><td>56,320</td><td>14-Jul-2017</td><td>15:29</td><td>x86</td></tr></tbody></table></td></tr></tbody></table></body></html>", "edition": 2, "modified": "2017-08-08T17:00:19", "id": "KB4035679", "href": "https://support.microsoft.com/en-us/help/4035679/", "published": "2017-08-08T00:00:00", "title": "Security update for the Windows Error Reporting elevation of privilege vulnerability for and Windows Server 2008: August 8, 2017", "type": "mskb", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2020-06-22T11:40:39", "bulletinFamily": "info", "cvelist": ["CVE-2017-8633"], "edition": 2, "description": "This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute medium-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Error Reporting Manager (wermgr). The issue results from the lack of proper validation of a path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to SYSTEM.", "modified": "2017-06-22T00:00:00", "published": "2017-08-08T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-639/", "id": "ZDI-17-639", "title": "Microsoft Windows Error Reporting Manager Improper Access Control Privilege Escalation Vulnerability", "type": "zdi", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2018-01-27T09:17:58", "bulletinFamily": "info", "cvelist": ["CVE-2017-8622", "CVE-2017-8633", "CVE-2017-8627", "CVE-2017-8620"], "description": "[](<https://1.bp.blogspot.com/--MvnaX-NVsg/WYoCm7tEvLI/AAAAAAAAt-0/15y7Ep7f15YFgesEOJPe0DRGNmbv0BKpwCLcBGAs/s1600/microsoft-security-patch-updates.png>)\n\nHere we go again\u2026 \n \nAs part of its August Patch Tuesday, Microsoft has today [released](<https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b3d96835-f651-e711-80dd-000d3a32fc99>) a large batch of 48 security updates for all supported versions Windows systems and other products. \n \nThe latest security update addresses a range of vulnerabilities including 25 critical, 21 important and 2 moderate in severity. \n \nThese vulnerabilities impact various versions of Microsoft's Windows operating systems, Internet Explorer, Microsoft Edge, Microsoft SharePoint, the Windows Subsystem for Linux, Adobe Flash Player, Windows Hyper-V and Microsoft SQL Server. \n \n\n\n### CVE-2017-8620: Windows Search Remote Code Execution Vulnerability \n\n \nThe most interesting and critical vulnerability of this month is Windows Search Remote Code Execution Vulnerability (CVE-2017-8620), affects all versions of Windows 7 and Windows 10, which could be used as a wormable attack like the one used in [WannaCry ransomware](<https://thehackernews.com/2017/05/how-to-wannacry-ransomware.html>), as it utilises the SMBv1 connection. \n \nAn attacker could remotely exploit the vulnerability through an SMB connection to elevate privileges and take control of the targeted Windows computer. \n\n\n> \"A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,\" Microsoft [explains](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620>).\n\n> \"In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.\"\n\n \n\n\n### CVE-2017-8633: Windows Error Reporting Elevation of Privilege Vulnerability\n\n \nAnother significant elevation of privilege vulnerability resides in Windows Error Reporting (WER) that could allow an attacker to run a specially created application to gain access to administrator privileges on the targeted system to steal sensitive information. \n\n\n> \"This update corrects the way the WER handles and executes files,\" the advisory [says](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8633>).\n\n \n\n\n### CVE-2017-8627: Windows Subsystem for Linux DoS Vulnerability\n\n \nAn important vulnerability has been identified in Windows Subsystem for Linux that could allow an attacker to execute code with elevated permissions. \n\n\n> \"To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles NT pipes\" the advisory [says](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8622>).\n\nSuccessful exploitation eventually could allow denial of service attack, leaving the targeted system unresponsive. \n \nMicrosoft has also released critical security updates for the Adobe Flash Player for Internet Explorer, although the company would [end its support for Flash](<https://thehackernews.com/2017/07/kill-adobe-flash-player.html>) at the end of 2020. \n \nUsers and IT administrators are strongly recommended to apply security patches as soon as possible to keep away hackers and cybercriminals from taking control over your computer. \n \nFor installing security updates, simply head on to Settings \u2192 Update & security \u2192 Windows Update \u2192 Check for updates, or you can install the updates manually.\n", "modified": "2017-08-08T22:04:08", "published": "2017-08-08T08:02:00", "id": "THN:81B4CBE5F5938C2A1A9A05F37CFF8A8F", "href": "https://thehackernews.com/2017/08/microsoft-security-patch.html", "type": "thn", "title": "Microsoft Issues Security Patches for 25 Critical Vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "rapid7community": [{"lastseen": "2017-08-21T18:09:25", "bulletinFamily": "blog", "cvelist": ["CVE-2017-0071", "CVE-2017-0228", "CVE-2017-0299", "CVE-2017-8622", "CVE-2017-8627", "CVE-2017-8633"], "description": "<!-- [DocumentBodyStart:49b9bd5a-70b9-437f-bdd8-a7b0c8d8829f] --><div class=\"jive-rendered-content\"><p>It was a busy month this month with a total of 48 security issues fixed. All of these have a severity of Critical or Important with Remote Code Execution vulnerabilities again figuring highly, particularly for Microsoft Edge.</p><p class=\"p2\" style=\"min-height: 8pt; padding: 0px;\"> </p><p class=\"p1\">There were also a few publicly disclosed vulnerabilities that were fixed, including<span class=\"Apple-converted-space\"> </span><span class=\"s1\"><a class=\"\" href=\"https://community.rapid7.com/blog/CVE-2017-8633\">CVE-2017-8633</a> (Privilege Escalation with Windows Error Reporting). </span><span class=\"s1\">None of the disclosed vulnerabilities have publicly known exploits as of writing.</span></p><p class=\"p1\" style=\"min-height: 8pt; padding: 0px;\"> </p><p class=\"p4\">Another critical Adobe Flash Player RCE vulnerability has been fixed (<a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FADV170010\" rel=\"nofollow\" target=\"_blank\">ADV170010</a><span class=\"s2\">).</span></p><p class=\"p5\" style=\"min-height: 8pt; padding: 0px;\"> </p><p class=\"p6\">Also of note were a few revisions to <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2017-0071\" rel=\"nofollow\" target=\"_blank\">CVE-2017-0071</a>, <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2017-0228\" rel=\"nofollow\" target=\"_blank\">CVE-2017-0228,</a> and <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2017-0299\" rel=\"nofollow\" target=\"_blank\">CVE-2017-0299</a> that will require the installation of July (CVE-2017-0071) and August (CVE-2017-0228 and CVE-2017-0299) patches to ensure you are fully protected.</p><p class=\"p5\" style=\"min-height: 8pt; padding: 0px;\"> </p><p class=\"p6\">We were waiting to see if Microsoft would release any patches for the recently disclosed <a class=\"jive-link-blog-small\" data-containerId=\"5165\" data-containerType=\"37\" data-objectId=\"7946\" data-objectType=\"38\" href=\"https://community.rapid7.com/community/infosec/blog/2017/08/03/smbloris-what-you-need-to-know\">SMBLoris</a> vulnerability in this release, but they don't seem to have taken any action to fix in this round of patches.</p><p class=\"p6\" style=\"min-height: 8pt; padding: 0px;\"> </p><p class=\"p6\">Finally, this is the first time we have seen vulnerabilities patched on the Linux subsystem under Windows. Since its introduction, it was only a matter of time: <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2017-8627\" rel=\"nofollow\" target=\"_blank\">CVE-2017-8627</a> (Dos) and <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2017-8622\" rel=\"nofollow\" target=\"_blank\">CVE-2017-8622</a> (Privilege Escalation) are the first of their kind.</p></div><!-- [DocumentBodyEnd:49b9bd5a-70b9-437f-bdd8-a7b0c8d8829f] -->", "modified": "2017-08-08T20:03:46", "published": "2017-08-08T20:03:46", "href": "https://community.rapid7.com/community/nexpose/blog/2017/08/08/patch-tuesday-august-2017", "id": "RAPID7COMMUNITY:5E360655BE25ED8FE7E5EBBFACEDD115", "title": "Patch Tuesday - August 2017", "type": "rapid7community", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:53:19", "bulletinFamily": "info", "cvelist": ["CVE-2017-0293", "CVE-2017-8620", "CVE-2017-8622", "CVE-2017-8627", "CVE-2017-8633", "CVE-2017-8664", "CVE-2017-8691"], "description": "Microsoft patched more than two dozen remote code execution vulnerabilities today, many of them rated critical. One was a RCE bug that allowed an attacker to take complete control of a server or workstation via Windows Search.\n\nThe fixes were part of [Microsoft\u2019s August Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance>) update that included 48 patches in all, 25 of them critical, two publicly known prior to release and one with a publicly available proof of concept. None of the vulnerabilities are currently being exploited in the wild, Microsoft said.\n\nThe most serious RCE vulnerability ([CVE-2017-8620](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620>)) is related to how Windows Search handles objects in memory. \u201cAn attacker who successfully exploited this vulnerability could take control of the affected system,\u201d Microsoft wrote.\n\nExploiting the Windows Search vulnerability requires an adversary to send a specially crafted message to the Windows Search service. \u201cAdditionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer,\u201d said Microsoft.\n\nThis critical bug affects several versions of Windows 10, Windows Server 2012 and Windows Server 2016.\n\n\u201cWhile an exploit against this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya,\u201d wrote Jimmy Graham, director of product management at Qualys, [in a post](<https://blog.qualys.com/misc/2017/08/08/august-patch-tuesday-25-critical-microsoft-vulnerabilities-43-for-adobe>).\n\nA second RCE (rated important) is tied to Windows Hyper-V ([CVE-2017-8664](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8664>)) and exists when a host server fails to properly validate input from an authenticated user on a guest operating system.\n\n\u201cAn attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system,\u201d Microsoft said. To exploit the vulnerability all an attacker needs to do is run a malicious application on a guest OS that could cause the Hyper-V host operating system to execute the arbitrary code.\n\n\u201cAlthough neither is publicly known nor actively exploited, this bug certainly warrants extra attention,\u201d wrote [Zero Day Initiative in its Patch Tuesday commentary](<https://www.thezdi.com/blog/2017/8/8/the-august-2017-security-update-review>). \u201cBack at the 2017 Pwn2Own competition, a Hyper-V escape like this one would have earned the contestant $100,000.\u201d\n\nIn all, Microsoft patched 27 remote code execution vulnerabilities as part of its August batch of fixes.\n\nThe two bugs previously known were a Windows Subsystem for Linux denial of service vulnerability ([CVE-2017-8627](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8627>)) and a Windows Error Reporting elevation of privilege vulnerability ([CVE-2017-8633](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8633>)) \u2013 both rated as important.\n\n\u201cThis is the first time we have seen vulnerabilities patched on the Linux Subsystem under Windows. [Since its introduction](<https://threatpost.com/windows-10-attack-surface-grows-with-linux-support-in-anniversary-update/119778/>), it was only a matter of time and [CVE-2017-8627](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8627>) (DoS) and [CVE-2017-8622](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8622>) (privilege escalation) are the first of their kind,\u201d said Bobby McKeown, senior manager of engineering, Rapid7.\n\nQualys notes 20 of August\u2019s critical vulnerabilities are tied to the Windows\u2019 Scripting Engine, which can impact both Edge and IE and Microsoft Office. It notes these type vulnerabilities should be \u201cconsidered for prioritizing for workstation-type systems that use email and access the internet via a browser.\u201d\n\n\u201cAlso of note is a vulnerability in the Windows Font Engine, [CVE-2017-8691](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8691>). This vulnerability can also be exploited through a browser. For systems running Windows 10 and Microsoft Edge, [CVE-2017-0293](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0293>) impacts the PDF viewer functionality,\u201d Qualys said.\n\nThe August patches did not include an important Microsoft[ security update also issued today](<https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/>) that included the removal of [WoSign](<https://threatpost.com/google-to-fully-distrust-wosignstartcom-ssl-certs-in-chrome-61/126729/>) and StartCom certificates in Windows 10. \u201cMicrosoft will begin the natural deprecation of WoSign and StartCom certificates by setting a \u2018NotBefore\u2019 date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017,\u201d according to Microsoft.\n\nThe August Patch Tuesday fixes also don\u2019t include a fix to stop a[ SMBLoris attack](<https://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/126927/>), which is a denial of service attack against systems that have port 445 and the SMB client exposed.\n\nLast month, the vulnerability was [disclosed during DEF CON](<https://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/126927/>). Microsoft has said it will not patch the vulnerability, which allows an attacker to remotely crash a Windows server with relative ease.\n\nEarlier today, [Adobe released patches covering 67 vulnerabilities](<https://threatpost.com/flash-player-marches-toward-end-patches-two-code-execution-bugs-in-latest-update/127288/>), 43 of which are critical. Adobe Acrobat and Reader made up the bulk of the vulnerabilities, with two related to Adobe Flash.\n", "modified": "2017-08-08T21:22:01", "published": "2017-08-08T17:21:17", "id": "THREATPOST:E2847DC02F5867ECA6FD0DF53EABD08A", "href": "https://threatpost.com/microsoft-patches-critical-windows-search-vulnerability/127303/", "type": "threatpost", "title": "Microsoft Patches Critical Windows Search Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-03-01T06:19:10", "description": "The remote Windows host is missing security update 4034679\nor cumulative update 4034664. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - An information disclosure vulnerability exists when the\n Volume Manager Extension Driver component improperly\n provides kernel information. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.To\n exploit this vulnerability, an attacker would have to\n log on to an affected system and run a specially crafted\n application.The security update addresses the\n vulnerability by correcting how Volume Manager Extension\n Driver handles objects in memory. (CVE-2017-8668)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploits exploited this vulnerability would gain code\n execution on the target system. (CVE-2017-8691)", "edition": 36, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "Windows 7 and Windows Server 2008 R2 August 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8691", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_AUG_4034664.NASL", "href": "https://www.tenable.com/plugins/nessus/102267", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102267);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0293\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8624\",\n \"CVE-2017-8633\",\n \"CVE-2017-8636\",\n \"CVE-2017-8641\",\n \"CVE-2017-8653\",\n \"CVE-2017-8666\",\n \"CVE-2017-8668\",\n \"CVE-2017-8691\"\n );\n script_bugtraq_id(\n 98100,\n 100032,\n 100034,\n 100038,\n 100039,\n 100056,\n 100057,\n 100059,\n 100061,\n 100069,\n 100089,\n 100090,\n 100092\n );\n script_xref(name:\"MSKB\", value:\"4034664\");\n script_xref(name:\"MSFT\", value:\"MS17-4034664\");\n script_xref(name:\"MSKB\", value:\"4034679\");\n script_xref(name:\"MSFT\", value:\"MS17-4034679\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 August 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4034679\nor cumulative update 4034664. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - An information disclosure vulnerability exists when the\n Volume Manager Extension Driver component improperly\n provides kernel information. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.To\n exploit this vulnerability, an attacker would have to\n log on to an affected system and run a specially crafted\n application.The security update addresses the\n vulnerability by correcting how Volume Manager Extension\n Driver handles objects in memory. (CVE-2017-8668)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploits exploited this vulnerability would gain code\n execution on the target system. (CVE-2017-8691)\");\n # https://support.microsoft.com/en-us/help/4034664/windows-7-sp1-windows-server-2008-r2-sp1-update-kb4034664\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf044da8\");\n # https://support.microsoft.com/en-us/help/4034679/windows-7-sp1-windows-server-2008-r2-sp1-update-kb4034679\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b43b168e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4034679 or Cumulative update KB4034664.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8691\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list('4034664', '4034679');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"08_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4034664, 4034679])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:30:52", "description": "The remote Windows host is missing multiple security updates released\non 2017/08/08. It is, therefore, affected by multiple\nvulnerabilities :\n\n- A denial of service vulnerability exists when Microsoft Windows\n improperly handles NetBIOS packets. An attacker who successfully\n exploited this vulnerability could cause a target computer to\n become completely unresponsive. A remote unauthenticated attacker\n could exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent denial of\n service condition. The update addresses the vulnerability by\n correcting how the Windows network stack handles NetBIOS traffic.\n (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft JET\n Database Engine that could allow remote code execution on an\n affected system. An attacker who successfully exploited this\n vulnerability could take complete control of an affected system.\n An attacker could then install programs; view, change, or delete\n data; or create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the system\n could be less impacted than users who operate with administrative\n user rights. Exploitation of this vulnerability requires that a\n user open or preview a specially crafted database file while using\n an affected version of Microsoft Windows. In an email attack\n scenario, an attacker could exploit the vulnerability by sending a\n specially crafted database file to the user and then convincing\n the user to open the file. The update addresses the vulnerability\n by modifying how the Microsoft JET Database Engine handles objects\n in memory. (CVE-2017-0250)\n\n - An information disclosure vulnerability exists when the Windows \n kernel fails to properly initialize a memory address, allowing an \n attacker to retrieve information that could lead to a Kernel Address \n Space Layout Randomization (KASLR) bypass. (CVE-2017-0299)\n\n - An elevation of privilege vulnerability exists in Windows when the\n Win32k component fails to properly handle objects in memory. An\n attacker who successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then install\n programs; view, change, or delete data; or create new accounts\n with full user rights. To exploit this vulnerability, an attacker\n would first have to log on to the system. An attacker could then\n run a specially crafted application that could exploit the\n vulnerability and take control of an affected system. The update\n addresses this vulnerability by correcting how Win32k handles\n objects in memory. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when Windows Search\n handles objects in memory. An attacker who successfully exploited\n this vulnerability could take control of the affected system. An\n attacker could then install programs; view, change, or delete\n data; or create new accounts with full user rights. To exploit the\n vulnerability, the attacker could send specially crafted messages\n to the Windows Search service. An attacker with access to a target\n computer could exploit this vulnerability to elevate privileges\n and take control of the computer. Additionally, in an enterprise\n scenario, a remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then take control\n of a target computer. The security update addresses the\n vulnerability by correcting how Windows Search handles objects in\n memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the Windows\n Common Log File System (CLFS) driver improperly handles objects in\n memory. In a local attack scenario, an attacker could exploit this\n vulnerability by running a specially crafted application to take\n control of the affected system. An attacker who successfully\n exploited this vulnerability could run processes in an elevated\n context. The update addresses the vulnerability by correcting how\n CLFS handles objects in memory. Note: The Common Log File System\n (CLFS) is a high-performance, general-purpose log file subsystem\n that dedicated client applications can use and multiple clients\n can share to optimize log access. (CVE-2017-8624)\n\n - This security update resolves a vulnerability in Windows Error\n Reporting (WER). The vulnerability could allow elevation of\n privilege if successfully exploited by an attacker. An attacker\n who successfully exploited this vulnerability could gain greater\n access to sensitive information and system functionality. This\n update corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way that \n Microsoft browser JavaScript engines render content when \n handling objects in memory. The vulnerability could corrupt \n memory in such a way that an attacker could execute arbitrary\n code in the context of the current user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way \n JavaScript engines render when handling objects in memory \n in Microsoft browsers. The vulnerability could corrupt memory \n in such a way that an attacker could execute arbitrary code in \n the context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user rights as \n the current user. If the current user is logged on with \n administrative user rights, an attacker who successfully exploited \n the vulnerability could take control of an affected system. An \n attacker could then install programs; view, change, or delete \n data; or create new accounts with full user rights.\n (CVE-2017-8641)\n\n - A remote code execution vulnerability exists when Internet \n Explorer improperly accesses objects in memory. The vulnerability \n could corrupt memory in such a way that an attacker could execute \n arbitrary code in the context of the current user.\n (CVE-2017-8651)\n\n - A remote code execution vulnerability exists when Microsoft \n browsers improperly access objects in memory. The vulnerability \n could corrupt memory in such a way that enables an attacker to \n execute arbitrary code in the context of the current user.\n (CVE-2017-8653)\n\n - An information disclosure vulnerability exists when the win32k \n component improperly provides kernel information. An attacker \n who successfully exploited the vulnerability could obtain \n information to further compromise the user's system.\n (CVE-2017-8666)\n\n - An information disclosure vulnerability exists when the Volume\n Manager Extension Drivercomponent improperly provides kernel\n information. An attacker who successfully exploited the\n vulnerability could obtain information to further compromise the\n users system. To exploit this vulnerability, an attacker would\n have to log on to an affected system and run a specially crafted\n application. The security update addresses the vulnerability by\n correcting how Volume Manager Extension Driver handles objects in\n memory. (CVE-2017-8668)\n\n - A remote code execution vulnerability exists when the Windows font\n library improperly handles specially crafted embedded fonts. An\n attacker who successfully exploited this vulnerability\n would gain code execution on the target system. Users whose\n accounts are configured to have fewer user rights on the system\n could be less impacted than users who operate with administrative\n user rights. There are multiple ways an attacker could exploit the\n vulnerability: In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to exploit the\n vulnerability and then convince users to view the website. An\n attacker would have no way to force users to view the\n attacker-controlled content. Instead, an attacker would have to\n convince users to take action, typically by getting them to click\n a link in an email or Instant Messenger message that takes users\n to the attacker's website, or by opening an attachment sent\n through email. In a file sharing attack scenario, an attacker\n could provide a specially crafted document file that is designed\n to exploit the vulnerability, and then convince users to open the\n document file. The security update addresses the vulnerability by\n correcting how the Windows font library handles embedded fonts.\n (CVE-2017-8691)", "edition": 35, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "Windows 2008 August 2017 Multiple Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-8653", "CVE-2017-8691", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8651", "CVE-2017-0299"], "modified": "2017-08-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_AUG_WIN2008.NASL", "href": "https://www.tenable.com/plugins/nessus/102273", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102273);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/04\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0299\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8624\",\n \"CVE-2017-8633\",\n \"CVE-2017-8636\",\n \"CVE-2017-8641\",\n \"CVE-2017-8651\",\n \"CVE-2017-8653\",\n \"CVE-2017-8666\",\n \"CVE-2017-8668\",\n \"CVE-2017-8691\"\n );\n script_bugtraq_id(\n 98100,\n 100032,\n 100034,\n 100038,\n 100061,\n 100089\n );\n script_xref(name:\"MSKB\", value:\"4022750\");\n script_xref(name:\"MSFT\", value:\"MS17-4022750\");\n script_xref(name:\"MSKB\", value:\"4034733\");\n script_xref(name:\"MSFT\", value:\"MS17-4034733\");\n script_xref(name:\"MSKB\", value:\"4034034\");\n script_xref(name:\"MSFT\", value:\"MS17-4034034\");\n script_xref(name:\"MSKB\", value:\"4034741\");\n script_xref(name:\"MSFT\", value:\"MS17-4034741\");\n script_xref(name:\"MSKB\", value:\"4034744\");\n script_xref(name:\"MSFT\", value:\"MS17-4034744\");\n script_xref(name:\"MSKB\", value:\"4034745\");\n script_xref(name:\"MSFT\", value:\"MS17-4034745\");\n script_xref(name:\"MSKB\", value:\"4034775\");\n script_xref(name:\"MSFT\", value:\"MS17-4034775\");\n script_xref(name:\"MSKB\", value:\"4035055\");\n script_xref(name:\"MSFT\", value:\"MS17-4035055\");\n script_xref(name:\"MSKB\", value:\"4035056\");\n script_xref(name:\"MSFT\", value:\"MS17-4035056\");\n script_xref(name:\"MSKB\", value:\"4035679\");\n script_xref(name:\"MSFT\", value:\"MS17-4035679\");\n\n script_name(english:\"Windows 2008 August 2017 Multiple Security Updates\");\n script_summary(english:\"Checks the existence of Windows Server 2008 August 2017 Patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing multiple security updates released\non 2017/08/08. It is, therefore, affected by multiple\nvulnerabilities :\n\n- A denial of service vulnerability exists when Microsoft Windows\n improperly handles NetBIOS packets. An attacker who successfully\n exploited this vulnerability could cause a target computer to\n become completely unresponsive. A remote unauthenticated attacker\n could exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent denial of\n service condition. The update addresses the vulnerability by\n correcting how the Windows network stack handles NetBIOS traffic.\n (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft JET\n Database Engine that could allow remote code execution on an\n affected system. An attacker who successfully exploited this\n vulnerability could take complete control of an affected system.\n An attacker could then install programs; view, change, or delete\n data; or create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the system\n could be less impacted than users who operate with administrative\n user rights. Exploitation of this vulnerability requires that a\n user open or preview a specially crafted database file while using\n an affected version of Microsoft Windows. In an email attack\n scenario, an attacker could exploit the vulnerability by sending a\n specially crafted database file to the user and then convincing\n the user to open the file. The update addresses the vulnerability\n by modifying how the Microsoft JET Database Engine handles objects\n in memory. (CVE-2017-0250)\n\n - An information disclosure vulnerability exists when the Windows \n kernel fails to properly initialize a memory address, allowing an \n attacker to retrieve information that could lead to a Kernel Address \n Space Layout Randomization (KASLR) bypass. (CVE-2017-0299)\n\n - An elevation of privilege vulnerability exists in Windows when the\n Win32k component fails to properly handle objects in memory. An\n attacker who successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then install\n programs; view, change, or delete data; or create new accounts\n with full user rights. To exploit this vulnerability, an attacker\n would first have to log on to the system. An attacker could then\n run a specially crafted application that could exploit the\n vulnerability and take control of an affected system. The update\n addresses this vulnerability by correcting how Win32k handles\n objects in memory. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when Windows Search\n handles objects in memory. An attacker who successfully exploited\n this vulnerability could take control of the affected system. An\n attacker could then install programs; view, change, or delete\n data; or create new accounts with full user rights. To exploit the\n vulnerability, the attacker could send specially crafted messages\n to the Windows Search service. An attacker with access to a target\n computer could exploit this vulnerability to elevate privileges\n and take control of the computer. Additionally, in an enterprise\n scenario, a remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then take control\n of a target computer. The security update addresses the\n vulnerability by correcting how Windows Search handles objects in\n memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the Windows\n Common Log File System (CLFS) driver improperly handles objects in\n memory. In a local attack scenario, an attacker could exploit this\n vulnerability by running a specially crafted application to take\n control of the affected system. An attacker who successfully\n exploited this vulnerability could run processes in an elevated\n context. The update addresses the vulnerability by correcting how\n CLFS handles objects in memory. Note: The Common Log File System\n (CLFS) is a high-performance, general-purpose log file subsystem\n that dedicated client applications can use and multiple clients\n can share to optimize log access. (CVE-2017-8624)\n\n - This security update resolves a vulnerability in Windows Error\n Reporting (WER). The vulnerability could allow elevation of\n privilege if successfully exploited by an attacker. An attacker\n who successfully exploited this vulnerability could gain greater\n access to sensitive information and system functionality. This\n update corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way that \n Microsoft browser JavaScript engines render content when \n handling objects in memory. The vulnerability could corrupt \n memory in such a way that an attacker could execute arbitrary\n code in the context of the current user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way \n JavaScript engines render when handling objects in memory \n in Microsoft browsers. The vulnerability could corrupt memory \n in such a way that an attacker could execute arbitrary code in \n the context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user rights as \n the current user. If the current user is logged on with \n administrative user rights, an attacker who successfully exploited \n the vulnerability could take control of an affected system. An \n attacker could then install programs; view, change, or delete \n data; or create new accounts with full user rights.\n (CVE-2017-8641)\n\n - A remote code execution vulnerability exists when Internet \n Explorer improperly accesses objects in memory. The vulnerability \n could corrupt memory in such a way that an attacker could execute \n arbitrary code in the context of the current user.\n (CVE-2017-8651)\n\n - A remote code execution vulnerability exists when Microsoft \n browsers improperly access objects in memory. The vulnerability \n could corrupt memory in such a way that enables an attacker to \n execute arbitrary code in the context of the current user.\n (CVE-2017-8653)\n\n - An information disclosure vulnerability exists when the win32k \n component improperly provides kernel information. An attacker \n who successfully exploited the vulnerability could obtain \n information to further compromise the user's system.\n (CVE-2017-8666)\n\n - An information disclosure vulnerability exists when the Volume\n Manager Extension Drivercomponent improperly provides kernel\n information. An attacker who successfully exploited the\n vulnerability could obtain information to further compromise the\n users system. To exploit this vulnerability, an attacker would\n have to log on to an affected system and run a specially crafted\n application. The security update addresses the vulnerability by\n correcting how Volume Manager Extension Driver handles objects in\n memory. (CVE-2017-8668)\n\n - A remote code execution vulnerability exists when the Windows font\n library improperly handles specially crafted embedded fonts. An\n attacker who successfully exploited this vulnerability\n would gain code execution on the target system. Users whose\n accounts are configured to have fewer user rights on the system\n could be less impacted than users who operate with administrative\n user rights. There are multiple ways an attacker could exploit the\n vulnerability: In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to exploit the\n vulnerability and then convince users to view the website. An\n attacker would have no way to force users to view the\n attacker-controlled content. Instead, an attacker would have to\n convince users to take action, typically by getting them to click\n a link in an email or Instant Messenger message that takes users\n to the attacker's website, or by opening an attachment sent\n through email. In a file sharing attack scenario, an attacker\n could provide a specially crafted document file that is designed\n to exploit the vulnerability, and then convince users to open the\n document file. The security update addresses the vulnerability by\n correcting how the Windows font library handles embedded fonts.\n (CVE-2017-8691)\");\n # https://support.microsoft.com/en-us/help/4022750/windows-netbios-denial-of-service-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8637e23a\");\n # https://support.microsoft.com/en-us/help/4034034/windows-search-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a746ad8c\");\n # https://support.microsoft.com/en-us/help/4034744/volume-manager-extension-driver-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dc718255\");\n # https://support.microsoft.com/en-us/help/4034745/windows-clfs-elevation-of-privilege-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9d1ae23\");\n # https://support.microsoft.com/en-us/help/4034775/microsoft-jet-database-engine-remote-code-exec-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba9f2db3\");\n # https://support.microsoft.com/en-us/help/4035055/win32k-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dd93e10f\");\n # https://support.microsoft.com/en-us/help/4035056/express-compressed-fonts-remote-code-execution-vulnerability-in-window\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c83b0e2e\");\n # https://support.microsoft.com/en-us/help/4035679/windows-error-reporting-elevation-of-privilege-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b7fc780d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the following security updates :\n\n - KB4022750\n - KB4034034\n - KB4034733\n - KB4034741\n - KB4034744 \n - KB4034745\n - KB4034775\n - KB4035055 \n - KB4035056\n - KB4035679\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8691\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-08';\n\nkbs = make_list(\n \"4035679\",\n \"4035056\",\n \"4035055\",\n \"4034775\",\n \"4034745\",\n \"4034744\",\n \"4034741\",\n \"4034733\",\n \"4034034\",\n \"4022750\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KBs only apply to Windows 2008\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nthe_session = make_array(\n 'login', login,\n 'password', pass,\n 'domain', domain,\n 'share', winsxs_share\n);\n\n# 4035679\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"errorreportingcore_31bf3856ad364e35\", file_pat:\"^wer\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19848','6.0.6002.24169'),\n max_versions:make_list('6.0.6002.20000','6.0.6002.99998'),\n bulletin:bulletin,\n kb:\"4035679\", session:the_session);\n\n# 4035056\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"font-embedding_31bf3856ad364e35\", file_pat:\"^t2embed\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19834','6.0.6002.24154'),\n max_versions:make_list('6.0.6002.20000','6.0.6002.99998'),\n bulletin:bulletin,\n kb:\"4035056\", session:the_session);\n\n# 4035055\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"win32k_31bf3856ad364e35\", file_pat:\"^win32k\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19836','6.0.6002.24157'),\n max_versions:make_list('6.0.6002.20000','6.0.6002.99998'),\n bulletin:bulletin,\n kb:\"4035055\", session:the_session);\n\n# 4034775\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"components-jetcore_31bf3856ad364e35\", file_pat:\"^msjet40\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('4.0.9801.0'),\n max_versions:make_list('4.0.9801.10000'),\n bulletin:bulletin,\n kb:\"4034775\", session:the_session);\n\n# 4034745\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"commonlog_31bf3856ad364e35\", file_pat:\"^clfs\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19837', '6.0.6002.24158'),\n max_versions:make_list('6.0.6002.20000','6.0.6002.99998'),\n bulletin:bulletin,\n kb:\"4034745\", session:the_session);\n\n# 4034744\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"dynamicvolumemanager_31bf3856ad364e35\", file_pat:\"^volmgrx\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19834', '6.0.6002.24154'),\n max_versions:make_list('6.0.6002.20000','6.0.6002.99998'),\n bulletin:bulletin,\n kb:\"4034744\", session:the_session);\n\n# 4034034\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"indexing-common_31bf3856ad364e35\", file_pat:\"^query\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19836', '6.0.6002.24154'),\n max_versions:make_list('6.0.6002.20000','6.0.6002.99998'),\n bulletin:bulletin,\n kb:\"4034034\", session:the_session);\n\n# 4022750\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"tdi-over-tcpip_31bf3856ad364e35\", file_pat:\"^tdx\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19832', '6.0.6002.24152'),\n max_versions:make_list('6.0.6002.20000','6.0.6002.99998'),\n bulletin:bulletin,\n kb:\"4022750\", session:the_session);\n\n# 4034741\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"ntoskrnl.exe\", version:\"6.0.6002.19834\", min_version:\"6.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4034741\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"ntoskrnl.exe\", version:\"6.0.6002.24154\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4034741\")\n )\n vuln++;\n\n# 4034733\nif(\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21040\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4034733\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.16929\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4034733\")\n)\n vuln++;\n\nif (vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T06:19:10", "description": "The remote Windows host is missing security update 4034666\nor cumulative update 4034665. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8651)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - An information disclosure vulnerability exists when the\n Volume Manager Extension Driver component improperly\n provides kernel information. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.To\n exploit this vulnerability, an attacker would have to\n log on to an affected system and run a specially crafted\n application.The security update addresses the\n vulnerability by correcting how Volume Manager Extension\n Driver handles objects in memory. (CVE-2017-8668)", "edition": 36, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "Windows Server 2012 August 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8664", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8651", "CVE-2017-8635"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_AUG_4034665.NASL", "href": "https://www.tenable.com/plugins/nessus/102268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102268);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0293\",\n \"CVE-2017-8591\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8624\",\n \"CVE-2017-8633\",\n \"CVE-2017-8635\",\n \"CVE-2017-8636\",\n \"CVE-2017-8641\",\n \"CVE-2017-8651\",\n \"CVE-2017-8653\",\n \"CVE-2017-8664\",\n \"CVE-2017-8666\",\n \"CVE-2017-8668\"\n );\n script_bugtraq_id(\n 98100,\n 99430,\n 100032,\n 100034,\n 100038,\n 100039,\n 100055,\n 100056,\n 100057,\n 100058,\n 100059,\n 100061,\n 100069,\n 100085,\n 100089,\n 100092\n );\n script_xref(name:\"MSKB\", value:\"4034665\");\n script_xref(name:\"MSFT\", value:\"MS17-4034665\");\n script_xref(name:\"MSKB\", value:\"4034666\");\n script_xref(name:\"MSFT\", value:\"MS17-4034666\");\n\n script_name(english:\"Windows Server 2012 August 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4034666\nor cumulative update 4034665. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8651)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - An information disclosure vulnerability exists when the\n Volume Manager Extension Driver component improperly\n provides kernel information. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.To\n exploit this vulnerability, an attacker would have to\n log on to an affected system and run a specially crafted\n application.The security update addresses the\n vulnerability by correcting how Volume Manager Extension\n Driver handles objects in memory. (CVE-2017-8668)\");\n # https://support.microsoft.com/en-us/help/4034665/windows-server-2012-update-kb4034665\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a9af664\");\n # https://support.microsoft.com/en-us/help/4034666/windows-server-2012-update-kb4034666\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bb07fa4c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4034666 or Cumulative update KB4034665.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8620\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list('4034665', '4034666');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"08_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4034665, 4034666])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T06:19:11", "description": "The remote Windows host is missing security update 4034672\nor cumulative update 4034681. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CLFS) is a high-performance,\n general-purpose log file subsystem that dedicated client\n applications can use and multiple clients can share to\n optimize log access. (CVE-2017-8624)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - An information disclosure vulnerability exists when the\n Volume Manager Extension Driver component improperly\n provides kernel information. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.To\n exploit this vulnerability, an attacker would have to\n log on to an affected system and run a specially crafted\n application.The security update addresses the\n vulnerability by correcting how Volume Manager Extension\n Driver handles objects in memory. (CVE-2017-8668)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user. If\n the current user is logged on with administrative user\n rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-8669)", "edition": 36, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "Windows 8.1 and Windows Server 2012 R2 August 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8664", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8635"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_AUG_4034681.NASL", "href": "https://www.tenable.com/plugins/nessus/102270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102270);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0293\",\n \"CVE-2017-8591\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8624\",\n \"CVE-2017-8633\",\n \"CVE-2017-8635\",\n \"CVE-2017-8636\",\n \"CVE-2017-8641\",\n \"CVE-2017-8653\",\n \"CVE-2017-8664\",\n \"CVE-2017-8666\",\n \"CVE-2017-8668\",\n \"CVE-2017-8669\"\n );\n script_bugtraq_id(\n 98100,\n 99430,\n 100032,\n 100034,\n 100038,\n 100039,\n 100055,\n 100056,\n 100057,\n 100059,\n 100061,\n 100068,\n 100069,\n 100085,\n 100089,\n 100092\n );\n script_xref(name:\"MSKB\", value:\"4034681\");\n script_xref(name:\"MSFT\", value:\"MS17-4034681\");\n script_xref(name:\"MSKB\", value:\"4034672\");\n script_xref(name:\"MSFT\", value:\"MS17-4034672\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 August 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4034672\nor cumulative update 4034681. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CLFS) is a high-performance,\n general-purpose log file subsystem that dedicated client\n applications can use and multiple clients can share to\n optimize log access. (CVE-2017-8624)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - An information disclosure vulnerability exists when the\n Volume Manager Extension Driver component improperly\n provides kernel information. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.To\n exploit this vulnerability, an attacker would have to\n log on to an affected system and run a specially crafted\n application.The security update addresses the\n vulnerability by correcting how Volume Manager Extension\n Driver handles objects in memory. (CVE-2017-8668)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user. If\n the current user is logged on with administrative user\n rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-8669)\");\n # https://support.microsoft.com/en-us/help/4034681/windows-8-1-windows-server-2012-r2-update-kb4034681\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d4d1833\");\n # https://support.microsoft.com/en-us/help/4034672/windows-8-1-windows-server-2012-r2-update-kb4034672\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dcc3ea6d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4034672 or Cumulative update KB4034681.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8620\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list('4034681', '4034672');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"08_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4034681, 4034672])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:12:42", "description": "The remote Windows host is missing security update 4034668. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635, CVE-2017-8641)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate User Mode Code\n Integrity (UMCI) policies. The vulnerability could allow\n an attacker to bypass Device Guard UMCI policies.\n (CVE-2017-8625)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2017-0250)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-8669)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2017-8633)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8636, CVE-2017-8640,\n CVE-2017-8655, CVE-2017-8672)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2017-0293)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644, CVE-2017-8652)", "edition": 23, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "title": "KB4034668: Windows 10 August 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8625", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8635"], "modified": "2017-11-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_AUG_4034668.NASL", "href": "https://www.tenable.com/plugins/nessus/104382", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104382);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0293\",\n \"CVE-2017-8591\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8624\",\n \"CVE-2017-8625\",\n \"CVE-2017-8633\",\n \"CVE-2017-8635\",\n \"CVE-2017-8636\",\n \"CVE-2017-8640\",\n \"CVE-2017-8641\",\n \"CVE-2017-8644\",\n \"CVE-2017-8652\",\n \"CVE-2017-8653\",\n \"CVE-2017-8655\",\n \"CVE-2017-8664\",\n \"CVE-2017-8666\",\n \"CVE-2017-8669\",\n \"CVE-2017-8672\"\n );\n script_bugtraq_id(\n 98100,\n 99430,\n 100027,\n 100032,\n 100034,\n 100038,\n 100039,\n 100044,\n 100047,\n 100051,\n 100055,\n 100056,\n 100057,\n 100059,\n 100061,\n 100063,\n 100068,\n 100069,\n 100072,\n 100085,\n 100089\n );\n script_xref(name:\"MSKB\", value:\"4034668\");\n script_xref(name:\"MSFT\", value:\"MS17-4034668\");\n\n script_name(english:\"KB4034668: Windows 10 August 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4034668. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635, CVE-2017-8641)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate User Mode Code\n Integrity (UMCI) policies. The vulnerability could allow\n an attacker to bypass Device Guard UMCI policies.\n (CVE-2017-8625)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2017-0250)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-8669)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2017-8633)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8636, CVE-2017-8640,\n CVE-2017-8655, CVE-2017-8672)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2017-0293)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644, CVE-2017-8652)\");\n # https://support.microsoft.com/en-us/help/4034668/windows-10-update-kb4034668\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6341411\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4034668.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8620\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list('4034668');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nos_name = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif(\"LTSB\" >!< os_name) audit(AUDIT_OS_NOT, \"Windows 10 version 1507 LTSB\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"08_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4034668])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:12:41", "description": "The remote Windows host is missing security update 4034660.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge that could allow an attacker to escape\n from the AppContainer sandbox in the browser. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges and break out of the Edge\n AppContainer sandbox.The vulnerability by itself does\n not allow arbitrary code to run. However, this\n vulnerability could be used in conjunction with one or\n more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running.The security update\n addresses the vulnerability by modifying how Microsoft\n Edge handles sandboxing. (CVE-2017-8503)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate User Mode Code\n Integrity (UMCI) policies. The vulnerability could allow\n an attacker to bypass Device Guard UCMI policies.To\n exploit the vulnerability, a user could either visit a\n malicious website or an attacker with access to the\n system could run a specially crafted application. An\n attacker could then leverage the vulnerability to run\n unsigned malicious code as though it were signed by a\n trusted source.The update addresses the vulnerability by\n correcting how Internet Explorer validates UMCI\n policies. (CVE-2017-8625)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8640)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8645)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8646)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8652)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8655)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8657)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user. If\n the current user is logged on with administrative user\n rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-8669)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8671)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8672)", "edition": 29, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "KB4034660: Windows 10 Version 1511 August 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8503", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8645", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8625", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8657", "CVE-2017-8653", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8646", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8671", "CVE-2017-8635"], "modified": "2017-08-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_AUG_4034660.NASL", "href": "https://www.tenable.com/plugins/nessus/102265", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102265);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0293\",\n \"CVE-2017-8503\",\n \"CVE-2017-8591\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8624\",\n \"CVE-2017-8625\",\n \"CVE-2017-8633\",\n \"CVE-2017-8635\",\n \"CVE-2017-8636\",\n \"CVE-2017-8640\",\n \"CVE-2017-8641\",\n \"CVE-2017-8644\",\n \"CVE-2017-8645\",\n \"CVE-2017-8646\",\n \"CVE-2017-8652\",\n \"CVE-2017-8653\",\n \"CVE-2017-8655\",\n \"CVE-2017-8657\",\n \"CVE-2017-8664\",\n \"CVE-2017-8666\",\n \"CVE-2017-8669\",\n \"CVE-2017-8671\",\n \"CVE-2017-8672\"\n );\n script_bugtraq_id(\n 98100,\n 99395,\n 99430,\n 100027,\n 100032,\n 100034,\n 100035,\n 100038,\n 100039,\n 100044,\n 100047,\n 100051,\n 100052,\n 100053,\n 100055,\n 100056,\n 100057,\n 100059,\n 100061,\n 100063,\n 100068,\n 100069,\n 100071,\n 100072,\n 100085,\n 100089\n );\n script_xref(name:\"MSKB\", value:\"4034660\");\n script_xref(name:\"MSFT\", value:\"MS17-4034660\");\n\n script_name(english:\"KB4034660: Windows 10 Version 1511 August 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4034660.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge that could allow an attacker to escape\n from the AppContainer sandbox in the browser. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges and break out of the Edge\n AppContainer sandbox.The vulnerability by itself does\n not allow arbitrary code to run. However, this\n vulnerability could be used in conjunction with one or\n more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running.The security update\n addresses the vulnerability by modifying how Microsoft\n Edge handles sandboxing. (CVE-2017-8503)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate User Mode Code\n Integrity (UMCI) policies. The vulnerability could allow\n an attacker to bypass Device Guard UCMI policies.To\n exploit the vulnerability, a user could either visit a\n malicious website or an attacker with access to the\n system could run a specially crafted application. An\n attacker could then leverage the vulnerability to run\n unsigned malicious code as though it were signed by a\n trusted source.The update addresses the vulnerability by\n correcting how Internet Explorer validates UMCI\n policies. (CVE-2017-8625)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8640)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8645)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8646)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8652)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8655)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8657)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user. If\n the current user is logged on with administrative user\n rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-8669)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8671)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8672)\");\n # https://support.microsoft.com/en-us/help/4034660/windows-10-update-kb4034660\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9088ceeb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4034660.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8620\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list('4034660');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"08_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4034660])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:12:41", "description": "The remote Windows host is missing security update 4034658.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge that could allow an attacker to escape\n from the AppContainer sandbox in the browser. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges and break out of the Edge\n AppContainer sandbox.The vulnerability by itself does\n not allow arbitrary code to run. However, this\n vulnerability could be used in conjunction with one or\n more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running.The security update\n addresses the vulnerability by modifying how Microsoft\n Edge handles sandboxing. (CVE-2017-8503)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2017-8623)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory.(CVE-2017-8624)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate User Mode Code\n Integrity (UMCI) policies. The vulnerability could allow\n an attacker to bypass Device Guard UCMI policies.To\n exploit the vulnerability, a user could either visit a\n malicious website or an attacker with access to the\n system could run a specially crafted application. An\n attacker could then leverage the vulnerability to run\n unsigned malicious code as though it were signed by a\n trusted source.The update addresses the vulnerability by\n correcting how Internet Explorer validates UMCI\n policies. (CVE-2017-8625)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8639)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8640)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8645)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8646)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8652)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8655)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8656)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8657)\n\n - A remote code execution vulnerability exists in the way\n affected Microsoft scripting engines render when\n handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8661)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user. If\n the current user is logged on with administrative user\n rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-8669)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8670)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8671)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8672)", "edition": 30, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "KB4034658: Windows 10 Version 1607 and Windows Server 2016 August 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8503", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8645", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8670", "CVE-2017-8623", "CVE-2017-8633", "CVE-2017-8625", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8656", "CVE-2017-8657", "CVE-2017-8653", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8639", "CVE-2017-8646", "CVE-2017-8661", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8671", "CVE-2017-8635"], "modified": "2017-08-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_AUG_4034658.NASL", "href": "https://www.tenable.com/plugins/nessus/102264", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102264);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0293\",\n \"CVE-2017-8503\",\n \"CVE-2017-8591\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8623\",\n \"CVE-2017-8624\",\n \"CVE-2017-8625\",\n \"CVE-2017-8633\",\n \"CVE-2017-8635\",\n \"CVE-2017-8636\",\n \"CVE-2017-8639\",\n \"CVE-2017-8640\",\n \"CVE-2017-8641\",\n \"CVE-2017-8644\",\n \"CVE-2017-8645\",\n \"CVE-2017-8646\",\n \"CVE-2017-8652\",\n \"CVE-2017-8653\",\n \"CVE-2017-8655\",\n \"CVE-2017-8656\",\n \"CVE-2017-8657\",\n \"CVE-2017-8661\",\n \"CVE-2017-8664\",\n \"CVE-2017-8666\",\n \"CVE-2017-8669\",\n \"CVE-2017-8670\",\n \"CVE-2017-8671\",\n \"CVE-2017-8672\"\n );\n script_bugtraq_id(\n 98100,\n 99395,\n 99430,\n 100027,\n 100032,\n 100033,\n 100034,\n 100035,\n 100037,\n 100038,\n 100039,\n 100042,\n 100044,\n 100047,\n 100050,\n 100051,\n 100052,\n 100053,\n 100055,\n 100056,\n 100057,\n 100059,\n 100061,\n 100063,\n 100068,\n 100069,\n 100070,\n 100071,\n 100072,\n 100085,\n 100089\n );\n script_xref(name:\"MSKB\", value:\"4034658\");\n script_xref(name:\"MSFT\", value:\"MS17-4034658\");\n\n script_name(english:\"KB4034658: Windows 10 Version 1607 and Windows Server 2016 August 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4034658.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. A remote unauthenticated attacker could\n exploit this vulnerability by sending a series of TCP\n packets to a target system, resulting in a permanent\n denial of service condition. The update addresses the\n vulnerability by correcting how the Windows network\n stack handles NetBIOS traffic. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-0293)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge that could allow an attacker to escape\n from the AppContainer sandbox in the browser. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges and break out of the Edge\n AppContainer sandbox.The vulnerability by itself does\n not allow arbitrary code to run. However, this\n vulnerability could be used in conjunction with one or\n more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running.The security update\n addresses the vulnerability by modifying how Microsoft\n Edge handles sandboxing. (CVE-2017-8503)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.To exploit the\n vulnerability, the attacker could send specially crafted\n messages to the Windows Search service. An attacker with\n access to a target computer could exploit this\n vulnerability to elevate privileges and take control of\n the computer. Additionally, in an enterprise scenario, a\n remote unauthenticated attacker could remotely trigger\n the vulnerability through an SMB connection and then\n take control of a target computer.The security update\n addresses the vulnerability by correcting how Windows\n Search handles objects in memory. (CVE-2017-8620)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2017-8623)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory.(CVE-2017-8624)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate User Mode Code\n Integrity (UMCI) policies. The vulnerability could allow\n an attacker to bypass Device Guard UCMI policies.To\n exploit the vulnerability, a user could either visit a\n malicious website or an attacker with access to the\n system could run a specially crafted application. An\n attacker could then leverage the vulnerability to run\n unsigned malicious code as though it were signed by a\n trusted source.The update addresses the vulnerability by\n correcting how Internet Explorer validates UMCI\n policies. (CVE-2017-8625)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8639)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8640)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8645)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8646)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8652)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8653)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8655)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8656)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8657)\n\n - A remote code execution vulnerability exists in the way\n affected Microsoft scripting engines render when\n handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8661)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user. If\n the current user is logged on with administrative user\n rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-8669)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8670)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8671)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8672)\");\n # https://support.microsoft.com/en-us/help/4034658/windows-10-update-kb4034658\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b993cd6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4034658.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8620\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list('4034658');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"08_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4034658])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:12:42", "description": "The remote Windows host is missing security update 4034674.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-0293)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge that could allow an attacker to escape\n from the AppContainer sandbox in the browser. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges and break out of the Edge\n AppContainer sandbox. (CVE-2017-8503)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. \n (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Subsystem for Linux handles NT\n pipes. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2017-8622)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2017-8623)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - A denial of service vulnerability exists when Windows\n Subsystem for Linux improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could cause a denial of service against\n the local system.A attacker could exploit this\n vulnerability by running a specially crafted\n application.The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2017-8627)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8634)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge as a result of how memory is accessed in\n code compiled by the Edge Just-In-Time (JIT) compiler\n that allows Arbitrary Code Guard (ACG) to be bypassed.\n (CVE-2017-8637)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8638)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8639)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8640)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly validate JavaScript\n under specific conditions, potentially allowing script\n to run with elevated privileges. (CVE-2017-8642)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8645)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8646)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8647)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge does not properly enforce same-origin\n policies, which could allow an attacker to access\n information from origins outside the current one. In a\n web-based attack scenario, an attacker could trick a\n user into loading a webpage with malicious content.\n (CVE-2017-8650)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system.\n (CVE-2017-8652)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8653)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8655)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8656)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8657)\n\n - An information disclosure vulnerability exists when the\n Chakra scripting engine does not properly handle objects\n in memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8659)\n\n - A remote code execution vulnerability exists in the way\n affected Microsoft scripting engines render when\n handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user.\n (CVE-2017-8661)\n\n - An information disclosure vulnerability for Microsoft\n Edge exists as a result of how strings are validated in\n specific scenarios, which can allow an attacker to read\n sensitive data from memory and thereby potentially\n bypass Address Space Layout Randomization (ASLR).\n (CVE-2017-8662)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-8669)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8670)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8671)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8672)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. (CVE-2017-8673)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8674)", "edition": 29, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "KB4034674: Windows 10 Version 1703 August 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8674", "CVE-2017-8503", "CVE-2017-8624", "CVE-2017-8672", "CVE-2017-8637", "CVE-2017-8673", "CVE-2017-8645", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8650", "CVE-2017-8670", "CVE-2017-8623", "CVE-2017-8622", "CVE-2017-8633", "CVE-2017-8638", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8642", "CVE-2017-8656", "CVE-2017-8657", "CVE-2017-8653", "CVE-2017-8647", "CVE-2017-8640", "CVE-2017-8644", "CVE-2017-8659", "CVE-2017-8627", "CVE-2017-8639", "CVE-2017-8646", "CVE-2017-8661", "CVE-2017-8664", "CVE-2017-8655", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8634", "CVE-2017-8669", "CVE-2017-8652", "CVE-2017-8662", "CVE-2017-8671", "CVE-2017-8635"], "modified": "2017-08-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_AUG_4034674.NASL", "href": "https://www.tenable.com/plugins/nessus/102269", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102269);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-0174\",\n \"CVE-2017-0250\",\n \"CVE-2017-0293\",\n \"CVE-2017-8503\",\n \"CVE-2017-8591\",\n \"CVE-2017-8593\",\n \"CVE-2017-8620\",\n \"CVE-2017-8622\",\n \"CVE-2017-8623\",\n \"CVE-2017-8624\",\n \"CVE-2017-8627\",\n \"CVE-2017-8633\",\n \"CVE-2017-8634\",\n \"CVE-2017-8635\",\n \"CVE-2017-8636\",\n \"CVE-2017-8637\",\n \"CVE-2017-8638\",\n \"CVE-2017-8639\",\n \"CVE-2017-8640\",\n \"CVE-2017-8641\",\n \"CVE-2017-8642\",\n \"CVE-2017-8644\",\n \"CVE-2017-8645\",\n \"CVE-2017-8646\",\n \"CVE-2017-8647\",\n \"CVE-2017-8650\",\n \"CVE-2017-8652\",\n \"CVE-2017-8653\",\n \"CVE-2017-8655\",\n \"CVE-2017-8656\",\n \"CVE-2017-8657\",\n \"CVE-2017-8659\",\n \"CVE-2017-8661\",\n \"CVE-2017-8662\",\n \"CVE-2017-8664\",\n \"CVE-2017-8666\",\n \"CVE-2017-8669\",\n \"CVE-2017-8670\",\n \"CVE-2017-8671\",\n \"CVE-2017-8672\",\n \"CVE-2017-8673\",\n \"CVE-2017-8674\"\n );\n script_bugtraq_id(\n 98100,\n 99395,\n 99430,\n 100027,\n 100029,\n 100031,\n 100032,\n 100033,\n 100034,\n 100035,\n 100037,\n 100038,\n 100039,\n 100040,\n 100042,\n 100043,\n 100044,\n 100045,\n 100046,\n 100047,\n 100048,\n 100049,\n 100050,\n 100051,\n 100052,\n 100053,\n 100054,\n 100055,\n 100056,\n 100057,\n 100059,\n 100061,\n 100065,\n 100068,\n 100069,\n 100070,\n 100071,\n 100072,\n 100079,\n 100081,\n 100085,\n 100089\n );\n script_xref(name:\"MSKB\", value:\"4034674\");\n script_xref(name:\"MSFT\", value:\"MS17-4034674\");\n\n script_name(english:\"KB4034674: Windows 10 Version 1703 August 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4034674.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists when Microsoft\n Windows improperly handles NetBIOS packets. An attacker\n who successfully exploited this vulnerability could\n cause a target computer to become completely\n unresponsive. (CVE-2017-0174)\n\n - A buffer overflow vulnerability exists in the Microsoft\n JET Database Engine that could allow remote code\n execution on an affected system. An attacker who\n successfully exploited this vulnerability could take\n complete control of an affected system. (CVE-2017-0250)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-0293)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge that could allow an attacker to escape\n from the AppContainer sandbox in the browser. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges and break out of the Edge\n AppContainer sandbox. (CVE-2017-8503)\n\n - A remote code execution vulnerability exists in Windows\n Input Method Editor (IME) when IME improperly handles\n parameters in a method of a DCOM class. The DCOM server\n is a Windows component installed regardless of which\n languages/IMEs are enabled. An attacker can instantiate\n the DCOM class and exploit the system even if IME is not\n enabled. (CVE-2017-8591)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. (CVE-2017-8593)\n\n - A remote code execution vulnerability exists when\n Windows Search handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. \n (CVE-2017-8620)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Subsystem for Linux handles NT\n pipes. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2017-8622)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2017-8623)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. (CVE-2017-8624)\n\n - A denial of service vulnerability exists when Windows\n Subsystem for Linux improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could cause a denial of service against\n the local system.A attacker could exploit this\n vulnerability by running a specially crafted\n application.The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2017-8627)\n\n - This security update resolves a vulnerability in Windows\n Error Reporting (WER). The vulnerability could allow\n elevation of privilege if successfully exploited by an\n attacker. An attacker who successfully exploited this\n vulnerability could gain greater access to sensitive\n information and system functionality. This update\n corrects the way the WER handles and executes files.\n (CVE-2017-8633)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8634)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8635)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8636)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge as a result of how memory is accessed in\n code compiled by the Edge Just-In-Time (JIT) compiler\n that allows Arbitrary Code Guard (ACG) to be bypassed.\n (CVE-2017-8637)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8638)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8639)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8640)\n\n - A remote code execution vulnerability exists in the way\n JavaScript engines render when handling objects in\n memory in Microsoft browsers. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2017-8641)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly validate JavaScript\n under specific conditions, potentially allowing script\n to run with elevated privileges. (CVE-2017-8642)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8644)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8645)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8646)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8647)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge does not properly enforce same-origin\n policies, which could allow an attacker to access\n information from origins outside the current one. In a\n web-based attack scenario, an attacker could trick a\n user into loading a webpage with malicious content.\n (CVE-2017-8650)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system.\n (CVE-2017-8652)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8653)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8655)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8656)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8657)\n\n - An information disclosure vulnerability exists when the\n Chakra scripting engine does not properly handle objects\n in memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8659)\n\n - A remote code execution vulnerability exists in the way\n affected Microsoft scripting engines render when\n handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user.\n (CVE-2017-8661)\n\n - An information disclosure vulnerability for Microsoft\n Edge exists as a result of how strings are validated in\n specific scenarios, which can allow an attacker to read\n sensitive data from memory and thereby potentially\n bypass Address Space Layout Randomization (ASLR).\n (CVE-2017-8662)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2017-8664)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8666)\n\n - A remote code execution vulnerability exists in the way\n Microsoft browsers handle objects in memory while\n rendering content. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-8669)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8670)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8671)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8672)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. (CVE-2017-8673)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8674)\");\n # https://support.microsoft.com/en-us/help/4034674/windows-10-update-kb4034674\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2cf8ca67\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4034674.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8620\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list('4034674');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"08_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4034674])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:45:08", "bulletinFamily": "info", "cvelist": ["CVE-2017-8641", "CVE-2017-8636", "CVE-2017-8624", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8653", "CVE-2017-8691", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174", "CVE-2017-8651"], "description": "### *Detect date*:\n08/08/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 \nWindows RT 8.1 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 for 32-bit Systems \nInternet Explorer 9 \nWindows Server 2016 \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 \nWindows 10 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nInternet Explorer 10 \nInternet Explorer 11 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8593](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8593>) \n[CVE-2017-8691](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8691>) \n[CVE-2017-8653](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8653>) \n[CVE-2017-0250](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0250>) \n[CVE-2017-8620](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8620>) \n[CVE-2017-8636](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8636>) \n[CVE-2017-8651](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8651>) \n[CVE-2017-8633](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8633>) \n[CVE-2017-0293](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0293>) \n[CVE-2017-0174](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0174>) \n[CVE-2017-8641](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8641>) \n[CVE-2017-8666](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8666>) \n[CVE-2017-8668](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8668>) \n[CVE-2017-8624](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8624>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-8636](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8636>)0.0Unknown \n[CVE-2017-8641](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8641>)0.0Unknown \n[CVE-2017-8651](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8651>)0.0Unknown \n[CVE-2017-8653](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8653>)0.0Unknown \n[CVE-2017-8593](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8593>)0.0Unknown \n[CVE-2017-8620](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8620>)0.0Unknown \n[CVE-2017-8691](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8691>)0.0Unknown \n[CVE-2017-0250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0250>)0.0Unknown \n[CVE-2017-8633](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8633>)0.0Unknown \n[CVE-2017-8668](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8668>)0.0Unknown \n[CVE-2017-0293](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0293>)0.0Unknown \n[CVE-2017-0174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0174>)0.0Unknown \n[CVE-2017-8666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8666>)0.0Unknown \n[CVE-2017-8624](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8624>)0.0Unknown\n\n### *KB list*:\n[4034733](<http://support.microsoft.com/kb/4034733>) \n[4034679](<http://support.microsoft.com/kb/4034679>) \n[4034664](<http://support.microsoft.com/kb/4034664>) \n[4035055](<http://support.microsoft.com/kb/4035055>) \n[4035056](<http://support.microsoft.com/kb/4035056>) \n[4035679](<http://support.microsoft.com/kb/4035679>) \n[4022750](<http://support.microsoft.com/kb/4022750>) \n[4034745](<http://support.microsoft.com/kb/4034745>) \n[4034744](<http://support.microsoft.com/kb/4034744>) \n[4034034](<http://support.microsoft.com/kb/4034034>) \n[4042050](<http://support.microsoft.com/kb/4042050>) \n[4041678](<http://support.microsoft.com/kb/4041678>) \n[4041681](<http://support.microsoft.com/kb/4041681>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2017-08-08T00:00:00", "id": "KLA11846", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11846", "title": "\r KLA11846Multiple vulnerabilities in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:57:15", "bulletinFamily": "info", "cvelist": ["CVE-2017-8624", "CVE-2017-8673", "CVE-2017-8591", "CVE-2017-0250", "CVE-2017-8666", "CVE-2017-8623", "CVE-2017-8622", "CVE-2017-8633", "CVE-2017-8593", "CVE-2017-0293", "CVE-2017-8627", "CVE-2017-8664", "CVE-2017-8668", "CVE-2017-8620", "CVE-2017-0174"], "description": "### *Detect date*:\n08/08/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information.\n\n### *Affected products*:\nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 \nWindows RT 8.1 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2016 \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 \nWindows 10 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 8.1 for x64-based systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8593](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8593>) \n[CVE-2017-8591](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8591>) \n[CVE-2017-8620](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8620>) \n[CVE-2017-8664](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8664>) \n[CVE-2017-0250](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0250>) \n[CVE-2017-8633](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8633>) \n[CVE-2017-8623](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8623>) \n[CVE-2017-8622](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8622>) \n[CVE-2017-8668](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8668>) \n[CVE-2017-8627](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8627>) \n[CVE-2017-0293](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0293>) \n[CVE-2017-0174](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0174>) \n[CVE-2017-8666](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8666>) \n[CVE-2017-8673](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8673>) \n[CVE-2017-8624](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8624>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2017-8593](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8593>)0.0Unknown \n[CVE-2017-8591](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8591>)0.0Unknown \n[CVE-2017-8620](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8620>)0.0Unknown \n[CVE-2017-8664](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8664>)0.0Unknown \n[CVE-2017-0250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0250>)0.0Unknown \n[CVE-2017-8633](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8633>)0.0Unknown \n[CVE-2017-8623](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8623>)0.0Unknown \n[CVE-2017-8622](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8622>)0.0Unknown \n[CVE-2017-8668](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8668>)0.0Unknown \n[CVE-2017-8627](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8627>)0.0Unknown \n[CVE-2017-0293](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0293>)0.0Unknown \n[CVE-2017-0174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0174>)0.0Unknown \n[CVE-2017-8666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8666>)0.0Unknown \n[CVE-2017-8673](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8673>)0.0Unknown \n[CVE-2017-8624](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8624>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4034668](<http://support.microsoft.com/kb/4034668>) \n[4034674](<http://support.microsoft.com/kb/4034674>) \n[4034681](<http://support.microsoft.com/kb/4034681>) \n[4034658](<http://support.microsoft.com/kb/4034658>) \n[4034660](<http://support.microsoft.com/kb/4034660>) \n[4034666](<http://support.microsoft.com/kb/4034666>) \n[4034665](<http://support.microsoft.com/kb/4034665>) \n[4034672](<http://support.microsoft.com/kb/4034672>) \n[4041689](<http://support.microsoft.com/kb/4041689>) \n[4041693](<http://support.microsoft.com/kb/4041693>) \n[4041687](<http://support.microsoft.com/kb/4041687>) \n[4041676](<http://support.microsoft.com/kb/4041676>) \n[4041690](<http://support.microsoft.com/kb/4041690>) \n[4041691](<http://support.microsoft.com/kb/4041691>) \n[4042895](<http://support.microsoft.com/kb/4042895>) \n[4041679](<http://support.microsoft.com/kb/4041679>)", "edition": 45, "modified": "2020-07-17T00:00:00", "published": "2017-08-08T00:00:00", "id": "KLA11087", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11087", "title": "\r KLA11087Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2017-08-15T08:08:38", "bulletinFamily": "blog", "cvelist": ["CVE-2017-0174", "CVE-2017-0250", "CVE-2017-0293", "CVE-2017-8503", "CVE-2017-8516", "CVE-2017-8591", "CVE-2017-8593", "CVE-2017-8620", "CVE-2017-8622", "CVE-2017-8623", "CVE-2017-8624", "CVE-2017-8625", "CVE-2017-8627", "CVE-2017-8633", "CVE-2017-8634", "CVE-2017-8635", "CVE-2017-8636", "CVE-2017-8637", "CVE-2017-8638", "CVE-2017-8639", "CVE-2017-8640", "CVE-2017-8641", "CVE-2017-8642", "CVE-2017-8644", "CVE-2017-8645", "CVE-2017-8646", "CVE-2017-8647", "CVE-2017-8650", "CVE-2017-8651", "CVE-2017-8652", "CVE-2017-8653", "CVE-2017-8654", "CVE-2017-8655", "CVE-2017-8656", "CVE-2017-8657", "CVE-2017-8659", "CVE-2017-8661", "CVE-2017-8662", "CVE-2017-8664", "CVE-2017-8666", "CVE-2017-8668", "CVE-2017-8669", "CVE-2017-8670", "CVE-2017-8671", "CVE-2017-8672", "CVE-2017-8673", "CVE-2017-8674", "CVE-2017-8691"], "description": "Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 48 new vulnerabilities with 25 of them rated critical, 21 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Remote Desktop Protocol, Sharepoint, SQL Server, the Windows Subsystem for Linux, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.<br /><br /><a name='more'></a><br /><h2 id=\"h.wjrt5zh1f6pu\">Vulnerabilities Rated Critical</h2>The following vulnerabilities are rated \"critical\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653\">CVE-2017-8653 - Microsoft Browser Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8669\">CVE-2017-8669 - Microsoft Browser Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8661\">CVE-2017-8661 - Microsoft Edge Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0250\">CVE-2017-0250 - Microsoft JET Database Engine Remote Code Execution Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8634\">CVE-2017-8634 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8635\">CVE-2017-8635 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8636\">CVE-2017-8636 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638\">CVE-2017-8638 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8639\">CVE-2017-8639 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640\">CVE-2017-8640 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8641\">CVE-2017-8641 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8645\">CVE-2017-8645 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646\">CVE-2017-8646 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8647\">CVE-2017-8647 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8655\">CVE-2017-8655 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8656\">CVE-2017-8656 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8657\">CVE-2017-8657 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8670\">CVE-2017-8670 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671\">CVE-2017-8671 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672\">CVE-2017-8672 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674\">CVE-2017-8674 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8591\">CVE-2017-8591 - Windows IME Remote Code Execution Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0293\">CVE-2017-0293 - Windows PDF Remote Code Execution Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620\">CVE-2017-8620 - Windows Search Remote Code Execution Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8622\">CVE-2017-8622 - Windows Subsystem for Linux Elevation of Privilege Vulnerability</a></li></ul>The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.d8c9mlg86eww\">Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in the Microsoft Browser JavaScript engine that could allow remote code execution to occur in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory, resulting in memory corruption. Exploitation of these vulnerabilities is achievable if a user visits a specifically crafted web page that contains JavaScript designed to exploit one or more of these vulnerabilities. <br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8634</li><li>CVE-2017-8635</li><li>CVE-2017-8636</li><li>CVE-2017-8638</li><li>CVE-2017-8639</li><li>CVE-2017-8640</li><li>CVE-2017-8641</li><li>CVE-2017-8645</li><li>CVE-2017-8646</li><li>CVE-2017-8647</li><li>CVE-2017-8655</li><li>CVE-2017-8656</li><li>CVE-2017-8657</li><li>CVE-2017-8670</li><li>CVE-2017-8671</li><li>CVE-2017-8672</li><li>CVE-2017-8674</li></ul><br /><h3 id=\"h.stimxk5dlt9s\">CVE-2017-8653, CVE-2017-8669 - Microsoft Browser Memory Corruption Vulnerabilities</h3><br />Two vulnerabilities have been identified in Edge and Internet Explorer that could result in remote code execution in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory when attempting to render a webpage. Both vulnerabilities could be exploited if, for example, a user visits a specifically crafted webpage that exploits one of the flaws.<br /><br /><h3 id=\"h.noriw5kti6\">CVE-2017-8661 - Microsoft Edge Memory Corruption Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could allow an attacker to execute arbitrary code on a targeted host. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the current user. Users who visit a specifically crafted web page under the control of the attacker could be exploited.<br /><br /><h3 id=\"h.37smbo42nhdo\">CVE-2017-0250 - Microsoft JET Database Engine Remote Code Execution Vulnerability</h3><br />A buffer overflow vulnerability in the Microsoft JET Database Engine has been identified that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability can be triggered by opening or previewing a specifically crafted database file on a vulnerable system. Scenarios where this could occur could be an email-based attack where an attacker sends the targeted user a malicious database file to be opened.<br /><br /><h3 id=\"h.gz14h1cr9aga\">CVE-2017-8591 - Windows IME Remote Code Execution Vulnerability</h3><br />An arbitrary code execution vulnerability in the Windows Input Method Editor (IME) has been identified that could allow an attacker to execute code in the context of the current user. The vulnerability manifests due to improper handling of parameters in a method of a DCOM class. Note that DCOM server is a component of Microsoft Windows that is installed regardless of the language/IMEs used. An attacker who exploits this vulnerability can instantiate the DCOM class and exploit the system, even if IME is disabled. <br /><br /><h3 id=\"h.sqrupi8xlp41\">CVE-2017-0293 - Windows PDF Remote Code Execution Vulnerability</h3><br />A vulnerability in Windows PDF has been identified that could allow an attacker to execute arbitrary code on a targeted host. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the current user. Users who open a specifically crafted PDF file or who visit a web page containing a specifically crafted PDF could exploit this vulnerability.<br /><br /><h3 id=\"h.63vr2sco53ko\">CVE-2017-8620 - Windows Search Remote Code Execution Vulnerability</h3><br />A vulnerability in Windows Search has been identified that could allow an attacker to remotely execute arbitrary code on a targeted host. This vulnerability manifests due to improper handling of objects in memory. Upon successful exploitation, an attacker with physical access to the affected host could elevate privileges to that of an administrator. This vulnerability could also be exploited in an enterprise environment via an SMB connection to the affected host.<br /><br /><h3 id=\"h.u6glvzjqubz7\">CVE-2017-8622 - Windows Subsystem for Linux Elevation of Privilege Vulnerability</h3><br />A vulnerability in the Windows System for Linux has been identified that could be used escalate a user's privileges to that of an administrator. This vulnerability manifests due to how the Windows Subsystem for Linux handles NT pipes. Successful exploitation could allow a local, authenticated attacker to execute code as an administrator. <br /><br /><h2 id=\"h.kw73svtlwob2\">Vulnerabilities Rated Important</h2>The following vulnerabilities are rated \"important\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8691\">CVE-2017-8691 - Express Compressed Fonts Remote Code Execution Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625\">CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503\">CVE-2017-8503 - Microsoft Edge Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642\">CVE-2017-8642 - Microsoft Edge Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644\">CVE-2017-8644 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652\">CVE-2017-8652 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8662\">CVE-2017-8662 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654\">CVE-2017-8654 - Microsoft Office SharePoint XSS Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516\">CVE-2017-8516 - Microsoft SQL Server Analysis Services Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659\">CVE-2017-8659 - Scripting Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8637\">CVE-2017-8637 - Scripting Engine Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8668\">CVE-2017-8668 - Volume Manager Extension Driver Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8593\">CVE-2017-8593 - Win32k Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8666\">CVE-2017-8666 - Win32k Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624\">CVE-2017-8624 - Windows CLFS Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8633\">CVE-2017-8633 - Windows Error Reporting Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8623\">CVE-2017-8623 - Windows Hyper-V Denial of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8664\">CVE-2017-8664 - Windows Hyper-V Remote Code Execution Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174\">CVE-2017-0174 - Windows NetBIOS Denial of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8673\">CVE-2017-8673 - Windows Remote Desktop Protocol Denial of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8627\">CVE-2017-8627 - Windows Subsystem for Linux Denial of Service Vulnerability</a></li></ul>The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.oviarhz23nwn\">CVE-2017-8644, CVE-2017-8652, CVE-2017-8662 - \ufeffMicrosoft Edge Information Disclosure Vulnerability</h3><br />Multiple vulnerabilities in Microsoft Edge have been identified that could allow an attacker to discover sensitive information regarding the targeted system. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of these vulnerabilities could given an attacker the necessary information to further exploit additional vulnerabilities on the system.<br /><br /><h3 id=\"h.52uhs0sk1gpo\">CVE-2017-8503 - Microsoft Edge Elevation of Privilege Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could result in privilege escalation if exploited. This vulnerability manifests as an AppContainter sandbox escape within the browser. Successful exploitation could result in a user obtaining elevated privileges. Note that this vulnerability does not allow arbitrary code execution. However, if used in conjunction with one more vulnerabilities, an attacker could execute arbitrary code in the context of an administrator.<br /><br /><h3 id=\"h.7os8xqvo6h9\">CVE-2017-8642 - Microsoft Edge Elevation of Privilege Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could result in privilege escalation if exploited. This vulnerability manifests due to improper validation of JavaScript in certain circumstances. Successful exploitation could elevate privileges in affected versions of Microsoft Edge. Note that this vulnerability does not permit arbitrary code execution. However, if used in conjunction with one, an attacker could execute arbitrary code with medium-level integrity, or that of the current user. Users who visit a specifically crafted web page under the control of the attacker could be exploited.<br /><br /><h3 id=\"h.w4sa7fmmkk8h\">CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability</h3><br />A vulnerability in Internet Explorer has been identified that could be exploited to bypass a security feature. This vulnerability manifests due to Internet Explorer improperly validating User Mode Code Integrity (UMCI) policies. Successful exploitation of this vulnerability could allow an attacker to execute unsigned malicious code as if it were signed. Exploiting this vulnerability is possible if a user visits a specifically crafted website designed to exploit the flaw.<br /><br /><h3 id=\"h.9higo5vo18bm\">CVE-2017-8691 - Express Compressed Fonts Remote Code Execution Vulnerability</h3><br />A vulnerability in the Windows Font library has been identified that could permit an attacker to execute arbitrary code in the context of the current user. This vulnerability manifests due to the library improperly handling specially crafted embedded fonts. Exploitation of this vulnerability is possible if a user visits a specifically crafted web page or if a user opens a specifically crafted file that is designed to exploit this vulnerability.<br /><br /><h3 id=\"h.ospgiqaad31r\">CVE-2017-8654 - Microsoft Office SharePoint XSS Vulnerability</h3><br />A vulnerability in Microsoft Sharepoint has been identified that could could allow an attacker to execute a cross-site scripting (XSS) attack. This vulnerability manifests due to Sharepoint Server improperly sanitizing specific web requests from a user. Successful exploitation of this vulnerability could allow an attacker to execute script in the context of the current user, read content that the attacker would not have permission to otherwise view, or execute actions on behalf of the affected user.<br /><br /><h3 id=\"h.777zisl7xrvb\">CVE-2017-8516 - Microsoft SQL Server Analysis Services Information Disclosure Vulnerability</h3><br />A vulnerability in Microsoft SQL Server Analysis Services has been identified that could disclose sensitive information to an attacker. This vulnerability manifests due to SQL Server Analysis Services improperly enforcing permissions. An attacker with valid credentials that permit access to the affected SQL Server could exploit this vulnerability to gain additional database and file information that should otherwise not be permitted.<br /><br /><h3 id=\"h.ky3d7sjix04t\">CVE-2017-8659 - Scripting Engine Information Disclosure Vulnerability</h3><br />A vulnerability in the Chakra JavaScript Engine has been identified that could disclose sensitive information to an attacker. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in an attacker obtaining information that could then be used to further exploit the system. Users who visit a specifically crafted web page under the control of the attacker could be exploited.<br /><br /><h3 id=\"h.prgsyvvwkldh\">CVE-2017-8637 - Scripting Engine Security Feature Bypass Vulnerability</h3><br />A vulnerability in the Microsoft Edge has been identified that could allow an attacker to bypass a security feature. This vulnerability manifests due to way memory is accessed in \"code compiled by the Edge Just-In-Time (JIT) compiler that allows Arbitrary Code Guard (ACG) to be bypassed\". Note that this exploiting this vulnerability does not result in arbitrary code execution. However, if used in combination with another vulnerability, an attacker could execute arbitrary code on the targeted system. Users who visit a specifically crafted web page under the control of the attacker could be exploited.<br /><br /><h3 id=\"h.k90frdfj3cvl\">CVE-2017-8668 - Volume Manager Extension Driver Information Disclosure Vulnerability</h3><br />A vulnerability in the Volume Manager Extension Driver has been identified that could disclose sensitive information to an attacker. This vulnerability manifests due to the Volume Manager Extension Driver improperly providing kernel information. Successful exploitation could allow an attacker to gain information that could be used to further compromise a targeted system.<br /><br /><h3 id=\"h.ta4wavxlagpn\">CVE-2017-8593 - Win32k Elevation of Privilege Vulnerability</h3><br />A vulnerability in the Win32k component in Windows has been identified that could allow a privilege escalation attack to occur. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in an attacker obtaining administrator privileges on the targeted system. Users who run a specifically crafted executable that exploits this vulnerability could leverage this vulnerability to perform actions as an administrator on the affected system.<br /><br /><h3 id=\"h.p3snwk6sios1\">CVE-2017-8666 - Win32k Information Disclosure Vulnerability</h3><br />A vulnerability in the Win32k component in Windows has been identified that could disclose sensitive information to an attacker. This vulnerability manifests due to the Win32k component improperly providing kernel information. Successful exploitation could allow an attacker to gain information that could be used to further compromise a targeted system.<br /><br /><h3 id=\"h.oehdkaw93ts8\">CVE-2017-8624 - Windows CLFS Elevation of Privilege Vulnerability</h3><br />A vulnerability in the Windows Common Log File System (CLFS) driver has been identified that could allow a privilege escalation attack to occur. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in an attacker obtaining administrator privileges on the targeted system. Users who run a specifically crafted executable that exploits this vulnerability could leverage this vulnerability to perform actions as an administrator on the affected system.<br /><br /><h3 id=\"h.kyiqmjwyyyn5\">CVE-2017-8633 - Windows Error Reporting Elevation of Privilege Vulnerability</h3><br />A vulnerability in the Windows Error Reporting (WER) has been identified that could allow a privilege escalation attack to occur. Successful exploitation of this vulnerability would result in an attacker obtaining administrator privileges on the targeted system.<br /><br /><h3 id=\"h.frc3atsjd5j8\">CVE-2017-8623 - Windows Hyper-V Denial of Service Vulnerability</h3><br />A vulnerability in the Microsoft Hyper-V Network Switch has been identified that could allow a denial of service attack to occur. This vulnerability manifests due to improper validation of input \"from a privileged user on a guest operating system.\" Successful exploitation of this vulnerability could cause the host server to crash. Exploiting this flaw requires that a privileged user on the guest host runs a specifically crafted executable that exploits this vulnerability, thus causing the host system to crash.<br /><br /><h3 id=\"h.g8fxdwt25cnc\">CVE-2017-8664 - Windows Hyper-V Remote Code Execution Vulnerability</h3><br />A vulnerability in Windows Hyper-V has been identified that could allow arbitrary code execution on the hypervisor system to occur. This vulnerability manifests due to improperly validating \"input from an authenticated user on a guest operating system.\" Exploitation of the vulnerability could be achieved if an attackers runs a specifically crafted application within a guest operating system that causes Hyper-V to execute arbitrary code.<br /><br /><h3 id=\"h.crqjkzdd0al6\">CVE-2017-0174 - Windows NetBIOS Denial of Service Vulnerability</h3><br />A vulnerability in the Microsoft Windows has been identified that could allow a denial of service attack to occur. This vulnerability manifests due to Windows improperly handling NetBIOS packets. Successful exploitation of this vulnerability could cause the host to become unresponsive. An attacker who sends a series of specifically crafted TCP packets to the targeted system could create a permanent denial of service condition.<br /><br /><h3 id=\"h.s5rm1hj00pl\">CVE-2017-8673 - Windows Remote Desktop Protocol Denial of Service Vulnerability</h3><br />A vulnerability in Remote Desktop Protocol (RDP) has been identified that could allow a denial of service attack to occur. This vulnerability manifests due to target system improperly handling RDP requests once an attacker has connected to the targeted system. Successful exploitation of this vulnerability could cause the RDP service to become unresponsive. <br /><br /><h3 id=\"h.fcntlgq890pq\">CVE-2017-8627 - Windows Subsystem for Linux Denial of Service Vulnerability</h3><br />A vulnerability in the Windows Subsystem for Linux has been identified that could allow a denial of service attack to occur. This vulnerability manifests due to the Subsystem improperly handling objects in memory. Successful exploitation of this vulnerability could cause the local system to become unresponsive. <br /><br /><h2 id=\"h.b311wwj7cqyf\">Vulnerabilities Rated Moderate</h2>The following vulnerabilities are rated \"moderate\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650\">CVE-2017-8650 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651\">CVE-2017-8651 - Internet Explorer Memory Corruption Vulnerability</a></li></ul>The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.6ja1j3o46v6h\">CVE-2017-8650 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that allow an attacker to bypass a security feature. This vulnerability manifests due to improperly enforcement of same-origin policies. Successful exploitation could allow an attacker to \"access information from origins outside the current one.\" Users who visit a specifically crafted web page under the control of the attacker could be exploited.<br /><br /><h3 id=\"h.iughuzwb6gbk\">CVE-2017-8651 - Internet Explorer Memory Corruption Vulnerability</h3><br />A vulnerability in Internet Explorer has been identified that could allow an attacker to execute arbitrary code on a targeted host. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the current user. Users who visit a specifically crafted web page under the control of the attacker could be exploited.<br /><br /><h2 id=\"h.oka11wrn5dcu\">Coverage</h2>In response to these vulnerability disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Management Center or Snort.org.<br /><br />Snort Rules:<br /><br /><ul><li>43847-43848</li><li>43851-43852</li></ul><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=Z88sYzTSITE:HAzi9Id_8t0:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/Z88sYzTSITE\" height=\"1\" width=\"1\" alt=\"\"/>", "modified": "2017-08-08T18:30:53", "published": "2017-08-08T11:30:00", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/Z88sYzTSITE/ms-tuesday.html", "id": "TALOSBLOG:74542820136FE100D138D02D9A549776", "title": "Microsoft Patch Tuesday - August 2017", "type": "talosblog", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2017-08-15T08:08:38", "bulletinFamily": "blog", "cvelist": ["CVE-2017-0174", "CVE-2017-0250", "CVE-2017-0293", "CVE-2017-8503", "CVE-2017-8516", "CVE-2017-8591", "CVE-2017-8593", "CVE-2017-8620", "CVE-2017-8622", "CVE-2017-8623", "CVE-2017-8624", "CVE-2017-8625", "CVE-2017-8627", "CVE-2017-8633", "CVE-2017-8634", "CVE-2017-8635", "CVE-2017-8636", "CVE-2017-8637", "CVE-2017-8638", "CVE-2017-8639", "CVE-2017-8640", "CVE-2017-8641", "CVE-2017-8642", "CVE-2017-8644", "CVE-2017-8645", "CVE-2017-8646", "CVE-2017-8647", "CVE-2017-8650", "CVE-2017-8651", "CVE-2017-8652", "CVE-2017-8653", "CVE-2017-8654", "CVE-2017-8655", "CVE-2017-8656", "CVE-2017-8657", "CVE-2017-8659", "CVE-2017-8661", "CVE-2017-8662", "CVE-2017-8664", "CVE-2017-8666", "CVE-2017-8668", "CVE-2017-8669", "CVE-2017-8670", "CVE-2017-8671", "CVE-2017-8672", "CVE-2017-8673", "CVE-2017-8674", "CVE-2017-8691"], "description": "\n\nEarlier this month, a blog post from Blue Frost Security was released stating that they were giving away tickets to the upcoming Ekoparty Security Conference in Argentina. But there was a catch: in order to get the tickets (and free whiskey), entrants had to complete an exploitation challenge and send them the solution. Blue Frost provided a 64-bit PE binary with a simple stack-based buffer overflow with the objective to run 'calc.exe' on Windows 7, Windows 8.1, or Windows 10.\n\nOur very own Jasiel Spelman ([@WanderingGlitch](<https://twitter.com/wanderingglitch>)) from the Zero Day Initiative decided to take a little break from work and work on the challenge. While it may seem that this challenge was set up to hack something for fun (and drinks), what it really shows is how poorly-written applications can easily be exploited. You can check out Jasiel\u2019s blog, which includes video of his demo, [here](<https://www.zerodayinitiative.com/blog/2017/8/9/the-blue-frost-security-challenge-an-exploitation-journey-for-fun-and-free-drinks>).\n\n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before July 11, 2017. Microsoft released 48 security patches for August covering Windows, Internet Explorer (IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. 25 are listed as Critical, 21 are rated Important, and two are Moderate in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [August 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review>) from the Zero Day Initiative:\n\n \n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0174 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-0250 | 29053 | \nCVE-2017-0293 | *27746 | \nCVE-2017-8503 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8516 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8591 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8593 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8620 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8622 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8623 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8624 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8625 | 29340 | \nCVE-2017-8627 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8633 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8634 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8635 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8636 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8637 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8638 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8639 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8640 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8641 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8642 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8644 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8645 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8646 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8647 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8650 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8651 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8652 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8653 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8654 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8655 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8656 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8657 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8659 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8661 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8662 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8664 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8666 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8668 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8669 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8670 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8671 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8672 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8673 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8674 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8691 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Zero-Day Filters**\n\nThere is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Cisco (1)_**\n\n| \n\n * 29277: HTTPS: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal (ZDI-17-447)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-july-31-2017/>).", "modified": "2017-08-11T16:07:23", "published": "2017-08-11T16:07:23", "id": "TRENDMICROBLOG:69CE152C75321BE9991EA1AD9027F827", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-august-7-2017/", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of August 7, 2017", "type": "trendmicroblog", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
