Zero-Day 2017- Úvod Graf Katalog Zranitelností OWASP Webové útoky (103) Vulnerebility Web Vul. Top 50 in years CVE Defination ATT&CK Matrix for Enterprise
2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009
Microsoft Patch Tuesday – December 2017
This month the vendor has patched 32 vulnerabilities, 19 of which are rated
Critical.
This month, Microsoft has patched 32 vulnerabilities, 19 of which are rated
Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the December 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Microsoft Internet Explorer
Microsoft Edge
Microsoft ChakraCore
Microsoft Office
Microsoft Exchange Server
Microsoft Windows
The following is a breakdown of the issues being addressed this month:
Cumulative Security Update for Microsoft Browsers
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11888) MS Rating: Critical
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11889) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11893) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11886) MS Rating: Critical
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11890) MS Rating: Critical
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11894) MS Rating: Critical
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11895) MS Rating: Critical
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11901) MS Rating: Critical
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11903) MS Rating: Critical
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11914) MS Rating: Critical
A
remote code execution vulnerability exists when Microsoft Edge improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that enables an attacker to execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11905) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11907) MS Rating: Critical
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11908) MS Rating: Critical
A
remote code execution vulnerability exists when Microsoft Edge improperly
accesses objects in memory.This vulnerability may corrupt memory in such a way
that enables an attacker to execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11909) MS Rating: Critical
A
remote code execution vulnerability exists when Microsoft Edge improperly
accesses objects in memory.This vulnerability may corrupt memory in such a way
that enables an attacker to execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11910) MS Rating: Critical
A
remote code execution vulnerability exists when Microsoft Edge improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that enables an attacker to execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11911) MS Rating: Critical
A
remote code execution vulnerability exists when Microsoft Edge improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that enables an attacker to execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11912) MS Rating: Critical
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11918) MS Rating: Critical
A
remote code execution vulnerability exists when Microsoft Edge improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that enables an attacker to execute arbitrary code in the context of the current
user.
Scripting Engine Information Disclosure Vulnerability (CVE-2017-11919) MS Rating: Important
An
information disclosure vulnerability exists when the scripting engine does not
properly handle objects in memory in Microsoft browsers. An attacker can exploit
this issue to obtain sensitive information to further compromise the user's
system.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11930) MS Rating: Important
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Information Disclosure Vulnerability (CVE-2017-11887) MS Rating: Important
An
information disclosure vulnerability exists when Internet Explorer improperly
handles objects in memory. An attacker can exploit this issue to obtain
sensitive information to further compromise the user's system.
Scripting Engine Information Disclosure Vulnerability (CVE-2017-11906) MS Rating: Important
An
information disclosure vulnerability exists when Internet Explorer improperly
handles objects in memory. An attacker can exploit this issue to obtain
sensitive information to further compromise the user's system.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11913) MS Rating: Important
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. This vulnerability may corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11916) MS Rating: Important
A
remote code execution vulnerability exists in the way that the ChakraCore
scripting engine handles objects in memory. This vulnerability may corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Cumulative Security Update for Microsoft Office
Microsoft Exchange Spoofing Vulnerability (CVE-2017-11932) MS Rating: Important
A
spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web
Access (OWA) fails to properly handle web requests. An attacker can exploit this
issue to perform script or content injection attacks, and attempt to trick the
user into disclosing sensitive information.
Microsoft PowerPoint Information Disclosure Vulnerability (CVE-2017-11934) MS Rating: Important
An
information disclosure vulnerability exists when Microsoft Office improperly
discloses the contents of its memory. An attacker can exploit this issue to
obtain sensitive information to compromise the user computer or data.
Microsoft Excel Remote Code Execution Vulnerability (CVE-2017-11935) MS Rating: Important
A
remote code execution vulnerability exists in Microsoft Office software when it
fails to properly handle objects in memory. An attacker who successfully
exploited the vulnerability could use a specially crafted file to perform
actions in the security context of the current user.
Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2017-11936) MS Rating: Important
An
elevation of privilege vulnerability exists when Microsoft SharePoint Server
does not properly sanitize a specially crafted web request to an affected
SharePoint server. An authenticated attacker could exploit the vulnerability by
sending a specially crafted request to an affected SharePoint server.
Microsoft Office Information Disclosure Vulnerability (CVE-2017-11939) MS Rating: Important
An
information disclosure vulnerability exists when Visual Basic macros in Office
improperly export a user's private key from the certificate store while saving a
document. An attacker can exploit this issue to gain access to the user private
key.
Cumulative Security Update for Microsoft Windows
Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885) MS Rating: Important
A
remote code execution vulnerability exists in RPC if the server has Routing and
Remote Access enabled. An attacker who successfully exploited this vulnerability
could execute code on the target system.
Microsoft Windows Security Bypass Vulnerability (CVE-2017-11899) MS Rating: Important
A
security bypass vulnerability exists when Device Guard incorrectly validates an
untrusted file. An attacker who successfully exploited this issue could make an
unsigned file appear to be signed.
Microsoft Windows Information Disclosure Vulnerability (CVE-2017-11927) MS Rating: Important
An information disclosure vulnerability exists when the Windows protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This may result in the disclosure of sensitive information to a malicious site.
Microsoft Patch Tuesday – November 2017
This month the vendor has patched 53 vulnerabilities, 19 of which are rated
Critical.
Hello, welcome to this month's blog on the Microsoft patch release. This month
the vendor has patched 53 vulnerabilities, 19 of which are rated Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the November 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Microsoft Browsers
Microsoft Office
ASP.NET
Windows Kernel
Windows Graphics Component
Windows Media Player
Microsoft Windows
The following is a breakdown of the issues being addressed this month:
Cumulative Security Update for Microsoft Browsers
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11858) MS Rating: Critical
A
remote code execution vulnerability exists in the way that Microsoft browsers
access objects in memory. The vulnerability could corrupt memory in a way that
could allow an attacker to execute arbitrary code in the context of the current
user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11862) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11836) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11837) MS Rating: Critical
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11838) MS Rating: Critical
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11839) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11841) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11843) MS Rating: Critical
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11866) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11846) MS Rating: Critical
A
remote code execution vulnerability exists in the way the scripting engine
handles objects in memory in Microsoft browsers. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11869) MS Rating: Critical
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. The vulnerability could corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11870) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11871) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873) MS Rating: Critical
A
remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Microsoft Edge. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11845) MS Rating: Critical
A
remote code execution vulnerability exists when Microsoft Edge improperly
accesses objects in memory. The vulnerability could corrupt memory in such a way
that enables an attacker to execute arbitrary code in the context of the current
user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855) MS Rating: Critical
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. The vulnerability could corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current
user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856) MS Rating: Critical
A
remote code execution vulnerability exists when Internet Explorer improperly
accesses objects in memory. The vulnerability could corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current
user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2017-11827) MS Rating: Important
A
remote code execution vulnerability exists in the way that Microsoft browsers
access objects in memory. The vulnerability could corrupt memory in a way that
could allow an attacker to execute arbitrary code in the context of the current
user.
Microsoft Edge information disclosure Vulnerability (CVE-2017-11803) MS Rating: Important
An
information disclosure vulnerability exists when Microsoft Edge improperly
handles objects in memory. An attacker who successfully exploited the
vulnerability could obtain information to further compromise the user's system.
Microsoft Edge information disclosure Vulnerability (CVE-2017-11833) MS Rating: Important
An
information disclosure vulnerability exists in the way that Microsoft Edge
handles cross-origin requests. An attacker who successfully exploited this
vulnerability could determine the origin of all webpages in the affected
browser.
Microsoft Edge information disclosure Vulnerability (CVE-2017-11844) MS Rating: Important
An
information disclosure vulnerability exists when Microsoft Edge improperly
handles objects in memory. An attacker who successfully exploited the
vulnerability could obtain information to further compromise the user's system.
Microsoft Edge security bypass Vulnerability (CVE-2017-11863) MS Rating: Important
A
security bypass vulnerability exists in Microsoft Edge when the Edge Content
Security Policy (CSP) fails to properly validate certain specially crafted
documents. An attacker who exploited the bypass could trick a user into loading
a page containing malicious content.
Microsoft Edge security bypass Vulnerability (CVE-2017-11872) MS Rating: Important
A
security bypass vulnerability exists when Microsoft Edge improperly handles
redirect requests. The vulnerability allows Microsoft Edge to bypass
Cross-Origin Resource Sharing (CORS) redirect restrictions, and to follow
redirect requests that should otherwise be ignored.
Microsoft Edge security bypass Vulnerability (CVE-2017-11874) MS Rating: Important
A
security bypass vulnerability exists in Microsoft Edge as a result of how memory
is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows
Control Flow Guard (CFG) to be bypassed. By itself, this CFG bypass
vulnerability does not allow arbitrary code execution.
Scripting Engine information disclosure Vulnerability (CVE-2017-11791) MS Rating: Important
An
information disclosure vulnerability exists when the scripting engine does not
properly handle objects in memory in Microsoft browsers. An attacker who
successfully exploited the vulnerability could obtain information to further
compromise the user's system.
Scripting Engine information disclosure Vulnerability (CVE-2017-11834) MS Rating: Important
An
information disclosure vulnerability exists when the scripting engine does not
properly handle objects in memory in Internet Explorer. An attacker who
successfully exploited the vulnerability could obtain information to further
compromise the user's system.
Internet Explorer information disclosure Vulnerability (CVE-2017-11848) MS Rating: Moderate
An
information disclosure vulnerability exists when Internet Explorer improperly
handles page content, which could allow an attacker to detect the navigation of
the user leaving a maliciously crafted page. To exploit the vulnerability, in a
web-based attack scenario, an attacker could host a specially crafted website.
Cumulative Security Update for Microsoft Office
Microsoft Word Memory Corruption Vulnerability (CVE-2017-11854) MS Rating: Important
A
remote code execution vulnerability exists in Microsoft Office software when the
software fails to properly handle objects in memory. An attacker who
successfully exploited the vulnerability could run arbitrary code in the context
of the current user.
Microsoft Excel security bypass Vulnerability (CVE-2017-11877) MS Rating: Important
A
security bypass vulnerability exists in Microsoft Office software by not
enforcing macro settings on an Excel document. The security bypass by itself
does not allow arbitrary code execution.
Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878) MS Rating: Important
A
remote code execution vulnerability exists in Microsoft Office software when the
software fails to properly handle objects in memory. An attacker who
successfully exploited the vulnerability could run arbitrary code in the context
of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882) MS Rating: Important
A
remote code execution vulnerability exists in Microsoft Office software when the
software fails to properly handle objects in memory. An attacker who
successfully exploited the vulnerability could run arbitrary code in the context
of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-11884) MS Rating: Important
A
remote code execution vulnerability exists in Microsoft Office software when the
software fails to properly handle objects in memory. An attacker who
successfully exploited the vulnerability could run arbitrary code in the context
of the current user.
Microsoft Project Server Elevation of Privilege Vulnerability (CVE-2017-11876) MS Rating: Moderate
An
elevation of privilege vulnerability exists in Microsoft Project when Microsoft
Project Server does not properly manage user sessions. For this Cross-site
Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be
authenticated to (logged on) the target site.
Cumulative Security Update for Microsoft ASP.NET
ASP.NET CORE Denial Of Service Vulnerability (CVE-2017-11770) MS Rating: Important
A
denial of service vulnerability exists when . NET Core improperly handles web
requests.
ASP.NET Core Elevation Of Privilege Vulnerability (CVE-2017-11879) MS Rating: Important
An
open redirect vulnerability exists in ASP. NET Core that could lead to Elevation
of privilege.
ASP.NET Core information disclosure Vulnerability (CVE-2017-11883) MS Rating: Important
A
denial of service vulnerability exists when ASP.NET Core improperly handles web
requests.
ASP.NET Core information disclosure Vulnerability (CVE-2017-8700) MS Rating: Moderate
An
information disclosure vulnerability exists in ASP. net Core that allows
bypassing Cross-origin Resource Sharing (CORS) configurations.
Cumulative Security Update for Microsoft Windows Kernel
Windows Kernel information disclosure Vulnerability (CVE-2017-11842) MS Rating: Important
An
information disclosure vulnerability exists when the Windows kernel fails to
properly initialize a memory address. An attacker who successfully exploited
this vulnerability could obtain information to further compromise the user's
system.
Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-11847) MS Rating: Important
An
elevation of privilege vulnerability exists when the Windows kernel fails to
properly handle objects in memory. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode.
Windows Kernel information disclosure Vulnerability (CVE-2017-11849) MS Rating: Important
An
information disclosure vulnerability exists when the Windows kernel fails to
properly initialize a memory address. An attacker who successfully exploited
this vulnerability could obtain information to further compromise the user's
system.
Windows Kernel information disclosure Vulnerability (CVE-2017-11851) MS Rating: Important
A
Win32k information disclosure vulnerability exists when the Windows GDI
component improperly discloses kernel memory addresses. An attacker who
successfully exploited the vulnerability could obtain information to further
compromise the user's system.
Windows Kernel information disclosure Vulnerability (CVE-2017-11853) MS Rating: Important
An
information disclosure vulnerability exists when the Windows kernel fails to
properly initialize a memory address. An attacker who successfully exploited
this vulnerability could obtain information to further compromise the user's
system.
Windows Kernel information disclosure Vulnerability (CVE-2017-11831) MS Rating: Important
An
information disclosure vulnerability exists when the Windows kernel fails to
properly initialize a memory address. An attacker who successfully exploited
this vulnerability could obtain information to further compromise the user's
system.
Windows Kernel information disclosure Vulnerability (CVE-2017-11880) MS Rating: Important
An
information disclosure vulnerability exists when the Windows kernel improperly
initializes objects in memory.
Cumulative Security Update for Microsoft Windows Graphics Component
Microsoft Graphics Component information disclosure Vulnerability (CVE-2017-11850) MS Rating: Important
An
information disclosure vulnerability exists when the Microsoft Windows Graphics
Component improperly handles objects in memory. An attacker who successfully
exploited the vulnerability could obtain information to further compromise the
user's system.
Windows GDI information disclosure Vulnerability (CVE-2017-11852) MS Rating: Important
A
Win32k information disclosure vulnerability exists when the Windows GDI
component improperly discloses kernel memory addresses. An attacker who
successfully exploited the vulnerability could obtain information to further
compromise the user's system.
Cumulative Security Update for Microsoft Windows Media Player
Windows Media Player information disclosure Vulnerability (CVE-2017-11768) MS Rating: Important
An
information vulnerability exists when Windows Media Player improperly discloses
file information. Successful exploitation of the vulnerability could allow the
attacker to test for the presence of files on disk.
Cumulative Security Update for Microsoft Windows
Windows EOT Font Engine information disclosure Vulnerability (CVE-2017-11832) MS Rating: Important
An
information disclosure vulnerability exists in the way that the Microsoft
Windows Embedded OpenType (EOT) font engine parses specially crafted embedded
fonts. An attacker who successfully exploited this vulnerability could
potentially read data that was not intended to be disclosed.
Windows EOT Font Engine information disclosure Vulnerability (CVE-2017-11835) MS Rating: Important
An
information disclosure vulnerability exists in the way that the Microsoft
Windows Embedded OpenType (EOT) font engine parses specially crafted embedded
fonts. An attacker who successfully exploited this vulnerability could
potentially read data that was not intended to be disclosed.
Windows Search Denial of Service Vulnerability (CVE-2017-11788) MS Rating: Important
A
denial of service vulnerability exists when Windows Search improperly handles
objects in memory. An attacker who successfully exploited the vulnerability
could cause a remote denial of service against a system.
Device Guard security bypass Vulnerability (CVE-2017-11830) MS Rating: Important
A security bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed.
Microsoft Patch Tuesday – October 2017
Hello, welcome to this month's blog on the Microsoft patch release. This month
the vendor has patched 62 vulnerabilities, 27 of which are rated Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the October 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Microsoft Graphics
Internet Explorer
Microsoft Edge
Microsoft Office
Microsoft Skype for Business
Microsoft JET Database Engine
Microsoft Windows
Chakra Core
The following is a breakdown of the issues being addressed this month:
Cumulative Security Update for Microsoft Graphics
Microsoft Graphics Remote Code Execution Vulnerability (CVE-2017-11762) MS Rating: Critical
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.
Microsoft Graphics Remote Code Execution Vulnerability (CVE-2017-11763) MS Rating: Critical
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.
Windows Graphics Component Elevation of Privilege Vulnerability (CVE-2017-11824) MS Rating: Important
A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Microsoft Graphics Information Disclosure Vulnerability (CVE-2017-8693) MS Rating: Important
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
Windows GDI Information Disclosure Vulnerability (CVE-2017-11816) MS Rating: Important
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.
Cumulative Security Update for Microsoft Browsers
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11792) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11796) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11798) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11799) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11800) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11802) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11804) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11805) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11806) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11807) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11808) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11809) MS Rating: Critical
A remote code execution vulnerability exists in the way the scripting engine handle objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11811) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11812) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-11813) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8727) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Information Disclosure Vulnerability (CVE-2017-11797) MS Rating: Critical
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11801) MS Rating: Critical
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-11821) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-11822) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Information Disclosure Vulnerability (CVE-2017-11790) MS Rating: Important
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8726) MS Rating: Important
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-11794) MS Rating: Important
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
Cumulative Security Update for Microsoft Office
Microsoft Outlook Security Feature Bypass Vulnerability (CVE-2017-11774) MS Rating: Important
A security bypass vulnerability exists when Microsoft Office improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
Microsoft Office SharePoint XSS Vulnerability (CVE-2017-11775) MS Rating: Important
A cross site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
Microsoft Outlook Information Disclosure Vulnerability (CVE-2017-11776) MS Rating: Important
An information disclosure vulnerability exists when Microsoft Outlook fails to establish a secure connection. An attacker who exploited the vulnerability could use it to obtain the email content of a user.
Microsoft Office SharePoint XSS Vulnerability (CVE-2017-11777) MS Rating: Important
A cross site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
Microsoft Office SharePoint XSS Vulnerability (CVE-2017-11820) MS Rating: Important
A cross site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-11825) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Cumulative Security Update for Microsoft Skype for Business
Skype for Business Elevation of Privilege Vulnerability (CVE-2017-11786) MS Rating: Important
A privilege escalation vulnerability exists when Skype for Business fails to properly handle specific authentication requests.
Cumulative Security Update for Microsoft JET Database Engine
Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8717) MS Rating: Important
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system.
Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718) MS Rating: Important
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system.
Cumulative Security Update for Microsoft Windows
Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779) MS Rating: Critical
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI. dll when it fails to properly handle DNS responses.
Windows Search Remote Code Execution Vulnerability (CVE-2017-11771) MS Rating: Critical
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Shell Remote Code Execution Vulnerability (CVE-2017-11819) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user
Windows Kernel Information Disclosure Vulnerability (CVE-2017-11765) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
TRIE Remote Code Execution Vulnerability (CVE-2017-11769) MS Rating: Important
A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Search Information Disclosure Vulnerability (CVE-2017-11772) MS Rating: Important
An information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
Windows SMB Remote Code Execution Vulnerability (CVE-2017-11780) MS Rating: Important
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1. 0 (SMBv1) server handles certain requests.
Windows SMB Denial of Service Vulnerability (CVE-2017-11781) MS Rating: Important
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash.
Windows SMB Elevation of Privilege Vulnerability (CVE-2017-11782) MS Rating: Important
A privilege escalation vulnerability exists in the default Windows SMB Server configuration which allows anonymous users to remotely access certain named pipes that are also configured to allow anonymous access to users who are logged on locally. An unauthenticated attacker who successfully exploits this configuration error could remotely send specially crafted requests to certain services that accept requests via named pipes.
Windows Elevation of Privilege Vulnerability (CVE-2017-11783) MS Rating: Important
A privilege escalation vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-11784) MS Rating: Important
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-11785) MS Rating: Important
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-11814) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Information Disclosure Vulnerability (CVE-2017-11817) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application.
Windows Storage Security Feature Bypass Vulnerability (CVE-2017-11818) MS Rating: Important
An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level.
Microsoft Windows Security Feature Bypass (CVE-2017-11823) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (CVE-2017-8689) MS Rating: Important
A privilege escalation vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (CVE-2017-8694) MS Rating: Important
A privilege escalation vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Windows Subsystem for Linux Denial of Service Vulnerability (CVE-2017-8703) MS Rating: Important
A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against the local system.
Windows Security Feature Bypass Vulnerability (CVE-2017-8715) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Windows SMB Information Disclosure Vulnerability (CVE-2017-11815) MS Rating: Important
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server.
Windows Update Delivery Optimization Elevation of Privilege Vulnerability (CVE-2017-11829) MS Rating: Important
A privilege escalation vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions.
Microsoft Patch Tuesday – August 2017
This month Microsoft has patched 48 vulnerabilities, 26 of which are rated
Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the August 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Microsoft Internet Explorer and Edge
Microsoft Office
Windows Kernel
Windows Hyper-V
Microsoft Windows
The following is a breakdown of the issues being addressed this month:
Cumulative Security Update for Microsoft Internet Explorer and Edge
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8634) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8635) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8636) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8638) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8639) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8640) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8641) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8645) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8646) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8647) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8653) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8655) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8656) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8657) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8651) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8661) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8669) MS Rating: Critical
A remote code execution vulnerability exists in the way scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8670) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8672) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge privilege escalation Vulnerability (CVE-2017-8503) MS Rating: Important
A privilege escalation vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this issue could gain elevated privileges and break out of the Edge AppContainer sandbox.
Internet Explorer Security Bypass Vulnerability (CVE-2017-8625) MS Rating: Important
A security bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. An attacker can exploit this issue to bypass Device Guard UCMI policies.
Scripting Engine security bypass Vulnerability (CVE-2017-8637) MS Rating: Important
A security bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Arbitrary Code Guard (ACG) to be bypassed. By itself, this ACG bypass vulnerability does not allow arbitrary code execution.
Microsoft Edge privilege escalation Vulnerability (CVE-2017-8642) MS Rating: Important
A privilege escalation vulnerability exists when Microsoft Edge does not properly validate JavaScript under specific conditions, potentially allowing script to run with elevated privileges.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8644) MS Rating: Important
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.
Microsoft Edge security bypass Vulnerability (CVE-2017-8650) MS Rating: Moderate
A security bypass vulnerability exists when Microsoft Edge does not properly enforce same-origin policies. This may allow an attacker to access information from origins outside the current one.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8652) MS Rating: Important
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.
Scripting Engine Information Disclosure Vulnerability (CVE-2017-8659) MS Rating: Important
An information disclosure vulnerability exists when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8662) MS Rating: Important
An information disclosure vulnerability for Microsoft Edge exists as a result of how strings are validated in specific scenarios. This may allow an attacker to read sensitive data from memory and thereby potentially bypass Address Space Layout Randomization (ASLR).
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8674) MS Rating: Important
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Cumulative Security Update for Microsoft Office
Microsoft Office SharePoint Cross Site Scripting Vulnerability (CVE-2017-8654) MS Rating: Important
A cross site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
Cumulative Security Update for Windows Kernel
Win32k privilege escalation Vulnerability (CVE-2017-8593) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Information Disclosure Vulnerability (CVE-2017-8666) MS Rating: Important
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.
Cumulative Security Update for Microsoft Hyper-V Component
Windows Hyper-V Denial of Service Vulnerability (CVE-2017-8623) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the issue could cause the host server to crash.
Hyper-V Remote Code Execution Vulnerability (CVE-2017-8664) MS Rating: Important
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
Cumulative Security Update for Microsoft Windows
Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-0250) MS Rating: Critical
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this issue could take complete control of an affected system.
Windows PDF Remote Code Execution Vulnerability (CVE-2017-0293) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.
Windows IME Remote Code Execution Vulnerability (CVE-2017-8591) MS Rating: Critical
A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class.
Windows Search Remote Code Execution Vulnerability (CVE-2017-8620) MS Rating: Critical
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this issue could take control of the affected system.
Windows Subsystem for Linux privilege escalation Vulnerability (CVE-2017-8622) MS Rating: Critical
A privilege escalation vulnerability exists in the way that the Windows Subsystem for Linux handles NT pipes. An attacker who successfully exploited the issue could execute code with elevated permissions.
Windows NetBIOS Denial of Service Vulnerability (CVE-2017-0174)MS Rating: Important
A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this issue could cause a target computer to become completely unresponsive.
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability (CVE-2017-8516) MS Rating: Important
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.
Windows CLFS privilege escalation Vulnerability (CVE-2017-8624) MS Rating: Important
A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects inmemory.
Windows Subsystem for Linux Denial of Service Vulnerability (CVE-2017-8627) MS Rating: Important
A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this issue could cause a denial of service against the local system.
Windows Error Reporting privilege escalation Vulnerability (CVE-2017-8633) MS Rating: Important
A privilege escalation vulnerability exists in Windows Error Reporting (WER). The vulnerability could allow privilege escalation if successfully exploited by an attacker.
Volume Manager Extension Driver Information Disclosure Vulnerability (CVE-2017-8668) MS Rating: Important
An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the issue could obtain information to further compromise the user�s system.
Windows Remote Desktop Protocol Denial of Service Vulnerability (CVE-2017-8673) MS Rating: Important
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this issue could cause the RDP service on the target system to stop responding.
Express Compressed Fonts Remote Code Execution Vulnerability (CVE-2017-8691) MS Rating: Important
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits exploited this vulnerability would gain code execution on the target system.
Microsoft Patch Tuesday – July 2017
This month Microsoft has patched 54 vulnerabilities, 19 of which are rated
Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the July 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Microsoft Internet Explorer and Edge
Microsoft Office
Microsoft Exchange Server
Windows Kernel
Windows Graphics Component
Microsoft Windows
Windows PowerShell
WordPad
Kerberos
.NET Framework
HoloLens
The following is a breakdown of the issues being addressed this month:
Cumulative Security Update for Microsoft Internet Explorer and Edge
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Remote Code Execution Vulnerability (CVE-2017-8618) MS Rating: Critical
A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
Internet Explorer Security Feature Bypass (CVE-2017-8592) MS Rating: Important
An security feature bypass vulnerability exists when Microsoft Browsers improperly handle redirect requests. This vulnerability allows Microsoft Browsers to bypass CORS redirect restrictions and to follow redirect requests that should otherwise be ignored.
Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8617) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8599) MS Rating: Important
A security feature bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker could use this vulnerability to trick a user into loading a page with malicious content.
Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8619) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Spoofing Vulnerability (CVE-2017-8611) MS Rating: Moderate
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8605) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8595) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8596) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8603) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8604) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8606) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8607) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8608) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8609) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8610) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8598) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Spoofing Vulnerability (CVE-2017-8602) MS Rating: Important
A spoofing vulnerability exists when an affected Microsoft browser does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.
Cumulative Security Update for Microsoft Office
Microsoft Office Memory Corruption Vulnerability (CVE-2017-8501) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-8502) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0243) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.
SharePoint Server XSS Vulnerability (CVE-2017-8569) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
Office Remote Code Execution Vulnerability (CVE-2017-8570) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.
Cumulative Security Update for Microsoft Exchange Server
Microsoft Exchange Cross-Site Scripting Vulnerability (CVE-2017-8559) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
Microsoft Exchange Cross-Site Scripting Vulnerability (CVE-2017-8560) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
Microsoft Exchange Open Redirect Vulnerability (CVE-2017-8560) MS Rating: Moderate
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
Cumulative Security Update for Windows Kernel
Win32k Elevation of Privilege Vulnerability (CVE-2017-8467) MS Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Win32k Information Disclosure Vulnerability (CVE-2017-8486) MS Rating: Important
An information disclosure vulnerability exists in Microsoft Windows when Win32k fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
Win32k Elevation of Privilege Vulnerability (CVE-2017-8577) MS Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-8578) MS Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-8580) MS Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-8581) MS Rating: Important
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-8561) MS Rating: Important
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8564) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process.
Cumulative Security Update for Microsoft Graphics Component
Microsoft Graphics Component Elevation of Privilege Vulnerability (CVE-2017-8573) MS Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Microsoft Graphics Component Elevation of Privilege Vulnerability (CVE-2017-8574) MS Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Microsoft Graphics Component Elevation of Privilege Vulnerability (CVE-2017-8556) MS Rating: Important
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Cumulative Security Update for Microsoft Windows
Windows Performance Monitor Information Disclosure Vulnerability (CVE-2017-0170) MS Rating: Moderate
An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.
Windows Explorer Remote Code Execution Vulnerability (CVE-2017-8463) MS Rating: Critical
An Remote Code Execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user.
Windows System Information Console Information Disclosure Vulnerability (CVE-2017-8557) MS Rating: Important
An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.
Windows ALPC Elevation of Privilege Vulnerability (CVE-2017-8562) MS Rating: Important
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.
Windows Elevation of Privilege Vulnerability (CVE-2017-8563) MS Rating: Important
An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a domain controller.
Windows IME Elevation of Privilege Vulnerability (CVE-2017-8566) MS Rating: Important
An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled.
Windows Explorer Denial of Service Vulnerability (CVE-2017-8587) MS Rating: Important
A Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file. An attacker who successfully exploited this vulnerability could cause a denial of service.
Windows Search Remote Code Execution Vulnerability (CVE-2017-8589) MS Rating: Critical
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows CLFS Elevation of Privilege Vulnerability (CVE-2017-8590) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system.
Https.sys Information Disclosure Vulnerability (CVE-2017-8582) MS Rating: Important
An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memoryAn attacker who successfully exploited this vulnerability could obtain information to further compromise the HTTP.sys server application system.
Security Update for Windows PowerShell
Windows PowerShell Remote Code Execution Vulnerability (CVE-2017-8565) MS Rating: Important
A remote code execution vulnerability exists in PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.
Security Update for Windows WordPad
WordPad Remote Code Execution Vulnerability (CVE-2017-8588) MS Rating: Important
A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad.
Security Update for Kerberos
Kerberos SNAME Security Feature Bypass Vulnerability (CVE-2017-8495) MS Rating: Important
A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. An attacker who successfully exploited this vulnerability could use it to bypass Extended Protection for Authentication.
Security Update for .NET Framework
.NET Denial of Service Vulnerability (CVE-2017-8585) MS Rating: Important
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET application.
Cumulative Security Update for HoloLens
Hololens Remote Code Execution Vulnerability (CVE-2017-8584) MS Rating: Critical
A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system.
Microsoft Patch Tuesday – June 2017
Hello, welcome to this month's blog on the Microsoft patch release. This month
the vendor has patched 94 vulnerabilities, 18 of which are rated Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the June 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Microsoft Internet Explorer
Microsoft Edge
Microsoft Office
Microsoft Hyper-V
Microsoft Uniscribe
Windows Graphics
Microsoft Windows
The following is a breakdown of the issues being addressed this month:
Cumulative Security Update for Microsoft Internet Explorer and Edge
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8496) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8497) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8517) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8520) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory.This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8522) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8548) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Remote Code Execution Vulnerability (CVE-2017-8549) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8499) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8519) MS Rating: Important
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8521) MS Rating: Important
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8523) MS Rating: Important
A security bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker can exploit this issue to trick a user into loading a page with malicious content.
Microsoft Browser Information Disclosure Vulnerability (CVE-2017-8529) MS Rating: Important
An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8530) MS Rating: Important
A security bypass vulnerability that affects Microsoft Edge.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8547) MS Rating: Important
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8555) MS Rating: Important
A security bypass vulnerability exists when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker can exploit this issue to trick a user into loading a web page with malicious content.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8498) MS Rating: Moderate
An information disclosure vulnerability exists in Microsoft Edge that allows JavaScript XML DOM objects to detect installed browser extensions. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a malicious website in an attempt to make a user visit it.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8504) MS Rating: Low
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request.
Cumulative Security Update for Microsoft Office
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0260) MS Rating: Important
A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8506) MS Rating: Important
A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-8507) MS Rating: Important
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Office Security Feature Bypass Vulnerability (CVE-2017-8508) MS Rating: Important
A security bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats. The security bypass by itself does not allow arbitrary code execution.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8510) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
MicrosoftOffice Remote Code Execution Vulnerability (CVE-2017-8511) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8512) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8513) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
Microsoft SharePoint Reflective XSS Vulnerability (CVE-2017-8514) MS Rating: Important
A cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server.
Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2017-8545) MS Rating: Important
A spoofing vulnerability exists when Microsoft Outlook for Mac does not sanitize html or treat it in a safe manner. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials.
Microsoft SharePoint XSS vulnerability (CVE-2017-8551) MS Rating: Important
A privilege escalation vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. Successful exploits may allow an attacker to perform cross-site scripting attacks.
Cumulative Security Update for Microsoft Windows Hyper-V
Hypervisor Code Integrity Elevation of Privilege Vulnerability (CVE-2017-0193) MS Rating: Important
A privilege escalation vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this issue could gain elevated privileges on a target guest operating system.
Cumulative Security Update for Skype for Business
Skype for Business Remote Code Execution Vulnerability (CVE-2017-8550) MS Rating: Critical
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync Servers fail to properly sanitize specially crafted content. An authenticated attacker who successfully exploited this issue could execute HTML and JavaScript content in the Skype for Business or Lync context.
Cumulative Security Update for Microsoft Windows Uniscribe
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8527) MS Rating: Critical
A remote code execution vulnerability exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this issue could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8528) MS Rating: Critical
A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this issue could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0283) MS Rating: Critical
A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker can exploit this issue could take control of the affected system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0282) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0284) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-8534) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.
Cumulative Security Update for Microsoft Windows Graphics
Windows Graphics Information Disclosure Vulnerability (CVE-2017-0286) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the user�s system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-0287) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the user�s system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-0288) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the user�s system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-0289) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the user�s system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-8531) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the user�s system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-8532) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the user�s system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-8533) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the user�s system.
Cumulative Security Update for Microsoft Windows Kernel-Mode Drivers
Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-0297) MS Rating: Important
A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited this issue could execute code with elevated permissions.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0299) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0300) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8462) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.
Win32k Elevation of Privilege Vulnerability (CVE-2017-8465) MS Rating: Important
A privilege escalation vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could run processes in an elevated context.
Win32k Elevation of Privilege Vulnerability (CVE-2017-8468) MS Rating: Important
A privilege escalation vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could run processes in an elevated context.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8469) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8470) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8471) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8472) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8473) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8474) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8475) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8476) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8477) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8478) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8479) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8480) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8481) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8482) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8483) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8484) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8485) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8488) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8489) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8490) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8491) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8492) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Cumulative Security Update for Microsoft Windows
LNK Remote Code Execution Vulnerability (CVE-2017-8464) MS Rating: Critical
A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this issue could gain the same user rights as the local user.
Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted PDF file. An attacker who successfully exploited this issue could cause arbitrary code to execute in the context of the current user.
Windows PDF Remote Code Execution Vulnerability (CVE-2017-0292) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted PDF file. An attacker who successfully exploited this issue could cause arbitrary code to execute in the context of the current user.
Windows Remote Code Execution Vulnerability (CVE-2017-0294) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files. To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.
Windows Search Remote Code Execution Vulnerability (CVE-2017-8543) MS Rating: Critical
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this issue could take control of the affected system.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0173) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0215) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0216) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0218) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0219) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Windows Default Folder Tampering Vulnerability (CVE-2017-0295) MS Rating: Important
A tampering vulnerability exists in Microsoft Windows that could allow an authenticated attacker to modify the folder structure. An attacker who successfully exploited this issue could potentially modify files and folders that are synchronized the first time when a user logs in locally to the computer.
Windows TDX Elevation of Privilege Vulnerability (CVE-2017-0296) MS Rating: Important
A privilege escalation vulnerability exists when tdx. sys fails to check the length of a buffer prior to copying memory to it.
Windows COM Session Elevation of Privilege Vulnerability (CVE-2017-0298) MS Rating: Important
A privilege escalation exists in Windows when a DCOM object in Helppane. exe, configured to run as the interactive user, fails to properly authenticate the client.
Windows PDF Information Disclosure Vulnerability (CVE-2017-8460) MS Rating: Important
An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted PDF file. An attacker who successfully exploited this issue could read information in the context of the current user.
Windows Cursor Elevation of Privilege Vulnerability (CVE-2017-8466) MS Rating: Important
A privilege escalation vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this issue could run processes in an elevated context.
Windows Security Feature Bypass Vulnerability (CVE-2017-8493) MS Rating: Important
A security bypass vulnerability exists when Microsoft Windows fails to enforce case sensitivity for certain variable checks, which could allow an attacker to set variables that are either read-only or require authentication.
Windows Elevation of Privilege Vulnerability (CVE-2017-8494) MS Rating: Important
A privilege escalation vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.
Windows VAD Cloning Denial of Service Vulnerability (CVE-2017-8515) MS Rating: Important
A denial of service vulnerability exists in Microsoft Windows when an unauthenticated attacker sends a specially crafted kernel mode request. An attacker who successfully exploited this issue could cause a denial of service on the target system, causing the machine to either stop responding or reboot.
Windows Search Information Disclosure Vulnerability (CVE-2017-8544) MS Rating: Important
An information disclosure vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.
GDI Information Disclosure Vulnerablity (CVE-2017-8553) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user�s system.
Microsoft Patch Tuesday – May 2017
Hello, welcome to this month's blog on the Microsoft patch release. This month
the vendor has patched 56 vulnerabilities, 17 of which are rated Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the May 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Microsoft Internet Explorer
Microsoft Edge
Microsoft Office
Microsoft .NET Framework
Microsoft Hyper-V
Microsoft Windows SMB
Microsoft Windows
The following is a breakdown of the issues being addressed this month:
Cumulative Security Update for Microsoft Internet Explorer and Edge
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0226) MS Rating: Important
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer, and then convince a user to view the website.
Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-0064) MS Rating: Important
A security feature bypass vulnerability exists when Internet Explorer handles files from the Internet zone. In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-0222) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221) MS Rating: Critical
A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker could host a specially crafted website through Microsoft Edge, and then convince a user to view the website.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0240) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0224) MS Rating: Critical
A remote code execution vulnerability exists in the way the Chakra JavaScript engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website.
Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0229) MS Rating: Moderate
A remote code execution vulnerability exists in the way the Chakra JavaScript engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0230) MS Rating: Important
A remote code execution vulnerability exists in the way the Chakra JavaScript engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0234) MS Rating: Critical
A remote code execution vulnerability exists in the way the Chakra JavaScript engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0235) MS Rating: Critical
A remote code execution vulnerability exists in the way the Chakra JavaScript engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website.
Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript and VBScript engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0227) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-0266) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Microsoft Edge Elevation of Privilege Vulnerability (CVE-2017-0241) MS Rating: Important
A vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. To exploit the vulnerability, an attacker would have to convince a user to browse to a maliciously created webpage.
Microsoft Edge Elevation of Privilege Vulnerability (CVE-2017-0233) MS Rating: Important
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited the vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0228) MS Rating: Critical
A remote code execution vulnerability exists in the way the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0238) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript scripting engines handle objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the Edge rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
Microsoft Browser Spoofing Vulnerability (CVE-2017-0231) MS Rating: Important
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could then either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it. In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or Instant Messenger message, and then convince the user to interact with content on the website.
Cumulative Security Update for Microsoft Office
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0281) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then, for example, take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0254) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0261) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker could exploit the vulnerability by constructing a specially crafted EPS file that could allow remote code execution. An attacker who successfully exploited this vulnerability could take control of the affected system. This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker could host a specially crafted website containing an Office file that is designed to exploit the vulnerability, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email. If Word is the selected email reader, which is the default setting, then an attacker could leverage Outlook for an email-based attack by sending a specially crafted file, containing an EPS image binary, to the targeted user. In this scenario this attack vector requires minimal user action (as in viewing a specially crafted email through the preview pane in Outlook) to be exploited. Workstations and terminal servers that have Microsoft Office installed are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs.
Microsoft SharePoint XSS Vulnerability (CVE-2017-0255) MS Rating: Important
An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker could exploit the vulnerability by constructing a specially crafted EPS file that could allow remote code execution. An attacker who successfully exploited this vulnerability could take control of the affected system. This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker could host a specially crafted website containing an Office file that is designed to exploit the vulnerability, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email. If Word is the selected email reader, which is the default setting, then an attacker could leverage Outlook for an email-based attack by sending a specially crafted file, containing an EPS image binary, to the targeted user. In this scenario this attack vector requires minimal user action (as in viewing a specially crafted email through the preview pane in Outlook) to be exploited. Workstations and terminal servers that have Microsoft Office installed are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0265) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0264) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
Cumulative Security Update for Microsoft .NET Framework
.Net Security Feature Bypass Vulnerability (CVE-2017-0248) MS Rating: Important
A Security Feature Bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings.
Cumulative Security Update for Microsoft Windows Hyper-V
Windows Hyper-V vSMB Elevation of Privilege Vulnerability (CVE-2017-0212) MS Rating: Important
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.
Cumulative Security Update for Microsoft Windows SMB
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0272) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0277) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0278) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0279) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0267) MS Rating: Important
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0268) MS Rating: Important
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0270) MS Rating: Important
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0271) MS Rating: Important
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0274) MS Rating: Important
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0275) MS Rating: Important
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0276) MS Rating: Important
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0269) MS Rating: Important
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
Windows SMB Denial of Service Vulnerability (CVE-2017-0273) MS Rating: Important
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0280) MS Rating: Important
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
Cumulative Security Update for Microsoft Windows
Win32k Elevation of Privilege Vulnerability (CVE-2017-0246) MS Rating: Important
An elevation of privilege vulnerability exists when Windows improperly handlesobjects in memory. An attacker who successfully exploited this vulnerabilitycould run processes in an elevated context. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability can lead to denial of service. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.
Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-0244) MS Rating: Important
An elevation of privilege vulnerability exists in the way that the Windows Kernelhandles objects in memory. An attacker who successfully exploited thevulnerability could execute code with elevated permissions. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability can lead to denial of service. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0175) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. An authenticated attacker could exploit this vulnerability by running a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0220) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. An authenticated attacker could exploit this vulnerability by running a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0258) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. An authenticated attacker could exploit this vulnerability by running a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0259) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. An authenticated attacker could exploit this vulnerability by running a specially crafted application.
Dxgkrnl.sys Elevation of Privilege Vulnerability (CVE-2017-0077) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Win32k Information Disclosure Vulnerability (CVE-2017-0245) MS Rating: Important
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0263) MS Rating: Important
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
Windows DNS Server Denial of Service Vulnerability (CVE-2017-0171) MS Rating: Important
A denial of service vulnerability exists in Windows DNS Server if the server is configured to answer version queries. An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive. An attacker could exploit this vulnerability by sending malicious DNS queries, resulting in denial of service.
Windows COM Elevation of Privilege Vulnerability (CVE-2017-0213) MS Rating: Important
An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.
Windows COM Elevation of Privilege Vulnerability (CVE-2017-0214) MS Rating: Important
An elevation of privilege vulnerability exists when Windows fails to properly validate input before loading type libraries. An attacker could use this vulnerability to elevate their privilege level. To exploit this vulnerability an attacker would first need to have access to the local system and have the ability to execute a malicious application.
Windows GDI Information Disclosure Vulnerability (CVE-2017-0190) MS Rating: Important
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
Microsoft ActiveX Information Disclosure Vulnerability (CVE-2017-0242) MS Rating: Important
An information disclosure vulnerability exists in the way some ActiveX objects are instantiated. An attacker who successfully exploited this vulnerability could gain access to protected memory contents. To exploit this vulnerability, an attacker would need to convince a user to open a malicious document that could then instantiate the vulnerable object.
Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-0290) MS Rating: Critical
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
Microsoft Patch Tuesday – April 2017
Hello, welcome to this month's blog on the Microsoft patch release. This month
the vendor has patched 44 vulnerabilities, 13 of which are rated Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the April 2017 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Microsoft .NET Framework
Microsoft Hyper-V
Microsoft Internet Explorer
Microsoft Edge
Microsoft Office
Visual Studio for Mac
Microsoft Graphics Component
Microsoft Windows Active Directory
Microsoft Windows
The following is a breakdown of the issues being addressed this month:
Cumulative Security Update for Microsoft .NET Framework
.NET Remote Code Execution Vulnerability (CVE-2017-0160) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this issue could take control of an affected system.
Cumulative Security Update for Microsoft Windows Hyper-V
Hyper-V Remote Code Execution Vulnerability (CVE-2017-0162) MS Rating: Critical
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.
Hyper-V Remote Code Execution Vulnerability (CVE-2017-0163) MS Rating: Critical
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.
Windows Remote Code Execution Vulnerability (CVE-2017-0180) MS Rating: Critical
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.
Windows Remote Code Execution Vulnerability (CVE-2017-0181) MS Rating: Critical
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0178) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0179) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0182) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0183) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0184) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0185) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0186) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
Hyper-V Information Disclosure Vulnerability (CVE-2017-0168) MS Rating: Important
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.
Hyper-V Information Disclosure Vulnerability (CVE-2017-0169) MS Rating: Important
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.
Cumulative Security Update for Microsoft Internet Explorer
Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Browsers improperly access objects in memory. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0210) MS Rating: Important
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. This may allow an attacker to access information from one domain and inject it into another domain.
Cumulative Security Update for Microsoft Edge
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0093) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0200) MS Rating: Critical
A remote code execution vulnerability exists in the way the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This issue may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208) MS Rating: Important
An information disclosure vulnerability exists when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user’s system.
Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0203) MS Rating: Moderate
A security bypass vulnerability exists when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content.
Cumulative Security Update for Microsoft Office
Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0106) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0199) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194) MS Rating: Important
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited this issue could use the information to compromise the user computer or data.
Microsoft Office Security Feature Bypass Vulnerability (CVE-2017-0204) MS Rating: Important
A security bypass vulnerability exists in Microsoft Office software when the Office software improperly handles the parsing of file formats.
Microsoft Office XSS Elevation of Privilege Vulnerability (CVE-2017-0195) MS Rating: Important
A privilege escalation vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this issue by sending a specially crafted request to an affected Office Web Apps server.
Office DLL Loading Vulnerability (CVE-2017-0197) MS Rating: Important
A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Office Spoofing Vulnerability (CVE-2017-0207) MS Rating: Moderate
A spoofing vulnerability exists in when Microsoft Outlook for Mac improperly validates HTML tag input. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials.
Cumulative Security Update for Microsoft Windows Graphics
Windows Graphics Elevation of Privilege Vulnerability (CVE-2017-0155) MS Rating: Important
A privilege escalation vulnerability exists when Microsoft Graphics fails to properly sanitize handles in memory. An attacker who successfully exploited this issue could run arbitrary code as System.
Windows Graphics Component Elevation of Privilege Vulnerability (CVE-2017-0156) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Cumulative Security Update for Microsoft Windows Active Directory
Active Directory Denial of Service Vulnerability (CVE-2017-0164) MS Rating: Important
A denial of service vulnerability exists in Active Directory when an authenticated attacker creates multiple machine accounts. An attacker who successfully exploited this issue could cause the Active Directory service to become nonresponsive.
ADFS Security Feature Bypass Vulnerability (CVE-2017-0159) MS Rating: Important
A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests.
Cumulative Security Update for Microsoft Windows
ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192) MS Rating: Important
An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) because it fails to properly handle objects in memory. An attacker who successfully exploits this issue could obtain information to further compromise the user system.
LDAP Elevation of Privilege Vulnerability (CVE-2017-0166) MS Rating: Important
A privilege escalation vulnerability exists when LDAP request buffer lengths are improperly calculated. An attacker can exploit this issue by running a specially crafted application to send malicious traffic to a Domain Controller.
libjpeg Information Disclosure Vulnerability (CVE-2013-6629) MS Rating: Important
An information disclosure vulnerability exists when the open-source libjpeg image-processing library fails to properly handle objects in memory. An attacker can exploit this issue to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0189) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Information Disclosure Vulnerability (CVE-2017-0058) MS Rating: Important
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited this issue could obtain information to further compromise the user system.
Win32k Information Disclosure Vulnerability (CVE-2017-0188) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Windows Denial of Service Vulnerability (CVE-2017-0191) MS Rating: Important
A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited this issue could cause a target system to stop responding.
Windows Elevation of Privilege Vulnerability (CVE-2017-0165) MS Rating: Important
A privilege escalation vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited this issue could run arbitrary code as System.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0167) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the user system.
Windows OLE Elevation of Privilege Vulnerability (CVE-2017-0211) MS Rating: Important
A privilege escalation vulnerability exists in Microsoft Windows OLE when it fails an integrity-level check. An attacker who successfully exploited this issue could allow an application with limited privileges on an affected system to execute code at a medium integrity level.
Microsoft Patch Tuesday – March 2017
Hello, welcome to this month's blog on the Microsoft patch release. This month
the vendor is releasing 18 bulletins, nine of which are rated Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the March 2017 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms17-mar
The following is a breakdown of the issues being addressed this month:
MS17-006 Cumulative Security Update for Internet Explorer (4013073) MS Rating: Critical
Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008) MS Rating: Important
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.
Microsoft Browser Information Disclosure Vulnerability (CVE-2017-0009) MS Rating: Important
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.
Microsoft Browser Spoofing Vulnerability (CVE-2017-0012) MS Rating: Important
A spoofing vulnerability exists because it fails to properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-0018) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Browsers improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Spoofing Vulnerability (CVE-2017-0033) MS Rating: Important
A spoofing vulnerability exists because it fails to properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
Microsoft Browser Memory Corruption Vulnerability (CVE-2017-0037) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Browsers improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0040) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Information Disclosure Vulnerability (CVE-2017-0049) MS Rating: Important
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.
Scripting Engine Information Disclosure Vulnerability (CVE-2017-0059) MS Rating: Critical
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0130) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0149) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Browsers improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154) MS Rating: Critical
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. The update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Internet Explorer.
MS17-007 Security Update for Microsoft Edge (4013071) MS Rating: Critical
Microsoft Browser Information Disclosure Vulnerability (CVE-2017-0009) MS Rating: Important
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise a target system.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0011) MS Rating: Important
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise a target system.
Microsoft Browser Spoofing Vulnerability (CVE-2017-0012) MS Rating: Important
A spoofing vulnerability exists because it fails to properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0015) MS Rating: Criticalt
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0017) MS Rating: Important
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise a target system.
Microsoft PDF Memory Corruption Vulnerability (CVE-2017-0023) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0032) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Spoofing Vulnerability (CVE-2017-0033) MS Rating: Important
A spoofing vulnerability exists because it fails to properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0034) MS Rating: Criticalt
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0035) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2017-0037) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Information Disclosure Vulnerability (CVE-2017-0065) MS Rating: Important
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise a target system.
Microsoft Browser Security Feature Bypass Vulnerability (CVE-2017-0066) MS Rating: Important
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0067) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Information Disclosure Vulnerability (CVE-2017-0068) MS Rating: Important
An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise a target system.
Microsoft Edge Spoofing Vulnerability (CVE-2017-0069) MS Rating: Important
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0131) MS Rating: Important
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0132) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0133) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0134) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Security Feature Bypass (CVE-2017-0135) MS Rating: Moderate
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0136) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0137) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0138) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Security Feature Bypass (CVE-2017-0140) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0150) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-0151) MS Rating: Critical
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
MS17-008 Security Update for Windows Hyper-V (4013082) MS Rating: Critical
Hyper-V vSMB Remote Code Execution Vulnerability (CVE-2017-0021) MS Rating: Critical
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate virtual Server Message Block (vSMB) packet data. An attacker who successfully exploited this vulnerability could execute arbitrary code on a target operating system.
Microsoft Hyper-V Network Switch Denial of Service Vulnerability (CVE-2017-0051) MS Rating: Important
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0074) MS Rating: Important
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate virtual Server Message Block (vSMB) packet data. An attacker who successfully exploited this vulnerability could execute arbitrary code on a target operating system.
Hyper-V Remote Code Execution Vulnerability (CVE-2017-0075) MS Rating: Critical
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.
Hyper-V Denial of Service Vulnerability (CVE-2017-0076) MS Rating: Important
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate virtual Server Message Block (vSMB) packet data. An attacker who successfully exploited this vulnerability could execute arbitrary code on a target operating system.
Hyper-V Memory Corruption Vulnerability (CVE-2017-0095) MS Rating: Important
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate virtual Server Message Block (vSMB) packet data. An attacker who successfully exploited this vulnerability could execute arbitrary code on a target operating system.
Hyper-V Information Disclosure Vulnerability (CVE-2017-0096) MS Rating: Important
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. Customers who have not enabled the Hyper-V role are not affected.
Hyper-V Denial of Service Vulnerability (CVE-2017-0097) MS Rating: Important
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate the virtual Server Message Block (vSMB) packet data. An attacker who successfully exploited this vulnerability could execute arbitrary code on a target operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0098) MS Rating: Important
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate the virtual Server Message Block (vSMB) packet data. An attacker who successfully exploited this vulnerability could execute arbitrary code on a target operating system.
Hyper-V Denial of Service Vulnerability (CVE-2017-0099) MS Rating: Important
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate the virtual Server Message Block (vSMB) packet data. An attacker who successfully exploited this vulnerability could execute arbitrary code on a target operating system.
Hyper-V Memory Corruption Vulnerability (CVE-2017-0109) MS Rating: Critical
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate the virtual Server Message Block (vSMB) packet data. An attacker who successfully exploited this vulnerability could execute arbitrary code on a target operating system.
MS17-009 Security Update for Microsoft Windows PDF Library (4010319) MS Rating: Critical
Microsoft PDF Memory Corruption Vulnerability (CVE-2017-0023) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.
MS17-010 Security Update for Windows SMB Server (4013389) MS Rating: Critical
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0143) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) service handles certain requests. An attacker who successfully exploited this vulnerability could execute code on the target server.
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0144) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) service handles certain requests. An attacker who successfully exploited this vulnerability could execute code on the target server.
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) service handles certain requests. An attacker who successfully exploited this vulnerability could execute code on the target server.
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0146) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) service handles certain requests. An attacker who successfully exploited this vulnerability could execute code on the target server.
Windows SMB Information Disclosure Vulnerability (CVE-2017-0147) MS Rating: Important
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) service handles certain requests. An attacker who successfully exploited this vulnerability could run arbitrary code that could lead to an information disclosure.
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) service handles certain requests. An attacker who successfully exploited this vulnerability could execute code on the target server.
MS17-011 Security Update for Microsoft Uniscribe (4013076) MS Rating: Critical
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0072) MS Rating: Critical
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0083) MS Rating: Critical
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084) MS Rating: Critical
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0086) MS Rating: Critical
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0087) MS Rating: Critical
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0088) MS Rating: Critical
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0089) MS Rating: Critical
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0090) MS Rating: Critical
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0091) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0092) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0111) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0112) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0113) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0114) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0115) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0116) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0117) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0118) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0119) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0120) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0121) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0122) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0123) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0124) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0125) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0126) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0127) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0128) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
MS17-012 Security Update for Microsoft Windows (4013078) MS Rating: Critical
Device Guard Security Feature Bypass Vulnerability (CVE-2017-0007) MS Rating: Important
A security bypass vulnerability exists when Device Guard does not properly validate certain elements of a signed PowerShell script. An attacker who successfully exploited this vulnerability could modify the contents of a PowerShell script without invalidating the signature associated with the file.
SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016) MS Rating: Important
A denial of service vulnerability exists in implementations of the Microsoft Server Message Block 2.0 and 3.0 (SMBv2 & SMBv3) client. The vulnerability is due to improper handling of certain requests sent by a malicious SMB server to the client.
Windows DLL Loading Remote Code Execution Vulnerability (CVE-2017-0039) MS Rating: Important
A remote code execution vulnerability exists when Microsoft Windows fails to properly validate input before loading certain dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take control of an affected system.
Windows DNS Query Information Disclosure Vulnerability (CVE-2017-0057) MS Rating: Important
An information disclosure vulnerability exists when Windows dnsclient fails to properly handle requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.
Windows HelpPane Elevation of Privilege Vulnerability (CVE-2017-0100) MS Rating: Important
An elevation of privilege exists in Windows when a DCOM object in Helppane.exe configured to run as the interactive user fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability once another user logged in to the same system via Terminal Services or Fast User Switching.
iSNS Server Memory Corruption Vulnerability (CVE-2017-0104) MS Rating: Critical
A remote code execution vulnerability exists in Windows when the iSNS Server service fails to properly validate input from the client, leading to an integer overflow. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SYSTEM account. An attacker could exploit the vulnerability by creating a specially crafted application to connect to the iSNS Server and then issue malicious requests to it.
MS17-013 Security Update for Microsoft Graphics Component (4013075) MS Rating: Critical
Windows GDI Elevation of Privilege Vulnerability (CVE-2017-0001) MS Rating: Important
A privilege escalation vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Windows GDI Elevation of Privilege Vulnerability (CVE-2017-0005) MS Rating: Important
A privilege escalation vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Windows GDI Elevation of Privilege Vulnerability (CVE-2017-0025) MS Rating: Important
A privilege escalation vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Windows GDI Elevation of Privilege Vulnerability (CVE-2017-0047) MS Rating: Important
A privilege escalation vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Windows Graphics Component Information Disclosure Vulnerability (CVE-2017-0038) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the user's system.
GDI+ Information Disclosure Vulnerability (CVE-2017-0060) MS Rating: Important
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution. however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
GDI+ Information Disclosure Vulnerability (CVE-2017-0062) MS Rating: Important
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution. However, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061) MS Rating: Important
An information disclosure vulnerability exists in the way that the Color Management Module(ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR on a targeted system. By itself, the information disclosures do not allow arbitrary code execution. However, they could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.
Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063) MS Rating: Important
An information disclosure vulnerability exists in the way that the Color Management Module(ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR on a targeted system. By itself, the information disclosures do not allow arbitrary code execution. However, they could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.
GDI+ Information Disclosure Vulnerability (CVE-2017-0073) MS Rating: Important
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution. However, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
GDI+ Remote Code Execution Vulnerability (CVE-2017-0108) MS Rating: Critical
A remote code execution vulnerability exists due to the way the Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014) MS Rating: Critical
A remote code execution vulnerability exists due to the way the Windows Graphics component handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
MS17-014 Security Update for Microsoft Office (4013241) MS Rating: Important
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0006) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0019) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0020) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Information Disclosure Vulnerability (CVE-2017-0027) MS Rating: Important
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data.
Microsoft Office Denial of Service Vulnerability (CVE-2017-0029) MS Rating: Important
A denial of service vulnerability exists when a specially crafted file is opened in Microsoft Office. An attacker who successfully exploited the vulnerability could cause Office to stop responding.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0030) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0031) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0052) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-0053) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Information Disclosure Vulnerability (CVE-2017-0105) MS Rating: Important
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.
Microsoft SharePoint XSS Vulnerability (CVE-2017-0107) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
Microsoft Lync for Mac Certificate Validation Vulnerability (CVE-2017-0129) MS Rating: Important
A security feature bypass exists when the Lync for Mac 2011 client fails to properly validate certificates. An attacker who successfully exploited this vulnerability could tamper with trusted communications between the server and target client. To exploit the vulnerability an attacker would need to intercept and tamper with network traffic.
MS17-015 Security Update for Microsoft Exchange Server (4013242) MS Rating: Important
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2017-0110) MS Rating: Important
An elevation of privilege vulnerability exists in the way that Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. To exploit the vulnerability, an attacker who successfully exploited this vulnerability could, perform script/content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could exploit the vulnerabilities by sending a specially crafted email, containing a malicious link, to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking on the malicious link.
MS17-016 Security Update for Internet Information Services (4013074) MS Rating: Important
Microsoft IIS Server XSS Elevation of Privilege Vulnerability (CVE-2017-0055) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request. An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on behalf of the victim, and inject malicious content in the victim's browser. For this vulnerability to be exploited, a user must click a specially crafted URL.
MS17-017 Security Update for Windows Kernel (4010652) MS Rating: Important
Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-0050) MS Rating: Important
A privilege escalation vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited this issue could impersonate processes, interject cross-process communication, or interrupt system functionality.
Windows Elevation of Privilege Vulnerability (CVE-2017-0101) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take complete control over the affected system.
Windows Registry Elevation of Privilege Vulnerability (CVE-2017-0102) MS Rating: Important
An elevation of privilege vulnerability exists when Windows fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would first need access to the target system and have the ability to copy a file to a shared folder or drive.
Windows Registry Elevation of Privilege Vulnerability (CVE-2017-0103) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally-authenticated attacker could exploit this vulnerability by running a specially crafted application.
MS17-018 Security Update for Windows Kernel-Mode Drivers (4013083) MS Rating: Important
Win32k Elevation of Privilege Vulnerability (CVE-2017-0024) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0026) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0056) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0078) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0079) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0080) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0081) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
Win32k Elevation of Privilege Vulnerability (CVE-2017-0082) MS Rating: Important
A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this issue could run arbitrary code in kernel mode.
MS17-019 Security Update for Active Directory Federation Services (4010320) MS Rating: Important
Microsoft Active Directory Federation Services Information Disclosure Vulnerability (CVE-2017-0043) MS Rating: Important
An information disclosure vulnerability exists when Windows ADFS honors XML External Entities. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the ADFS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.
MS17-020 Security Update for Windows DVD Maker (3208223) MS Rating: Important
Windows DVD Maker Cross-Site Request Forgery Vulnerability (CVE-2017-0045) MS Rating: Important
An information disclosure vulnerability exists in Windows when Windows DVD Maker fails to properly parse a specially crafted .msdvd file. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.
MS17-021 Security Update for DirectShow (4010318) MS Rating: Important
Windows DirectShow Information Disclosure Vulnerabitliy (CVE-2017-0042) MS Rating: Important
An information disclosure vulnerability exists in the way Windows DirectShow handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.
MS17-022 Security Update for Microsoft XML Core Services (4010321) MS Rating: Important
Microsoft XML Information Disclosure Vulnerability (CVE-2017-0022) MS Rating: Important
An information disclosure vulnerability exists when Microsoft XML Core Services (MSXML) improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.
MS17-023 Security Update for Adobe Flash Player (4010250) MS Rating: Critical
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
Microsoft Patch Tuesday – January 2017
Hello, welcome to this month's blog on the Microsoft patch release. This month
the vendor has released four bulletins, one of which is rated Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining
functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless
specific access is required.
Microsoft's summary of the January 2017 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms17-jan
The following is a breakdown of the issues being addressed this month:
MS17-001 Security Update for Microsoft Edge (3214288) MS Rating: Important
Microsoft Edge Elevation of Privilege Vulnerability (CVE-2017-0002) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies with about:blank, which could allow an attacker to access information from one domain and inject it into another domain. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Microsoft Edge.
MS17-002 Security Update for Microsoft Office (3214291) MS Rating: Important
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0003) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS17-003 Security Update for Adobe Flash Player (3214628) MS Rating: Critical
This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB17-02: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937.
MS17-004 Security Update for Local Security Authority Subsystem Service (3216771) MS Rating: Important
Local Security Authority Subsystem Service Denial of Service Vulnerability (CVE-2017-0003) MS Rating: Important
A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.
More information on the vulnerabilities being addressed this month is available at Symantec's free Security Response portal and to our customers through the DeepSight Threat Management System.