98100

1039090

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0250

The remote Windows host is missing security update 4034668. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.
    (CVE-2017-8620)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory.  (CVE-2017-8624)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2017-8635, CVE-2017-8641)

  - An information disclosure vulnerability exists when the     win32k component improperly provides kernel information.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-8666)

  - A security feature bypass vulnerability exists when     Internet Explorer fails to validate User Mode Code     Integrity (UMCI) policies. The vulnerability could allow     an attacker to bypass Device Guard UMCI policies.
    (CVE-2017-8625)

  - A remote code execution vulnerability exists in Windows     Input Method Editor (IME) when IME improperly handles     parameters in a method of a DCOM class. The DCOM server     is a Windows component installed regardless of which     languages/IMEs are enabled. An attacker can instantiate     the DCOM class and exploit the system even if IME is not     enabled.  (CVE-2017-8591)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2017-8664)

  - A denial of service vulnerability exists when Microsoft     Windows improperly handles NetBIOS packets. An attacker     who successfully exploited this vulnerability could     cause a target computer to become completely     unresponsive. A remote unauthenticated attacker could     exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent     denial of service condition. The update addresses the     vulnerability by correcting how the Windows network     stack handles NetBIOS traffic. (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2017-0250)

  - A remote code execution vulnerability exists in the way     Microsoft browsers handle objects in memory while     rendering content. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-8669)

  - An elevation of privilege vulnerability exists in     Windows Error Reporting (WER) when WER handles and     executes files. The vulnerability could allow elevation     of privilege if an attacker can successfully exploit it.
    An attacker who successfully exploited the vulnerability     could gain greater access to sensitive information and     system functionality.  (CVE-2017-8633)

  - A remote code execution vulnerability exists when     Microsoft browsers improperly access objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-8653)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2017-8593)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. In a web-based attack scenario, an attacker could     host a specially crafted website that is designed to     exploit the vulnerability through Microsoft browsers and     then convince a user to view the website. An attacker     could also embed an ActiveX control marked &quot;safe     for initialization&quot; in an application or Microsoft     Office document that hosts the related rendering engine.
    The attacker could also take advantage of compromised     websites, and websites that accept or host user-provided     content or advertisements. These websites could contain     specially crafted content that could exploit the     vulnerability. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2017-8636, CVE-2017-8640,     CVE-2017-8655, CVE-2017-8672)

  - A remote code execution vulnerability exists when     Microsoft Windows PDF Library improperly handles objects     in memory. The vulnerability could corrupt memory in a     way that enables an attacker to execute arbitrary code     in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. If the current     user is logged on with administrative user rights, an     attacker could take control of an affected system. An     attacker could then install programs; view, change, or     delete data; or create new accounts with full user     rights.  (CVE-2017-0293)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-8644, CVE-2017-8652)

The remote Windows host is missing multiple security updates released on 2017/10/10. It is, therefore, affected by multiple vulnerabilities :

- A buffer overflow vulnerability exists in the Microsoft JET     Database Engine that could allow remote code execution on an     affected system. An attacker who successfully exploited this     vulnerability could take complete control of an affected system.
    (CVE-2017-0250)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.
    (CVE-2017-11771)

  - An elevation of privilege vulnerability exists when the     Windows Graphics Component improperly handles objects in     memory. An attacker who successfully exploited this     vulnerability could run processes in an elevated     context.  (CVE-2017-11824)

  - An elevation of privilege vulnerability exists when the     Windows kernel-mode driver fails to properly handle     objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2017-8689, CVE-2017-8694)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2017-8717,     CVE-2017-8718)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2017-11816)

  - An information disclosure vulnerability exists in the     way that the Windows SMB Server handles certain     requests. An authenticated attacker who successfully     exploited this vulnerability could craft a special     packet, which could lead to information disclosure from     the server.  (CVE-2017-11815)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11765, CVE-2017-11814)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-11793, CVE-2017-11810)

  - A remote code execution vulnerability exists when the     Windows font library improperly handles specially     crafted embedded fonts. An attacker who successfully     exploited the vulnerability could take control of the     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2017-11762,     CVE-2017-11763)

  - An information disclosure vulnerability exists when     Internet Explorer improperly handles objects in memory.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11790)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2017-11817)

  - A denial of service vulnerability exists in the     Microsoft Server Block Message (SMB) when an attacker     sends specially crafted requests to the server. An     attacker who exploited this vulnerability could cause     the affected system to crash. To attempt to exploit this     issue, an attacker would need to send specially crafted     SMB requests to the target system. Note that the denial     of service vulnerability would not allow an attacker to     execute code or to elevate their user rights, but it     could cause the affected system to stop accepting     requests. The security update addresses the     vulnerability by correcting the manner in which SMB     handles specially crafted client requests.
    (CVE-2017-11781)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11822)

  - An Information disclosure vulnerability exists when     Windows Search improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11772)

  - A remote code execution vulnerability exists in the way     that the Microsoft Server Message Block 1.0 (SMBv1)     server handles certain requests. An attacker who     successfully exploited the vulnerability could gain the     ability to execute code on the target server.
    (CVE-2017-11780)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2017-11784,     CVE-2017-11785)

  - A spoofing vulnerability exists in the Windows     implementation of wireless networking. An attacker who     successfully exploited this vulnerability could     potentially replay broadcast and/or multicast traffic     to hosts on a WPA or WPA 2-protected wireless network.
    (CVE-2017-13080)

The remote Windows host is missing multiple security updates released on 2017/08/08. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when Microsoft Windows     improperly handles NetBIOS packets. An attacker who successfully     exploited this vulnerability could cause a target computer to     become completely unresponsive. A remote unauthenticated attacker     could exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent denial of     service condition. The update addresses the vulnerability by     correcting how the Windows network stack handles NetBIOS traffic.
    (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft JET     Database Engine that could allow remote code execution on an     affected system. An attacker who successfully exploited this     vulnerability could take complete control of an affected system.
    An attacker could then install programs; view, change, or delete     data; or create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the system     could be less impacted than users who operate with administrative     user rights. Exploitation of this vulnerability requires that a     user open or preview a specially crafted database file while using     an affected version of Microsoft Windows. In an email attack     scenario, an attacker could exploit the vulnerability by sending a     specially crafted database file to the user and then convincing     the user to open the file. The update addresses the vulnerability     by modifying how the Microsoft JET Database Engine handles objects     in memory. (CVE-2017-0250)

  - An information disclosure vulnerability exists when the Windows     kernel fails to properly initialize a memory address, allowing an     attacker to retrieve information that could lead to a Kernel Address     Space Layout Randomization (KASLR) bypass. (CVE-2017-0299)

  - An elevation of privilege vulnerability exists in Windows when the     Win32k component fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability could run     arbitrary code in kernel mode. An attacker could then install     programs; view, change, or delete data; or create new accounts     with full user rights. To exploit this vulnerability, an attacker     would first have to log on to the system. An attacker could then     run a specially crafted application that could exploit the     vulnerability and take control of an affected system. The update     addresses this vulnerability by correcting how Win32k handles     objects in memory. (CVE-2017-8593)

  - A remote code execution vulnerability exists when Windows Search     handles objects in memory. An attacker who successfully exploited     this vulnerability could take control of the affected system. An     attacker could then install programs; view, change, or delete     data; or create new accounts with full user rights. To exploit the     vulnerability, the attacker could send specially crafted messages     to the Windows Search service. An attacker with access to a target     computer could exploit this vulnerability to elevate privileges     and take control of the computer. Additionally, in an enterprise     scenario, a remote unauthenticated attacker could remotely trigger     the vulnerability through an SMB connection and then take control     of a target computer. The security update addresses the     vulnerability by correcting how Windows Search handles objects in     memory. (CVE-2017-8620)

  - An elevation of privilege vulnerability exists when the Windows     Common Log File System (CLFS) driver improperly handles objects in     memory. In a local attack scenario, an attacker could exploit this     vulnerability by running a specially crafted application to take     control of the affected system. An attacker who successfully     exploited this vulnerability could run processes in an elevated     context. The update addresses the vulnerability by correcting how     CLFS handles objects in memory. Note: The Common Log File System     (CLFS) is a high-performance, general-purpose log file subsystem     that dedicated client applications can use and multiple clients     can share to optimize log access. (CVE-2017-8624)

  - This security update resolves a vulnerability in Windows Error     Reporting (WER). The vulnerability could allow elevation of     privilege if successfully exploited by an attacker. An attacker     who successfully exploited this vulnerability could gain greater     access to sensitive information and system functionality. This     update corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way that     Microsoft browser JavaScript engines render content when     handling objects in memory. The vulnerability could corrupt     memory in such a way that an attacker could execute arbitrary     code in the context of the current user. (CVE-2017-8636)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in memory     in Microsoft browsers. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary code in     the context of the current user. An attacker who successfully     exploited the vulnerability could gain the same user rights as     the current user. If the current user is logged on with     administrative user rights, an attacker who successfully exploited     the vulnerability could take control of an affected system. An     attacker could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-8641)

  - A remote code execution vulnerability exists when Internet     Explorer improperly accesses objects in memory. The vulnerability     could corrupt memory in such a way that an attacker could execute     arbitrary code in the context of the current user.
    (CVE-2017-8651)

  - A remote code execution vulnerability exists when Microsoft     browsers improperly access objects in memory. The vulnerability     could corrupt memory in such a way that enables an attacker to     execute arbitrary code in the context of the current user.
    (CVE-2017-8653)

  - An information disclosure vulnerability exists when the win32k     component improperly provides kernel information. An attacker     who successfully exploited the vulnerability could obtain     information to further compromise the user's system.
    (CVE-2017-8666)

  - An information disclosure vulnerability exists when the Volume     Manager Extension Drivercomponent improperly provides kernel     information. An attacker who successfully exploited the     vulnerability could obtain information to further compromise the     users system. To exploit this vulnerability, an attacker would     have to log on to an affected system and run a specially crafted     application. The security update addresses the vulnerability by     correcting how Volume Manager Extension Driver handles objects in     memory. (CVE-2017-8668)

  - A remote code execution vulnerability exists when the Windows font     library improperly handles specially crafted embedded fonts. An     attacker who successfully exploited this vulnerability     would gain code execution on the target system. Users whose     accounts are configured to have fewer user rights on the system     could be less impacted than users who operate with administrative     user rights. There are multiple ways an attacker could exploit the     vulnerability: In a web-based attack scenario, an attacker could     host a specially crafted website that is designed to exploit the     vulnerability and then convince users to view the website. An     attacker would have no way to force users to view the     attacker-controlled content. Instead, an attacker would have to     convince users to take action, typically by getting them to click     a link in an email or Instant Messenger message that takes users     to the attacker's website, or by opening an attachment sent     through email. In a file sharing attack scenario, an attacker     could provide a specially crafted document file that is designed     to exploit the vulnerability, and then convince users to open the     document file. The security update addresses the vulnerability by     correcting how the Windows font library handles embedded fonts.
    (CVE-2017-8691)

The remote Windows host is missing security update 4034672 or cumulative update 4034681. It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when Microsoft     Windows improperly handles NetBIOS packets. An attacker     who successfully exploited this vulnerability could     cause a target computer to become completely     unresponsive. A remote unauthenticated attacker could     exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent     denial of service condition. The update addresses the     vulnerability by correcting how the Windows network     stack handles NetBIOS traffic. (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     complete control of an affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-0250)

  - A remote code execution vulnerability exists when     Microsoft Windows PDF Library improperly handles objects     in memory. The vulnerability could corrupt memory in a     way that enables an attacker to execute arbitrary code     in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-0293)

  - A remote code execution vulnerability exists in Windows     Input Method Editor (IME) when IME improperly handles     parameters in a method of a DCOM class. The DCOM server     is a Windows component installed regardless of which     languages/IMEs are enabled. An attacker can instantiate     the DCOM class and exploit the system even if IME is not     enabled. (CVE-2017-8591)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights. (CVE-2017-8593)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.To exploit the     vulnerability, the attacker could send specially crafted     messages to the Windows Search service. An attacker with     access to a target computer could exploit this     vulnerability to elevate privileges and take control of     the computer. Additionally, in an enterprise scenario, a     remote unauthenticated attacker could remotely trigger     the vulnerability through an SMB connection and then     take control of a target computer.The security update     addresses the vulnerability by correcting how Windows     Search handles objects in memory. (CVE-2017-8620)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. (CLFS) is a high-performance,     general-purpose log file subsystem that dedicated client     applications can use and multiple clients can share to     optimize log access. (CVE-2017-8624)

  - This security update resolves a vulnerability in Windows     Error Reporting (WER). The vulnerability could allow     elevation of privilege if successfully exploited by an     attacker. An attacker who successfully exploited this     vulnerability could gain greater access to sensitive     information and system functionality. This update     corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8635)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8636)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8641)

  - A remote code execution vulnerability exists when     Microsoft browsers improperly access objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-8653)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system. (CVE-2017-8664)

  - An information disclosure vulnerability exists when the     win32k component improperly provides kernel information.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8666)

  - An information disclosure vulnerability exists when the     Volume Manager Extension Driver component improperly     provides kernel information. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.To     exploit this vulnerability, an attacker would have to     log on to an affected system and run a specially crafted     application.The security update addresses the     vulnerability by correcting how Volume Manager Extension     Driver handles objects in memory. (CVE-2017-8668)

  - A remote code execution vulnerability exists in the way     Microsoft browsers handle objects in memory while     rendering content. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user. If     the current user is logged on with administrative user     rights, an attacker who successfully exploited the     vulnerability could take control of an affected system.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights. (CVE-2017-8669)

The remote Windows host is missing security update 4034674.
It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when Microsoft     Windows improperly handles NetBIOS packets. An attacker     who successfully exploited this vulnerability could     cause a target computer to become completely     unresponsive. (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     complete control of an affected system. (CVE-2017-0250)

  - A remote code execution vulnerability exists when     Microsoft Windows PDF Library improperly handles objects     in memory. The vulnerability could corrupt memory in a     way that enables an attacker to execute arbitrary code     in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.
    (CVE-2017-0293)

  - An elevation of privilege vulnerability exists in     Microsoft Edge that could allow an attacker to escape     from the AppContainer sandbox in the browser. An     attacker who successfully exploited this vulnerability     could gain elevated privileges and break out of the Edge     AppContainer sandbox. (CVE-2017-8503)

  - A remote code execution vulnerability exists in Windows     Input Method Editor (IME) when IME improperly handles     parameters in a method of a DCOM class. The DCOM server     is a Windows component installed regardless of which     languages/IMEs are enabled. An attacker can instantiate     the DCOM class and exploit the system even if IME is not     enabled. (CVE-2017-8591)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. (CVE-2017-8593)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.     (CVE-2017-8620)

  - An elevation of privilege vulnerability exists in the     way that the Windows Subsystem for Linux handles NT     pipes. An attacker who successfully exploited the     vulnerability could execute code with elevated     permissions. (CVE-2017-8622)

  - A denial of service vulnerability exists when Microsoft     Hyper-V Network Switch on a host server fails to     properly validate input from a privileged user on a     guest operating system. An attacker who successfully     exploited the vulnerability could cause the host server     to crash. (CVE-2017-8623)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. (CVE-2017-8624)

  - A denial of service vulnerability exists when Windows     Subsystem for Linux improperly handles objects in     memory. An attacker who successfully exploited this     vulnerability could cause a denial of service against     the local system.A attacker could exploit this     vulnerability by running a specially crafted     application.The update addresses the vulnerability by     correcting how Windows Subsystem for Linux handles     objects in memory. (CVE-2017-8627)

  - This security update resolves a vulnerability in Windows     Error Reporting (WER). The vulnerability could allow     elevation of privilege if successfully exploited by an     attacker. An attacker who successfully exploited this     vulnerability could gain greater access to sensitive     information and system functionality. This update     corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8634)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8635)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8636)

  - A security feature bypass vulnerability exists in     Microsoft Edge as a result of how memory is accessed in     code compiled by the Edge Just-In-Time (JIT) compiler     that allows Arbitrary Code Guard (ACG) to be bypassed.
    (CVE-2017-8637)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8638)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8639)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8640)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8641)

  - An elevation of privilege vulnerability exists when     Microsoft Edge does not properly validate JavaScript     under specific conditions, potentially allowing script     to run with elevated privileges. (CVE-2017-8642)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8644)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8645)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8646)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8647)

  - A security feature bypass vulnerability exists when     Microsoft Edge does not properly enforce same-origin     policies, which could allow an attacker to access     information from origins outside the current one. In a     web-based attack scenario, an attacker could trick a     user into loading a webpage with malicious content.
    (CVE-2017-8650)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.
    (CVE-2017-8652)

  - A remote code execution vulnerability exists when     Microsoft browsers improperly access objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.
    (CVE-2017-8653)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8655)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8656)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8657)

  - An information disclosure vulnerability exists when the     Chakra scripting engine does not properly handle objects     in memory. An attacker who successfully exploited the     vulnerability could obtain information to further     compromise the users system.
    (CVE-2017-8659)

  - A remote code execution vulnerability exists in the way     affected Microsoft scripting engines render when     handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.
    (CVE-2017-8661)

  - An information disclosure vulnerability for Microsoft     Edge exists as a result of how strings are validated in     specific scenarios, which can allow an attacker to read     sensitive data from memory and thereby potentially     bypass Address Space Layout Randomization (ASLR).
    (CVE-2017-8662)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system. (CVE-2017-8664)

  - An information disclosure vulnerability exists when the     win32k component improperly provides kernel information.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8666)

  - A remote code execution vulnerability exists in the way     Microsoft browsers handle objects in memory while     rendering content. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-8669)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8670)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8671)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8672)

  - A denial of service vulnerability exists in Remote     Desktop Protocol (RDP) when an attacker connects to the     target system using RDP and sends specially crafted     requests. (CVE-2017-8673)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8674)

The remote Windows host is missing security update 4034666 or cumulative update 4034665. It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when Microsoft     Windows improperly handles NetBIOS packets. An attacker     who successfully exploited this vulnerability could     cause a target computer to become completely     unresponsive. A remote unauthenticated attacker could     exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent     denial of service condition. The update addresses the     vulnerability by correcting how the Windows network     stack handles NetBIOS traffic. (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     complete control of an affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-0250)

  - A remote code execution vulnerability exists when     Microsoft Windows PDF Library improperly handles objects     in memory. The vulnerability could corrupt memory in a     way that enables an attacker to execute arbitrary code     in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-0293)

  - A remote code execution vulnerability exists in Windows     Input Method Editor (IME) when IME improperly handles     parameters in a method of a DCOM class. The DCOM server     is a Windows component installed regardless of which     languages/IMEs are enabled. An attacker can instantiate     the DCOM class and exploit the system even if IME is not     enabled. (CVE-2017-8591)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights. (CVE-2017-8593)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.To exploit the     vulnerability, the attacker could send specially crafted     messages to the Windows Search service. An attacker with     access to a target computer could exploit this     vulnerability to elevate privileges and take control of     the computer. Additionally, in an enterprise scenario, a     remote unauthenticated attacker could remotely trigger     the vulnerability through an SMB connection and then     take control of a target computer.The security update     addresses the vulnerability by correcting how Windows     Search handles objects in memory. (CVE-2017-8620)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. (CVE-2017-8624)

  - This security update resolves a vulnerability in Windows     Error Reporting (WER). The vulnerability could allow     elevation of privilege if successfully exploited by an     attacker. An attacker who successfully exploited this     vulnerability could gain greater access to sensitive     information and system functionality. This update     corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8635)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8636)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8641)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-8651)

  - A remote code execution vulnerability exists when     Microsoft browsers improperly access objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-8653)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system. (CVE-2017-8664)

  - An information disclosure vulnerability exists when the     win32k component improperly provides kernel information.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8666)

  - An information disclosure vulnerability exists when the     Volume Manager Extension Driver component improperly     provides kernel information. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.To     exploit this vulnerability, an attacker would have to     log on to an affected system and run a specially crafted     application.The security update addresses the     vulnerability by correcting how Volume Manager Extension     Driver handles objects in memory. (CVE-2017-8668)

The remote Windows host is missing security update 4034679 or cumulative update 4034664. It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when Microsoft     Windows improperly handles NetBIOS packets. An attacker     who successfully exploited this vulnerability could     cause a target computer to become completely     unresponsive. A remote unauthenticated attacker could     exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent     denial of service condition. The update addresses the     vulnerability by correcting how the Windows network     stack handles NetBIOS traffic. (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     complete control of an affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-0250)

  - A remote code execution vulnerability exists when     Microsoft Windows PDF Library improperly handles objects     in memory. The vulnerability could corrupt memory in a     way that enables an attacker to execute arbitrary code     in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-0293)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights. (CVE-2017-8593)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.To exploit the     vulnerability, the attacker could send specially crafted     messages to the Windows Search service. An attacker with     access to a target computer could exploit this     vulnerability to elevate privileges and take control of     the computer. Additionally, in an enterprise scenario, a     remote unauthenticated attacker could remotely trigger     the vulnerability through an SMB connection and then     take control of a target computer.The security update     addresses the vulnerability by correcting how Windows     Search handles objects in memory. (CVE-2017-8620)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. (CVE-2017-8624)

  - This security update resolves a vulnerability in Windows     Error Reporting (WER). The vulnerability could allow     elevation of privilege if successfully exploited by an     attacker. An attacker who successfully exploited this     vulnerability could gain greater access to sensitive     information and system functionality. This update     corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8636)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8641)

  - A remote code execution vulnerability exists when     Microsoft browsers improperly access objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-8653)

  - An information disclosure vulnerability exists when the     win32k component improperly provides kernel information.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8666)

  - An information disclosure vulnerability exists when the     Volume Manager Extension Driver component improperly     provides kernel information. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.To     exploit this vulnerability, an attacker would have to     log on to an affected system and run a specially crafted     application.The security update addresses the     vulnerability by correcting how Volume Manager Extension     Driver handles objects in memory. (CVE-2017-8668)

  - A remote code execution vulnerability exists when the     Windows font library improperly handles specially     crafted embedded fonts. An attacker who successfully     exploits exploited this vulnerability would gain code     execution on the target system. (CVE-2017-8691)

The remote Windows host is missing security update 4034660.
It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when Microsoft     Windows improperly handles NetBIOS packets. An attacker     who successfully exploited this vulnerability could     cause a target computer to become completely     unresponsive. A remote unauthenticated attacker could     exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent     denial of service condition. The update addresses the     vulnerability by correcting how the Windows network     stack handles NetBIOS traffic. (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     complete control of an affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-0250)

  - A remote code execution vulnerability exists when     Microsoft Windows PDF Library improperly handles objects     in memory. The vulnerability could corrupt memory in a     way that enables an attacker to execute arbitrary code     in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-0293)

  - An elevation of privilege vulnerability exists in     Microsoft Edge that could allow an attacker to escape     from the AppContainer sandbox in the browser. An     attacker who successfully exploited this vulnerability     could gain elevated privileges and break out of the Edge     AppContainer sandbox.The vulnerability by itself does     not allow arbitrary code to run. However, this     vulnerability could be used in conjunction with one or     more vulnerabilities (for example a remote code     execution vulnerability and another elevation of     privilege vulnerability) to take advantage of the     elevated privileges when running.The security update     addresses the vulnerability by modifying how Microsoft     Edge handles sandboxing. (CVE-2017-8503)

  - A remote code execution vulnerability exists in Windows     Input Method Editor (IME) when IME improperly handles     parameters in a method of a DCOM class. The DCOM server     is a Windows component installed regardless of which     languages/IMEs are enabled. An attacker can instantiate     the DCOM class and exploit the system even if IME is not     enabled. (CVE-2017-8591)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights. (CVE-2017-8593)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.To exploit the     vulnerability, the attacker could send specially crafted     messages to the Windows Search service. An attacker with     access to a target computer could exploit this     vulnerability to elevate privileges and take control of     the computer. Additionally, in an enterprise scenario, a     remote unauthenticated attacker could remotely trigger     the vulnerability through an SMB connection and then     take control of a target computer.The security update     addresses the vulnerability by correcting how Windows     Search handles objects in memory. (CVE-2017-8620)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. (CVE-2017-8624)

  - A security feature bypass vulnerability exists when     Internet Explorer fails to validate User Mode Code     Integrity (UMCI) policies. The vulnerability could allow     an attacker to bypass Device Guard UCMI policies.To     exploit the vulnerability, a user could either visit a     malicious website or an attacker with access to the     system could run a specially crafted application. An     attacker could then leverage the vulnerability to run     unsigned malicious code as though it were signed by a     trusted source.The update addresses the vulnerability by     correcting how Internet Explorer validates UMCI     policies. (CVE-2017-8625)

  - This security update resolves a vulnerability in Windows     Error Reporting (WER). The vulnerability could allow     elevation of privilege if successfully exploited by an     attacker. An attacker who successfully exploited this     vulnerability could gain greater access to sensitive     information and system functionality. This update     corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8635)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8636)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8640)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8641)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8644)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8645)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8646)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8652)

  - A remote code execution vulnerability exists when     Microsoft browsers improperly access objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-8653)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8655)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8657)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system. (CVE-2017-8664)

  - An information disclosure vulnerability exists when the     win32k component improperly provides kernel information.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8666)

  - A remote code execution vulnerability exists in the way     Microsoft browsers handle objects in memory while     rendering content. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user. If     the current user is logged on with administrative user     rights, an attacker who successfully exploited the     vulnerability could take control of an affected system.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights. (CVE-2017-8669)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8671)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8672)

The remote Windows host is missing security update 4034658.
It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when Microsoft     Windows improperly handles NetBIOS packets. An attacker     who successfully exploited this vulnerability could     cause a target computer to become completely     unresponsive. A remote unauthenticated attacker could     exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent     denial of service condition. The update addresses the     vulnerability by correcting how the Windows network     stack handles NetBIOS traffic. (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     complete control of an affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-0250)

  - A remote code execution vulnerability exists when     Microsoft Windows PDF Library improperly handles objects     in memory. The vulnerability could corrupt memory in a     way that enables an attacker to execute arbitrary code     in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-0293)

  - An elevation of privilege vulnerability exists in     Microsoft Edge that could allow an attacker to escape     from the AppContainer sandbox in the browser. An     attacker who successfully exploited this vulnerability     could gain elevated privileges and break out of the Edge     AppContainer sandbox.The vulnerability by itself does     not allow arbitrary code to run. However, this     vulnerability could be used in conjunction with one or     more vulnerabilities (for example a remote code     execution vulnerability and another elevation of     privilege vulnerability) to take advantage of the     elevated privileges when running.The security update     addresses the vulnerability by modifying how Microsoft     Edge handles sandboxing. (CVE-2017-8503)

  - A remote code execution vulnerability exists in Windows     Input Method Editor (IME) when IME improperly handles     parameters in a method of a DCOM class. The DCOM server     is a Windows component installed regardless of which     languages/IMEs are enabled. An attacker can instantiate     the DCOM class and exploit the system even if IME is not     enabled. (CVE-2017-8591)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights. (CVE-2017-8593)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.To exploit the     vulnerability, the attacker could send specially crafted     messages to the Windows Search service. An attacker with     access to a target computer could exploit this     vulnerability to elevate privileges and take control of     the computer. Additionally, in an enterprise scenario, a     remote unauthenticated attacker could remotely trigger     the vulnerability through an SMB connection and then     take control of a target computer.The security update     addresses the vulnerability by correcting how Windows     Search handles objects in memory. (CVE-2017-8620)

  - A denial of service vulnerability exists when Microsoft     Hyper-V Network Switch on a host server fails to     properly validate input from a privileged user on a     guest operating system. An attacker who successfully     exploited the vulnerability could cause the host server     to crash. (CVE-2017-8623)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory.(CVE-2017-8624)

  - A security feature bypass vulnerability exists when     Internet Explorer fails to validate User Mode Code     Integrity (UMCI) policies. The vulnerability could allow     an attacker to bypass Device Guard UCMI policies.To     exploit the vulnerability, a user could either visit a     malicious website or an attacker with access to the     system could run a specially crafted application. An     attacker could then leverage the vulnerability to run     unsigned malicious code as though it were signed by a     trusted source.The update addresses the vulnerability by     correcting how Internet Explorer validates UMCI     policies. (CVE-2017-8625)

  - This security update resolves a vulnerability in Windows     Error Reporting (WER). The vulnerability could allow     elevation of privilege if successfully exploited by an     attacker. An attacker who successfully exploited this     vulnerability could gain greater access to sensitive     information and system functionality. This update     corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8635)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8636)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8639)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8640)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8641)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8644)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8645)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8646)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8652)

  - A remote code execution vulnerability exists when     Microsoft browsers improperly access objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-8653)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8655)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8656)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8657)

  - A remote code execution vulnerability exists in the way     affected Microsoft scripting engines render when     handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8661)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system. (CVE-2017-8664)

  - An information disclosure vulnerability exists when the     win32k component improperly provides kernel information.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8666)

  - A remote code execution vulnerability exists in the way     Microsoft browsers handle objects in memory while     rendering content. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user. If     the current user is logged on with administrative user     rights, an attacker who successfully exploited the     vulnerability could take control of an affected system.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights. (CVE-2017-8669)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8670)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8671)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8672)

ID	Name	Product	Family	Severity
104382	KB4034668: Windows 10 August 2017 Cumulative Update	Nessus	Windows : Microsoft Bulletins	high
103816	Windows 2008 October 2017 Multiple Security Updates (KRACK)	Nessus	Windows : Microsoft Bulletins	critical
102273	Windows 2008 August 2017 Multiple Security Updates	Nessus	Windows : Microsoft Bulletins	high
102270	Windows 8.1 and Windows Server 2012 R2 August 2017 Security Updates	Nessus	Windows : Microsoft Bulletins	high
102269	KB4034674: Windows 10 Version 1703 August 2017 Cumulative Update	Nessus	Windows : Microsoft Bulletins	high
102268	Windows Server 2012 August 2017 Security Updates	Nessus	Windows : Microsoft Bulletins	high
102267	Windows 7 and Windows Server 2008 R2 August 2017 Security Updates	Nessus	Windows : Microsoft Bulletins	high
102265	KB4034660: Windows 10 Version 1511 August 2017 Cumulative Update	Nessus	Windows : Microsoft Bulletins	high
102264	KB4034658: Windows 10 Version 1607 and Windows Server 2016 August 2017 Cumulative Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2017-0250

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

high

high

high

high

high

high

high