Detections
Analytics
Windows 2008 July 2017 Multiple Security Updates
critical Nessus Plugin ID 101374
Language:
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing multiple security updates. It is, therefore, affected by multiple vulnerabilities :- An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a reference to an external entity. An unauthenticated, remote attacker can exploit this, by convincing a user to create a Data Collector Set and import a specially crafted XML file, to disclose arbitrary files via an XML external entity (XXE) declaration. (CVE-2017-0170)
- A remote code execution vulnerability exists in Windows Explorer due to improper handling of executable files and shares during rename operations. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-8463)
- Multiple elevation of privilege vulnerabilities exist in the Microsoft Graphics component due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-8467, CVE-2017-8556, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580)
- An information disclosure vulnerability exists in Win32k due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information.
(CVE-2017-8486)
- A security bypass vulnerability exists in Microsoft Windows when handling Kerberos ticket exchanges due to a failure to prevent tampering with the SNAME field. A man-in-the-middle attacker can exploit this to bypass the Extended Protection for Authentication security feature. (CVE-2017-8495)
- An information disclosure vulnerability exists in the Windows System Information Console due to improper parsing of XML input that contains a reference to an external entity. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to disclose arbitrary files via an XML external entity (XXE) declaration.
(CVE-2017-8557)
- An elevation of privilege vulnerability exists in Windows due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. An authenticated, remote attacker can exploit this, via an application that sends specially crafted traffic to a domain controller, to run processes in an elevated context. (CVE-2017-8563)
- An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass Kernel Address Space Layout Randomization (KASLR) and disclose the base address of the kernel driver.
(CVE-2017-8564)
- A remote code execution vulnerability exists in PowerShell when handling a PSObject that wraps a CIM instance. An authenticated, remote attacker can exploit this, via a specially crafted script, to execute arbitrary code in a PowerShell remote session.
(CVE-2017-8565)
- An elevation of privilege vulnerability exists in Windows due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.
(CVE-2017-8581)
- An information disclosure vulnerability exists in the HTTP.sys server application component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information.
(CVE-2017-8582)
- A denial of service vulnerability exists in Windows Explorer that is triggered when Explorer attempts to open a non-existent file. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a user's system to stop responding. (CVE-2017-8587)
- A remote code execution vulnerability exists in WordPad due to improper parsing of specially crafted files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-8588)
- A remote code execution vulnerability exists in the Windows Search component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by sending specially crafted messages to the Windows Search service, to elevate privileges and execute arbitrary code. (CVE-2017-8589)
- An elevation of privilege vulnerability exists in the Windows Common Log File System (CLFS) driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-8590)
- A security bypass vulnerability exists in Microsoft browsers due to improper handling of redirect requests.
An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass CORS redirect restrictions. (CVE-2017-8592)
- A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618)
Solution
Apply the following security updates :- 4022746
- 4022748
- 4022914
- 4025240
- 4025252
- 4025397
- 4025398
- 4025409
- 4025497
- 4025674
- 4025872
- 4025877
- 4026059
- 4026061
- 4032955
See Also
http://www.nessus.org/u?87cdb7f6
http://www.nessus.org/u?e0e35b15
http://www.nessus.org/u?1336095c
http://www.nessus.org/u?9d0d50a8
http://www.nessus.org/u?59926d5e
http://www.nessus.org/u?9381ee94
http://www.nessus.org/u?2683f326
http://www.nessus.org/u?423780d0
http://www.nessus.org/u?626af1da
http://www.nessus.org/u?bf02f1f7
http://www.nessus.org/u?f364ec16
http://www.nessus.org/u?548d2827
http://www.nessus.org/u?628791cd
Plugin Details
Severity: Critical
ID: 101374
File Name: smb_nt_ms17_jul_win2008.nasl
Version: 1.10
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 7/11/2017
Updated: 6/17/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows_server_2008
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/11/2017
Vulnerability Publication Date: 7/11/2017
Reference Information
CVE: CVE-2017-0170, CVE-2017-8463, CVE-2017-8467, CVE-2017-8486, CVE-2017-8495, CVE-2017-8556, CVE-2017-8557, CVE-2017-8563, CVE-2017-8564, CVE-2017-8565, CVE-2017-8573, CVE-2017-8577, CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, CVE-2017-8582, CVE-2017-8587, CVE-2017-8588, CVE-2017-8589, CVE-2017-8590, CVE-2017-8592, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618
BID: 99387, 99389, 99394, 99396, 99398, 99400, 99402, 99409, 99413, 99414, 99416, 99419, 99421, 99423, 99424, 99425, 99427, 99428, 99429, 99431, 99439
MSFT: MS17-4022746, MS17-4022748, MS17-4022914, MS17-4025240, MS17-4025252, MS17-4025397, MS17-4025398, MS17-4025409, MS17-4025497, MS17-4025674, MS17-4025872, MS17-4025877, MS17-4026059, MS17-4026061, MS17-4032955
MSKB: 4022746, 4022748, 4022914, 4025240, 4025252, 4025397, 4025398, 4025409, 4025497, 4025674, 4025872, 4025877, 4026059, 4026061, 4032955