Microsoft Windows RPC CVE-2017-8461 Remote Code Execution Vulnerability
2017-06-13T00:00:00
ID SMNTC-99012 Type symantec Reporter Symantec Security Response Modified 2017-06-13T00:00:00
Description
Description
Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions.
Technologies Affected
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows XP Embedded
Recommendations
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.
Do not use client software to access unknown or untrusted hosts from critical systems.
Due to the nature of this issue, avoid using the client application to connect to unknown or untrusted hosts.
Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.
Updates are available. Please see the references or vendor advisory for more information.
{"href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/99012", "history": [{"lastseen": "2017-06-14T18:14:49", "differentElements": ["cvss", "description", "href", "affectedSoftware"], "edition": 1, "bulletin": {"cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.symantec.com/security_response/vulnerability.jsp?bid=99012", "objectVersion": "1.3", "viewCount": 11, "id": "SMNTC-99012", "history": [], "modified": "2017-06-13T00:00:00", "edition": 1, "published": "2017-06-13T00:00:00", "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. \n\n### Technologies Affected\n\n * Microsoft Windows Server 2003\n * Microsoft Windows XP\n * Microsoft Windows XP Embedded\n\n### Recommendations\n\n#### Run all software as a nonprivileged user with minimal access rights.\n\nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n#### Deploy network intrusion detection systems to monitor network traffic for malicious activity.\n\nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n#### Do not use client software to access unknown or untrusted hosts from critical systems.\n\nDue to the nature of this issue, avoid using the client application to connect to unknown or untrusted hosts.\n\n#### Implement multiple redundant layers of security.\n\nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities. \n\nUpdates are available. Please see the references or vendor advisory for more information. \n", "bulletinFamily": "software", "cvelist": ["CVE-2017-8461"], "title": "Microsoft Windows RPC CVE-2017-8461 Remote Code Execution Vulnerability", "affectedSoftware": [{"name": "Microsoft Windows Server", "operator": "eq", "version": "2003"}, {"name": "Microsoft Windows XP", "operator": "eq", "version": "any"}, {"name": "Microsoft Windows XP Embedded", "operator": "eq", "version": "any"}], "type": "symantec", "enchantments": {"score": {"modified": "2017-06-14T18:14:49", "value": 9.0}}, "lastseen": "2017-06-14T18:14:49", "reporter": "Symantec Security Response", "hashmap": [{"key": "href", "hash": "cb67c6590383df57fa1d3a0d00843bfb"}, {"key": "title", "hash": "9b76e759c2dc02597e890e794111c0fd"}, {"key": "published", "hash": "54c80a447982dbedec92463c7532b29f"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "54c80a447982dbedec92463c7532b29f"}, {"key": "affectedSoftware", "hash": "96d84f975d999221819fc43718d68037"}, {"key": "type", "hash": "52e3bbafc627009ac13caff1200a0dbf"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "cvelist", "hash": "9922e63c5bd27296f19c193c68249459"}, {"key": "description", "hash": "f598e5d2b3760d44a9e3ad9e9efad148"}, {"key": "reporter", "hash": "d6218597dc7a1b025a781373296b2b63"}], "hash": "05c651457feed65b81c2e262bdc819b459caff3317d14352e27d0688b3978d73", "references": []}}], "id": "SMNTC-99012", "reporter": "Symantec Security Response", "published": "2017-06-13T00:00:00", "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Windows Server 2003 \n * Microsoft Windows XP \n * Microsoft Windows XP Embedded \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not use client software to access unknown or untrusted hosts from critical systems.** \nDue to the nature of this issue, avoid using the client application to connect to unknown or untrusted hosts.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "title": "Microsoft Windows RPC CVE-2017-8461 Remote Code Execution Vulnerability", "bulletinFamily": "software", "type": "symantec", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "affectedSoftware": [{"name": "Microsoft Windows Server", "operator": "eq", "version": "2003 "}], "hash": "9e9314869ba709a9210c822d5f64acb09b6faef5455c1d6b9c9ab51feaabc80a", "references": [], "edition": 2, "cvelist": ["CVE-2017-8461"], "lastseen": "2018-03-13T20:24:11", "viewCount": 21, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "hashmap": [{"key": "affectedSoftware", "hash": "1bcc8a56ba18be2f2e27505869b476f0"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "9922e63c5bd27296f19c193c68249459"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "b400cf2171b2c4cd70755d0b5b2bfce2"}, {"key": "href", "hash": "f2dc1298f0f1bfe550fb58beefbeaadb"}, {"key": "modified", "hash": "54c80a447982dbedec92463c7532b29f"}, {"key": "published", "hash": "54c80a447982dbedec92463c7532b29f"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "d6218597dc7a1b025a781373296b2b63"}, {"key": "title", "hash": "9b76e759c2dc02597e890e794111c0fd"}, {"key": "type", "hash": "52e3bbafc627009ac13caff1200a0dbf"}], "objectVersion": "1.3", "modified": "2017-06-13T00:00:00"}
{"cve": [{"lastseen": "2017-07-07T10:47:17", "references": ["http://www.securitytracker.com/id/1038701", "https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003", "http://www.securityfocus.com/bid/99012"], "description": "Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka \"Windows RPC Remote Code Execution Vulnerability.\"", "edition": 4, "reporter": "NVD", "published": "2017-06-15T16:29:00", "title": "CVE-2017-8461", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-8461"], "scanner": [], "cpe": ["cpe:/o:microsoft:windows_xp", "cpe:/o:microsoft:windows_server_2003"], "modified": "2017-07-06T21:29:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8461", "id": "CVE-2017-8461", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:43:49", "references": ["https://support.microsoft.com/en-us/help/4024323"], "pluginID": "1361412562310811207", "description": "This host is missing a critical security\n update according to Microsoft KB4024323", "edition": 4, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-06-16T00:00:00", "title": "Microsoft Windows 'RPC' Remote Code Execution Vulnerability (KB4024323)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8461"], "modified": "2017-07-03T00:00:00", "id": "OPENVAS:1361412562310811207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811207", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms_rpc_rce_vuln_kb4024323.nasl 6501 2017-07-03 07:48:47Z teissa $\n#\n# Microsoft Windows 'RPC' Remote Code Execution Vulnerability (KB4024323)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811207\");\n script_version(\"$Revision: 6501 $\");\n script_cve_id(\"CVE-2017-8461\");\n script_bugtraq_id(99012);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-03 09:48:47 +0200 (Mon, 03 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-16 15:56:08 +0530 (Fri, 16 Jun 2017)\");\n script_name(\"Microsoft Windows 'RPC' Remote Code Execution Vulnerability (KB4024323)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4024323\");\n\n script_tag(name:\"vuldetect\", value:\"Get the vulnerable file version and\n check appropriate patch is applied or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in the way\n RPC service handles requests while the server has routing and remote access\n enabled.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code in the context of current user.\n\n Impact Level: System\");\n\n script_tag(name:\"affected\", value:\"\n Microsoft Windows XP SP2 x64\n\n Microsoft Windows XP SP3 x86\n\n Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior.\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the\n listed hotfixes or download and update mentioned hotfixes in the advisory\n from the below link,\n https://support.microsoft.com/en-us/help/4024323\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name : \"URL\" , value : \"https://support.microsoft.com/en-us/help/4024323\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\nsysPath = \"\";\nwinVer = \"\";\nmaxVer = \"\";\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) <= 0){\n exit(0);\n}\n\n## Get System Path\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\n## Fetch the version of Rasdlg.dll\nwinVer = fetch_file_version(sysPath, file_name:\"Rasdlg.dll\");\nif(!winVer){\n exit(0);\n}\n\n## Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n ## Check for Rasdlg.dll version\n if(version_is_less(version:winVer, test_version:\"5.1.2600.7272\"))\n {\n Vulnerable_range = \"Less than 5.1.2600.7272\";\n VULN = TRUE ;\n }\n}\n\n## Windows 2003, Windows XP SP2 64bit\nif(hotfix_check_sp(win2003:3, win2003x64:3, xpx64:3) > 0)\n{\n ## Check for Rasdlg.dll version\n if(version_is_less(version:winVer, test_version:\"5.2.3790.6099\"))\n {\n Vulnerable_range = \"Less than 5.2.3790.6099\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\Rasdlg.dll\" + '\\n' +\n 'File version: ' + winVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-09-13T06:47:29", "references": [], "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n06/15/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows XP and Microsoft Windows Server 2003. Malicious users can exploit these vulnerabilities to execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Windows XP \nMicrosoft Windows Server 2003\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[Description of the security update of Windows XP and Windows Server 2003](<https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003>) \n[Description of the security update of Windows XP and Windows Server 2003](<https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Server 2003](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003/>)\n\n### *CVE-IDS*:\n[CVE-2017-8487](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8487>) \n[CVE-2017-8461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8461>)", "edition": 15, "reporter": "Kaspersky Lab", "published": "2017-06-15T00:00:00", "title": "\r KLA11056Multiple arbitrary code execution vulnerabilities in Microsoft Windows ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2017-8461", "CVE-2017-8487"], "modified": "2018-09-10T00:00:00", "id": "KLA11056", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11056", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "huawei": [{"lastseen": "2017-06-16T18:14:51", "references": [], "description": "Microsoft had released a Security Advisory 4025685 on June 14\u00a0 to fix multiple critical security vulnerabilities in such systems as Microsoft Windows XP, Windows Server 2003, Windows VISTA, and Windows 8. Attackers can exploit these vulnerabilities to implement remote code execution or privilege elevation. (Vulnerability ID: HWPSIRT-2017-06114,HWPSIRT-2017-06115,HWPSIRT-2017-06131,HWPSIRT-2017-06133,HWPSIRT-2017-06153 and HWPSIRT-2017-06154)\nThe six vulnerabilities have been assigned six Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-0176, CVE-2017-8461, CVE-2017-8464, CVE-2017-8487, CVE-2017-8543 and CVE-2017-8552.\nHuawei has released solutions to fix all these vulnerabilities.\u00a0This advisory is available at the following link:\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170616-01-windows-en", "edition": 1, "reporter": "Huawei Technologies", "published": "2017-06-16T00:00:00", "title": "Security Advisory - Multiple Vulnerabilities Released on Microsoft Security Advisory 4025685", "type": "huawei", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "\u25cfHUAWEI MateBook X", "version": "", "operator": "eq"}], "cvelist": ["CVE-2017-8461", "CVE-2017-8464", "CVE-2017-8543", "CVE-2017-8487", "CVE-2017-8552", "CVE-2017-0176"], "modified": "2017-06-16T00:00:00", "href": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170616-01-windows-en", "id": "HUAWEI-SA-20170616-01-WINDOWS", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2018-09-01T23:44:28", "references": ["http://www.nessus.org/u?a0780816"], "pluginID": "100791", "description": "The remote Windows host is missing a security update. It is, therefore, affected by one or more of the following vulnerabilities :\n\n - A remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) handles requests if the RDP server has Smart Card authentication enabled. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code with full user privileges. (CVE-2017-0176)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - A buffer overflow condition exists in the IIS WebDAV service due to improper handling of the 'If' header in a PROPFIND request. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition or the execution of arbitrary code. This vulnerability, also known as EXPLODINGCAN, is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers. (CVE-2017-7269)\n\n - A remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) handles requests if the RDP server has Routing and Remote Access enabled. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code with full user privileges. (CVE-2017-8461)\n\n - A remote code execution vulnerability exists in Windows OLE, specifically in olecnv32.dll, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted file or email, to execute arbitrary code in the context of the current user. (CVE-2017-8487)\n\n - A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)", "edition": 10, "reporter": "Tenable", "published": "2017-06-14T00:00:00", "title": "Microsoft Security Advisory 4025685: Guidance for older platforms (XP / 2003) (EXPLODINGCAN)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8461", "CVE-2017-7269", "CVE-2017-8543", "CVE-2017-8487", "CVE-2017-0267", "CVE-2017-0222", "CVE-2017-8552", "CVE-2017-0176"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/a:microsoft:iis", "cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_JUNE_XP_2003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=100791", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100791);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/30 15:31:34\");\n\n script_cve_id(\n \"CVE-2017-0176\",\n \"CVE-2017-0222\",\n \"CVE-2017-0267\",\n \"CVE-2017-7269\",\n \"CVE-2017-8461\",\n \"CVE-2017-8487\",\n \"CVE-2017-8543\",\n \"CVE-2017-8552\"\n );\n script_bugtraq_id(\n 97127,\n 98127,\n 98259,\n 98752,\n 98824,\n 99012,\n 99013,\n 99035\n );\n script_xref(name:\"MSKB\", value:\"3197835\");\n script_xref(name:\"MSFT\", value:\"MS17-3197835\");\n script_xref(name:\"MSKB\", value:\"4018271\");\n script_xref(name:\"MSFT\", value:\"MS17-4018271\");\n script_xref(name:\"MSKB\", value:\"4018466\");\n script_xref(name:\"MSFT\", value:\"MS17-4018466\");\n script_xref(name:\"MSKB\", value:\"4019204\");\n script_xref(name:\"MSFT\", value:\"MS17-4019204\");\n script_xref(name:\"MSKB\", value:\"4022747\");\n script_xref(name:\"MSFT\", value:\"MS17-4022747\");\n script_xref(name:\"MSKB\", value:\"4024323\");\n script_xref(name:\"MSFT\", value:\"MS17-4024323\");\n script_xref(name:\"MSKB\", value:\"4024402\");\n script_xref(name:\"MSFT\", value:\"MS17-4024402\");\n script_xref(name:\"MSKB\", value:\"4025218\");\n script_xref(name:\"MSFT\", value:\"MS17-4025218\");\n script_xref(name:\"EDB-ID\", value:\"41738\");\n script_xref(name:\"EDB-ID\", value:\"41992\");\n\n script_name(english:\"Microsoft Security Advisory 4025685: Guidance for older platforms (XP / 2003) (EXPLODINGCAN)\");\n script_summary(english:\"Checks the versions of system files.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected by one or more of the following vulnerabilities :\n\n - A remote code execution vulnerability exists in how the\n Remote Desktop Protocol (RDP) handles requests if the\n RDP server has Smart Card authentication enabled. An\n authenticated, remote attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with full user privileges. (CVE-2017-0176)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - A buffer overflow condition exists in the IIS WebDAV\n service due to improper handling of the 'If' header in a\n PROPFIND request. An unauthenticated, remote attacker\n can exploit this, via a specially crafted request, to\n cause a denial of service condition or the execution of\n arbitrary code. This vulnerability, also known as\n EXPLODINGCAN, is one of multiple Equation Group\n vulnerabilities and exploits disclosed on 2017/04/14 by\n a group known as the Shadow Brokers. (CVE-2017-7269)\n\n - A remote code execution vulnerability exists in how the\n Remote Desktop Protocol (RDP) handles requests if the\n RDP server has Routing and Remote Access enabled. An\n authenticated, remote attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with full user privileges. (CVE-2017-8461)\n\n - A remote code execution vulnerability exists in Windows\n OLE, specifically in olecnv32.dll, due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted file or email, to execute arbitrary\n code in the context of the current user. (CVE-2017-8487)\n\n - A remote code execution vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the\n GDI component due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n document or visit a specially crafted website, to\n disclose the contents of memory. (CVE-2017-8552)\");\n # https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0780816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows XP and 2003.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:' Microsoft IIS WebDav ScStoragePathFromUrl Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:iis\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nkbs = make_list(\n '3197835',\n '4018271',\n '4018466',\n '4019204',\n '4022747',\n '4024323',\n '4024402',\n '4025218'\n);\n\nbulletin = 'MS17-06';\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'2,3', win2003:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = FALSE;\nif ('XP' >< productname)\n{\n if (\n # Windows XP SP3 (x86)\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"win32k.sys\", version:\"5.1.2600.7258\", min_version:\"5.1.2600.5000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4019204\", arch:\"x86\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"query.dll\", version:\"5.1.2600.7273\", min_version:\"5.1.2600.5000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4024402\", arch:\"x86\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"olecnv32.dll\", version:\"5.1.2600.7285\", min_version:\"5.1.2600.5000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025218\", arch:\"x86\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"rasmxs.dll\", version:\"5.1.2600.7272\", min_version:\"5.1.2600.5000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4024323\", arch:\"x86\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"httpext.dll\", version:\"6.0.2600.7150\", min_version:\"6.0.0.0\", dir:\"\\system32\\inetsrv\", bulletin:bulletin, kb:\"3197835\", arch:\"x86\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"srv.sys\", version:\"5.1.2600.7238\", min_version:\"5.1.2600.5000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4018466\", arch:\"x86\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"mshtml.dll\", version:\"8.0.6001.23942\", min_version:\"8.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\", arch:\"x86\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"gpkcsp.dll\", version:\"5.1.2600.7264\", min_version:\"5.1.2600.5000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4022747\", arch:\"x86\") ||\n\n # Windows XP SP2 (x64)\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"win32k.sys\", version:\"5.2.3790.6080\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4019204\", arch:\"x64\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"query.dll\", version:\"5.2.3790.6100\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4024402\", arch:\"x64\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"olecnv32.dll\", version:\"5.2.3790.6113\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025218\", arch:\"x64\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"rasmxs.dll\", version:\"5.2.3790.6099\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4024323\", arch:\"x64\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"httpext.dll\", version:\"6.0.3790.5955\", min_version:\"6.0.0.0\", dir:\"\\system32\\inetsrv\", bulletin:bulletin, kb:\"3197835\", arch:\"x64\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"srv.sys\", version:\"5.2.3790.6051\", min_version:\"5.2.3790.3000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4018466\", arch:\"x64\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"mshtml.dll\", version:\"8.0.6001.23942\", min_version:\"8.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"4018271\", arch:\"x64\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"gpkcsp.dll\", version:\"5.2.3790.6093\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4022747\", arch:\"x64\")\n ) vuln = TRUE;\n}\nelse if ('2003' >< productname)\n{\n if (\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"win32k.sys\", version:\"5.2.3790.6080\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4019204\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"query.dll\", version:\"5.2.3790.6100\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4024402\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"olecnv32.dll\", version:\"5.2.3790.6113\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4025218\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"rasmxs.dll\", version:\"5.2.3790.6099\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4024323\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"httpext.dll\", version:\"6.0.3790.5955\", min_version:\"6.0.0.0\", dir:\"\\system32\\inetsrv\", bulletin:bulletin, kb:\"3197835\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"srv.sys\", version:\"5.2.3790.6051\", min_version:\"5.2.3790.3000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"4018466\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"gpkcsp.dll\", version:\"5.2.3790.6093\", min_version:\"5.2.3790.3000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4022747\")\n ) vuln = TRUE;\n}\n\nif (vuln)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "qualysblog": [{"lastseen": "2017-06-13T23:15:21", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "enchantments_done": [], "description": "Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.\n\nMicrosoft also released [Security Advisory 4025685](<https://support.microsoft.com/en-ca/help/4025685/microsoft-security-advisory-4025685-guidance>) which includes patches for older platforms due to heightened risk of exploitation. In my opinion this should be treated as a blue-print for future attacks and updates for EOL operating systems should be applied as soon as possible. Older platforms include Windows XP, Windows Server 2003, Vista and Windows 8 and older issues like MS08-067, MS09-050, MS10-061, MS14-068, MS17-010, MS17-013 are patched. Newer issues affecting older platforms like CVE-2017-0176, CVE-2017-0222, CVE-2017-0267 to 0280, CVE-2017-7269, CVE-2017-8461, CVE-2017-8464, CVE-2017-8487, CVE-2017-8543 and CVE-2017-8552 are also patched.\n\nTop priority in the list of supported platforms goes to a vulnerability [CVE-2017-8543](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543>) which according to Microsoft is currently exploited in the wild. Attackers can take complete control of victim computer by sending a SMB request to windows search service. The issue affects Windows Server 2016, 2012, 2008 as well as desktop systems like Windows 10, 7 and 8.1. Microsoft has also provide a patch for this issue for older EOL platforms. As the issue is currently used in attacks we recommend organizations to apply patches as soon as possible. Another vulnerability that is currently exploited is [CVE-2017-8464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464>) which is the Windows LNK issue that can also allow attackers to take complete control of the victim machine.\n\nAnother high priority issue is [CVE-2017-8527](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527>) which is the Windows graphic font engine vulnerability that is triggered when users view a malicious website with specially crafted fonts. CVE-2017-8528 and CVE-2017-0283 are similar to the font issue and can be triggered if users view specially encoded Unicode text. Both issues allow attackers to take complete control of victim machine.\n\nOrganizations using Outlook should patch [CVE-2017-8507](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507>) as is another of those issues in which attackers can send malicious e-mail and take complete control when the users views it in Outlook. Office vulnerabilities [CVE-2017-0260](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260>) and [CVE-2017-8506](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506>) can be triggered if users open malicious office documents and should be patches as soon as possible as Office is a relatively easy exploit vector for social engineering attacks.\n\nPatches for Microsoft Edge and IE fix many remote code execution issues and CVE-2017-8498, CVE-2017-8530 and CVE-2017-8523 are particularly important as they have been publicly disclosed although no attacks have been observed yet. Other remote code execution issues fixed today include the Windows PDF CVE-2017-0291 and CVE-2017-0292.\n\nOverall its a large security update which is almost double as compared to last two months in the number of patched vulnerabilities. Actively exploited SMB issue CVE-2017-8543 and patches released for older end-of-life operating systems are sure to keep system administrators and security teams busy.", "reporter": "amolsarwate", "published": "2017-06-13T18:28:02", "title": "Microsoft Fixes 94 Security Issues in Massive June Update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "qualysblog", "bulletinFamily": "blog", "cvelist": ["CVE-2017-8461", "CVE-2017-7269", "CVE-2017-8530", "CVE-2017-8528", "CVE-2017-8506", "CVE-2017-8464", "CVE-2017-8543", "CVE-2017-0291", "CVE-2017-8507", "CVE-2017-8487", "CVE-2017-0283", "CVE-2017-0292", "CVE-2017-0267", "CVE-2017-8523", "CVE-2017-8498", "CVE-2017-0222", "CVE-2017-8552", "CVE-2017-0176", "CVE-2017-8527", "CVE-2017-0260"], "_object_type": "robots.models.rss.RssBulletin", "modified": "2017-06-13T18:28:02", "href": "https://blog.qualys.com/laws-of-vulnerabilities/2017/06/13/microsoft-fixes-94-security-issues-in-massive-june-update", "id": "QUALYSBLOG:E752DE2F12FECA2E217194D510424325", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2017-06-27T11:16:56", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "enchantments_done": [], "description": "\n\n\u201cWhat can you sit on, sleep on, and brush your teeth with?\u201d This was the question posed to Steve Martin\u2019s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand's 1897 verse play Cyrano de Bergerac, the movie centers around C.D.\u2019s attempt to win the love of a woman while navigating life with his unusually large nose. When C.D. wonders what the point of the question is, his god sister responds, \u201cThe point is that sometimes the answer is so obvious, you don't even realize it. It's as plain as the nose on your face.\u201d By the way, the answer to the question is so obvious: a chair, a bed, and a toothbrush.\n\nAt the Gartner Security and Risk Summit in Washington, D.C., held earlier this week, I heard a recurring theme across the various sessions I attended. The theme was around the fact that the discipline of patching isn\u2019t where it needs to be. As we witnessed with the recent WannaCry ransomware attack, which utilized vulnerabilities that were disclosed by The Shadow Brokers and subsequently patched by Microsoft, many organizations were still affected because they hadn\u2019t patched their systems. The general guidance given at various sessions: Patch your systems. While the answer is so obvious, it may not be practical for some organizations, especially those with thousands of systems. Our solutions can help through the use of \u201cvirtual patching.\u201d While virtual patching is a term that is now pretty common in the security world, where we stand out is when vulnerabilities haven\u2019t been patched by the vendor. If a vulnerability comes to us via the Zero Day Initiative, we will have protection for our customers ahead of a patch that\u2019s made available by the vendor. This is even more important if a vulnerability is brought to us for a solution that is no longer supported by the vendor. Interestingly enough, with this month\u2019s Microsoft Patch Tuesday, Microsoft has issued SMB patches for Windows XP, which reached its end of support deadline in April 2014. While Microsoft states that doing this is an exception and not the norm, it could create a false \u201csafety net\u201d for those who haven\u2019t upgraded their systems. The precedent that this might set in the future is an answer that isn\u2019t so obvious.\n\n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before June 13, 2017. Microsoft released patches for almost 100 new CVEs in Internet Explorer, Edge, Office, Windows, and Skype. A total of 18 of these CVEs are rated Critical. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [June 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/6/13/the-june-2017-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0173 | | No Vendor Intelligence Provided \nCVE-2017-0193 | | No Vendor Intelligence Provided \nCVE-2017-0215 | 28628 | \nCVE-2017-0216 | | No Vendor Intelligence Provided \nCVE-2017-0218 | | No Vendor Intelligence Provided \nCVE-2017-0219 | | No Vendor Intelligence Provided \nCVE-2017-0260 | | No Vendor Intelligence Provided \nCVE-2017-0282 | | No Vendor Intelligence Provided \nCVE-2017-0283 | | No Vendor Intelligence Provided \nCVE-2017-0284 | | No Vendor Intelligence Provided \nCVE-2017-0285 | | No Vendor Intelligence Provided \nCVE-2017-0286 | | No Vendor Intelligence Provided \nCVE-2017-0287 | | No Vendor Intelligence Provided \nCVE-2017-0288 | | No Vendor Intelligence Provided \nCVE-2017-0289 | | No Vendor Intelligence Provided \nCVE-2017-0291 | | No Vendor Intelligence Provided \nCVE-2017-0292 | | No Vendor Intelligence Provided \nCVE-2017-0294 | | No Vendor Intelligence Provided \nCVE-2017-0295 | | No Vendor Intelligence Provided \nCVE-2017-0296 | | Insufficient Vendor Information \nCVE-2017-0297 | | No Vendor Intelligence Provided \nCVE-2017-0298 | | No Vendor Intelligence Provided \nCVE-2017-0299 | | No Vendor Intelligence Provided \nCVE-2017-0300 | | No Vendor Intelligence Provided \nCVE-2017-8460 | | No Vendor Intelligence Provided \nCVE-2017-8461 | | No Vendor Intelligence Provided \nCVE-2017-8462 | | No Vendor Intelligence Provided \nCVE-2017-8464 | 28614 | \nCVE-2017-8465 | 28616 | \nCVE-2017-8466 | 28618 | \nCVE-2017-8468 | 28620 | \nCVE-2017-8469 | | No Vendor Intelligence Provided \nCVE-2017-8470 | | No Vendor Intelligence Provided \nCVE-2017-8471 | | No Vendor Intelligence Provided \nCVE-2017-8472 | | No Vendor Intelligence Provided \nCVE-2017-8473 | | No Vendor Intelligence Provided \nCVE-2017-8474 | | No Vendor Intelligence Provided \nCVE-2017-8475 | | No Vendor Intelligence Provided \nCVE-2017-8476 | | No Vendor Intelligence Provided \nCVE-2017-8477 | | No Vendor Intelligence Provided \nCVE-2017-8478 | | No Vendor Intelligence Provided \nCVE-2017-8479 | | No Vendor Intelligence Provided \nCVE-2017-8480 | | No Vendor Intelligence Provided \nCVE-2017-8481 | | No Vendor Intelligence Provided \nCVE-2017-8482 | | No Vendor Intelligence Provided \nCVE-2017-8483 | | No Vendor Intelligence Provided \nCVE-2017-8484 | | No Vendor Intelligence Provided \nCVE-2017-8485 | | No Vendor Intelligence Provided \nCVE-2017-8487 | | No Vendor Intelligence Provided \nCVE-2017-8488 | | No Vendor Intelligence Provided \nCVE-2017-8489 | | No Vendor Intelligence Provided \nCVE-2017-8490 | | No Vendor Intelligence Provided \nCVE-2017-8491 | | No Vendor Intelligence Provided \nCVE-2017-8492 | | No Vendor Intelligence Provided \nCVE-2017-8493 | | No Vendor Intelligence Provided \nCVE-2017-8494 | | No Vendor Intelligence Provided \nCVE-2017-8496 | 28613 | \nCVE-2017-8497 | 28615 | \nCVE-2017-8498 | | No Vendor Intelligence Provided \nCVE-2017-8499 | | No Vendor Intelligence Provided \nCVE-2017-8504 | | No Vendor Intelligence Provided \nCVE-2017-8506 | | No Vendor Intelligence Provided \nCVE-2017-8507 | | No Vendor Intelligence Provided \nCVE-2017-8508 | | No Vendor Intelligence Provided \nCVE-2017-8509 | 28619 | \nCVE-2017-8510 | 28621 | \nCVE-2017-8511 | | No Vendor Intelligence Provided \nCVE-2017-8512 | | No Vendor Intelligence Provided \nCVE-2017-8513 | | No Vendor Intelligence Provided \nCVE-2017-8514 | | No Vendor Intelligence Provided \nCVE-2017-8515 | | No Vendor Intelligence Provided \nCVE-2017-8517 | | No Vendor Intelligence Provided \nCVE-2017-8519 | | No Vendor Intelligence Provided \nCVE-2017-8520 | | No Vendor Intelligence Provided \nCVE-2017-8521 | | No Vendor Intelligence Provided \nCVE-2017-8522 | | No Vendor Intelligence Provided \nCVE-2017-8523 | | No Vendor Intelligence Provided \nCVE-2017-8524 | 28622 | \nCVE-2017-8527 | | No Vendor Intelligence Provided \nCVE-2017-8528 | | No Vendor Intelligence Provided \nCVE-2017-8529 | | Insufficient Vendor Information \nCVE-2017-8530 | | No Vendor Intelligence Provided \nCVE-2017-8531 | | No Vendor Intelligence Provided \nCVE-2017-8532 | | No Vendor Intelligence Provided \nCVE-2017-8533 | | No Vendor Intelligence Provided \nCVE-2017-8534 | | No Vendor Intelligence Provided \nCVE-2017-8543 | 28629 | \nCVE-2017-8544 | | No Vendor Intelligence Provided \nCVE-2017-8545 | | No Vendor Intelligence Provided \nCVE-2017-8547 | 28611 | \nCVE-2017-8548 | | No Vendor Intelligence Provided \nCVE-2017-8549 | | No Vendor Intelligence Provided \nCVE-2017-8550 | | No Vendor Intelligence Provided \nCVE-2017-8551 | | No Vendor Intelligence Provided \nCVE-2017-8553 | | No Vendor Intelligence Provided \nCVE-2017-8554 | | No Vendor Intelligence Provided \nCVE-2017-8555 | | No Vendor Intelligence Provided \n \n \n\n**Zero-Day Filters**\n\nThere are 11 new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (5)_**\n\n| \n\n * 28543: ZDI-CAN-4719: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28544: ZDI-CAN-4729: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28546: ZDI-CAN-4730: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28547: ZDI-CAN-4731: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28548: ZDI-CAN-4732: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)**_ _** \n---|--- \n| \n \n**_Trend Micro (5)_**\n\n| \n\n * 28536: ZDI-CAN-4652: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\n * 28537: ZDI-CAN-4653: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\n * 28538: ZDI-CAN-4659: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\n * 28541: ZDI-CAN-4664: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\n * 28542: ZDI-CAN-4671,4675: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)**_ _** \n---|--- \n| \n \n**_Hewlett Packard Enterprise (1)_**\n\n| \n\n * 28608: HTTPS: HPE Network Automation RedirectServlet SQL Injection Vulnerability (ZDI-17-331)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-june-5-2017/>).", "reporter": "Elisa Lippincott (TippingPoint Global Product Marketing)", "published": "2017-06-16T12:00:40", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 12, 2017", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "trendmicroblog", "bulletinFamily": "blog", "cvelist": ["CVE-2017-8488", "CVE-2017-8461", "CVE-2017-8531", "CVE-2017-8481", "CVE-2017-0218", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-0173", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8499", "CVE-2017-8530", "CVE-2017-8482", "CVE-2017-8528", "CVE-2017-0286", "CVE-2017-8549", "CVE-2017-0288", "CVE-2017-8506", "CVE-2017-8464", "CVE-2017-8508", "CVE-2017-8472", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8553", "CVE-2017-8522", "CVE-2017-8469", "CVE-2017-8513", "CVE-2017-8550", "CVE-2017-8492", "CVE-2017-8496", "CVE-2017-8543", "CVE-2017-8545", "CVE-2017-0291", "CVE-2017-8465", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8507", "CVE-2017-8474", "CVE-2017-8487", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-8460", "CVE-2017-8509", "CVE-2017-0294", "CVE-2017-0292", "CVE-2017-8468", "CVE-2017-8489", "CVE-2017-8517", "CVE-2017-8477", "CVE-2017-8551", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-0193", "CVE-2017-8512", "CVE-2017-0300", "CVE-2017-8494", "CVE-2017-8520", "CVE-2017-8519", "CVE-2017-8521", "CVE-2017-8548", "CVE-2017-8498", "CVE-2017-0287", "CVE-2017-8473", "CVE-2017-0285", "CVE-2017-8511", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0216", "CVE-2017-0284", "CVE-2017-0295", "CVE-2017-8555", "CVE-2017-8544", "CVE-2017-8510", "CVE-2017-8514", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0219", "CVE-2017-8515", "CVE-2017-0282", "CVE-2017-8497", "CVE-2017-8475", "CVE-2017-8466", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-0215", "CVE-2017-8534", "CVE-2017-8504", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8493", "CVE-2017-8527", "CVE-2017-0296", "CVE-2017-0260"], "_object_type": "robots.models.rss.RssBulletin", "modified": "2017-06-16T12:00:40", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-june-12-2017/", "id": "TRENDMICROBLOG:7C04AD3395CF22028CC84BEFD34A2090", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
