Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-96622
HistoryMar 14, 2017 - 12:00 a.m.

Microsoft Windows CVE-2017-0055 Cross Site Scripting Vulnerability

2017-03-1400:00:00
Symantec Security Response
www.symantec.com
57

0.006 Low

EPSS

Percentile

75.2%

JSON

Description

Microsoft Windows is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Technologies Affected

  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1511 for 32-bit Systems
  • Microsoft Windows 10 version 1511 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008 R2 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP2
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016 for x64-based Systems
  • Microsoft Windows Vista Service Pack 2
  • Microsoft Windows Vista x64 Edition Service Pack 2

Recommendations

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Set web browser security to disable the execution of JavaScript.
Since a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.

Updates are available. Please see the references or vendor advisory for more information.

Related

mskb 11
cvelist 1
cve 1
nessus 1
kaspersky 3
prion 1
mscve 1
packetstorm 1
checkpoint_advisories 1
seebug 1
openvas 1
myhack58 1
mskb
mskb
MS17-016: Security update for Internet Information Services: March 14, 2017
2017-03-14 00:00:00
Security update 2017-03-14
2017-03-14 07:00:00
March 2017 Security Only Quality Update for Windows Server 2012
2017-03-14 07:00:00
cvelist
cvelist
CVE-2017-0055
2017-03-17 00:00:00
cve
cve
CVE-2017-0055
2017-03-17 00:59:00
nessus
nessus
MS17-016: Security Update for Windows IIS (4013074)
2017-03-15 00:00:00
kaspersky
kaspersky
KLA10983 Privilege escalation vulnerability in Windows IIS
2017-03-14 00:00:00
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
2017-03-14 00:00:00
KLA10979 Multiple vulnerabilities in Microsoft Windows
2017-03-14 00:00:00
prion
prion
Design/Logic Flaw
2017-03-17 00:59:00
mscve
mscve
Microsoft IIS Server XSS Elevation of Privilege Vulnerability
2017-03-14 07:00:00
packetstorm
packetstorm
Microsoft Internet Information Services Cross Site Scripting
2017-03-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft IIS Server XSS Elevation of Privilege (MS17-016: CVE-2017-0055)
2017-03-14 00:00:00
seebug
seebug
Microsoft IIS Server XSS Vulnerability(CVE-2017-0055)
2017-05-12 00:00:00
openvas
openvas
Microsoft Windows IIS Privilege Escalation Vulnerability (4013074)
2017-03-15 00:00:00
myhack58
myhack58
Those years make us tremble in fear of the IIS vulnerability-vulnerability warning-the black bar safety net
2018-11-23 00:00:00

0.006 Low

EPSS

Percentile

75.2%

JSON
Related for SMNTC-96622
mskb11cvelist1cve1nessus1kaspersky3prion1mscve1packetstorm1checkpoint_advisories1seebug1openvas1myhack581