Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-96024
HistoryMar 14, 2017 - 12:00 a.m.

Microsoft Windows CVE-2017-0039 DLL Loading Local Privilege Escalation Vulnerability

2017-03-1400:00:00
Symantec Security Response
www.symantec.com
19

0.075 Low

EPSS

Percentile

94.1%

JSON

Description

Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges.

Technologies Affected

  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Vista Service Pack 2
  • Microsoft Windows Vista x64 Edition Service Pack 2

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Ensure that only trusted users have local, interactive access to affected computers.

Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as non-executable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.

Related

mskb 4
checkpoint_advisories 1
cvelist 1
nvd 1
cve 1
mscve 1
prion 1
nessus 1
openvas 1
kaspersky 2
mskb
mskb
MS17-012: Description of the security update for Microsoft Windows: March 14, 2017
2017-03-14 07:00:00
MS17-012: Security update for Microsoft Windows: March 14, 2017
2017-03-14 00:00:00
March 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
2017-03-14 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows DLL Loading Remote Code Execution (MS17-012: CVE-2017-0039)
2017-03-14 00:00:00
cvelist
cvelist
CVE-2017-0039
2017-03-17 00:00:00
nvd
nvd
CVE-2017-0039
2017-03-17 00:59:01
cve
cve
CVE-2017-0039
2017-03-17 00:59:01
mscve
mscve
Windows DLL Loading Remote Code Execution Vulnerability
2017-03-14 07:00:00
prion
prion
Remote code execution
2017-03-17 00:59:00
nessus
nessus
MS17-012: Security Update for Microsoft Windows (4013078)
2017-03-15 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (4013078)
2017-03-15 00:00:00
kaspersky
kaspersky
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
2017-03-14 00:00:00
KLA10979 Multiple vulnerabilities in Microsoft Windows
2017-03-14 00:00:00

0.075 Low

EPSS

Percentile

94.1%

JSON
Related for SMNTC-96024
mskb4checkpoint_advisories1cvelist1nvd1cve1mscve1prion1nessus1openvas1kaspersky2