101213

1039526

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11829

The remote Windows host is missing security update 4041691.
It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11765, CVE-2017-11814)

  - An elevation of privilege vulnerability exists when the     Windows Update Delivery Optimization does not properly     enforce file share permissions. An attacker who     successfully exploited the vulnerability could overwrite     files that require higher privileges than what the     attacker already has.  (CVE-2017-11829)

  - A remote code execution vulnerability exists when the     Windows font library improperly handles specially     crafted embedded fonts. An attacker who successfully     exploited the vulnerability could take control of the     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2017-11762,     CVE-2017-11763)

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-11783)

  - A remote code execution vulnerability     exists in Windows Domain Name System (DNS) DNSAPI.dll     when it fails to properly handle DNS responses. An     attacker who successfully exploited the vulnerability     could run arbitrary code in the context of the Local     System Account.  (CVE-2017-11779)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11798,     CVE-2017-11799, CVE-2017-11800, CVE-2017-11802,     CVE-2017-11804, CVE-2017-11808, CVE-2017-11811,     CVE-2017-11812)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2017-8717,     CVE-2017-8718)

  - A security feature bypass vulnerability exists in Device     Guard that could allow an attacker to inject malicious     code into a Windows PowerShell session. An attacker who     successfully exploited this vulnerability could inject     code into a trusted PowerShell process to bypass the     Device Guard Code Integrity policy on the local machine.
    (CVE-2017-11823, CVE-2017-8715)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2017-11817)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-11793, CVE-2017-11810)

  - An elevation of privilege vulnerability exists in the     default Windows SMB Server configuration which allows     anonymous users to remotely access certain named pipes     that are also configured to allow anonymous access to     users who are logged on locally. An unauthenticated     attacker who successfully exploits this configuration     error could remotely send specially crafted requests to     certain services that accept requests via named pipes.
    (CVE-2017-11782)

  - An Information disclosure vulnerability exists when     Windows Search improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11772)

  - An elevation of privilege vulnerability exists when the     Windows Graphics Component improperly handles objects in     memory. An attacker who successfully exploited this     vulnerability could run processes in an elevated     context.  (CVE-2017-11824)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory     via the Microsoft Windows Text Services Framework. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2017-8727)

  - An Security Feature bypass vulnerability exists in     Microsoft Windows storage when it fails to validate an     integrity-level check. An attacker who successfully     exploited the vulnerability could allow an application     with a certain integrity level to execute code at a     different integrity level. The update addresses the     vulnerability by correcting how Microsoft storage     validates an integrity-level check. (CVE-2017-11818)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.
    (CVE-2017-11771)

  - An information disclosure vulnerability exists in the     way that the Windows SMB Server handles certain     requests. An authenticated attacker who successfully     exploited this vulnerability could craft a special     packet, which could lead to information disclosure from     the server.  (CVE-2017-11815)

  - A denial of service vulnerability exists in the     Microsoft Server Block Message (SMB) when an attacker     sends specially crafted requests to the server. An     attacker who exploited this vulnerability could cause     the affected system to crash. To attempt to exploit this     issue, an attacker would need to send specially crafted     SMB requests to the target system. Note that the denial     of service vulnerability would not allow an attacker to     execute code or to elevate their user rights, but it     could cause the affected system to stop accepting     requests. The security update addresses the     vulnerability by correcting the manner in which SMB     handles specially crafted client requests.
    (CVE-2017-11781)

  - An elevation of privilege vulnerability exists when the     Windows kernel-mode driver fails to properly handle     objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2017-8689, CVE-2017-8694)

  - A remote code execution vulnerability exists in the way     that the Microsoft Server Message Block 1.0 (SMBv1)     server handles certain requests. An attacker who     successfully exploited the vulnerability could gain the     ability to execute code on the target server.
    (CVE-2017-11780)

  - An information disclosure vulnerability exists when the     Microsoft Windows Graphics Component improperly handles     objects in memory. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2017-8693)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2017-11816)

  - A remote code execution vulnerability exists in the way     the scripting engine handle objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-11809)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2017-11785)

  - A remote code execution vulnerability exists in the way     that certain Windows components handle the loading of     DLL files. An attacker who successfully exploited this     vulnerability could take complete control of an affected     system. An attacker could then install programs; view,     change, or delete data; or create new accounts with full     user rights.  (CVE-2017-11769)

  - A remote code execution vulnerability exists in the way     affected Microsoft scripting engines render when     handling objects in memory in Microsoft Edge. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2017-8726)

  - An information disclosure vulnerability exists when     Internet Explorer improperly handles objects in memory.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11790)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11822)

  - A spoofing vulnerability exists in the Windows     implementation of wireless networking. An attacker who     successfully exploited this vulnerability could     potentially replay broadcast and/or multicast traffic     to hosts on a WPA or WPA 2-protected wireless network.
    (CVE-2017-13080)

The remote Windows host is missing security update 4041676.
It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11765, CVE-2017-11814)

  - An elevation of privilege vulnerability exists when the     Windows Update Delivery Optimization does not properly     enforce file share permissions. An attacker who     successfully exploited the vulnerability could overwrite     files that require higher privileges than what the     attacker already has.  (CVE-2017-11829)

  - A remote code execution vulnerability exists when the     Windows font library improperly handles specially     crafted embedded fonts. An attacker who successfully     exploited the vulnerability could take control of the     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2017-11762,     CVE-2017-11763)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11792,     CVE-2017-11796, CVE-2017-11798, CVE-2017-11799,     CVE-2017-11802, CVE-2017-11804, CVE-2017-11805,     CVE-2017-11806, CVE-2017-11807, CVE-2017-11808,     CVE-2017-11811, CVE-2017-11812, CVE-2017-11821)

  - An elevation of privilege vulnerability exists when     Windows improperly handles calls to Advanced Local     Procedure Call (ALPC). An attacker who successfully     exploited this vulnerability could run arbitrary code in     the security context of the local system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-11783)

  - A remote code execution vulnerability     exists in Windows Domain Name System (DNS) DNSAPI.dll     when it fails to properly handle DNS responses. An     attacker who successfully exploited the vulnerability     could run arbitrary code in the context of the Local     System Account.  (CVE-2017-11779)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2017-8717,     CVE-2017-8718)

  - A security feature bypass vulnerability exists in Device     Guard that could allow an attacker to inject malicious     code into a Windows PowerShell session. An attacker who     successfully exploited this vulnerability could inject     code into a trusted PowerShell process to bypass the     Device Guard Code Integrity policy on the local machine.
    (CVE-2017-11823, CVE-2017-8715)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2017-11817)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-11793, CVE-2017-11810)

  - An Information disclosure vulnerability exists when     Windows Search improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11772)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11794)

  - An elevation of privilege vulnerability exists when the     Windows Graphics Component improperly handles objects in     memory. An attacker who successfully exploited this     vulnerability could run processes in an elevated     context.  (CVE-2017-11824)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory     via the Microsoft Windows Text Services Framework. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2017-8727)

  - An Security Feature bypass vulnerability exists in     Microsoft Windows storage when it fails to validate an     integrity-level check. An attacker who successfully     exploited the vulnerability could allow an application     with a certain integrity level to execute code at a     different integrity level. The update addresses the     vulnerability by correcting how Microsoft storage     validates an integrity-level check. (CVE-2017-11818)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.
    (CVE-2017-11771)

  - An information disclosure vulnerability exists in the     way that the Windows SMB Server handles certain     requests. An authenticated attacker who successfully     exploited this vulnerability could craft a special     packet, which could lead to information disclosure from     the server.  (CVE-2017-11815)

  - A denial of service vulnerability exists in the     Microsoft Server Block Message (SMB) when an attacker     sends specially crafted requests to the server. An     attacker who exploited this vulnerability could cause     the affected system to crash. To attempt to exploit this     issue, an attacker would need to send specially crafted     SMB requests to the target system. Note that the denial     of service vulnerability would not allow an attacker to     execute code or to elevate their user rights, but it     could cause the affected system to stop accepting     requests. The security update addresses the     vulnerability by correcting the manner in which SMB     handles specially crafted client requests.
    (CVE-2017-11781)

  - An elevation of privilege vulnerability exists when the     Windows kernel-mode driver fails to properly handle     objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2017-8689, CVE-2017-8694)

  - A remote code execution vulnerability exists in the way     that the Microsoft Server Message Block 1.0 (SMBv1)     server handles certain requests. An attacker who     successfully exploited the vulnerability could gain the     ability to execute code on the target server.
    (CVE-2017-11780)

  - An information disclosure vulnerability exists when the     Microsoft Windows Graphics Component improperly handles     objects in memory. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2017-8693)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2017-11816)

  - A remote code execution vulnerability exists in the way     the scripting engine handle objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-11809)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2017-11785)

  - A denial of service vulnerability exists when Windows     Subsystem for Linux improperly handles objects in     memory. An attacker who successfully exploited this     vulnerability could cause a denial of service against     the local system. A attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how Windows Subsystem for Linux handles     objects in memory. (CVE-2017-8703)

  - A remote code execution vulnerability exists in the way     that certain Windows components handle the loading of     DLL files. An attacker who successfully exploited this     vulnerability could take complete control of an affected     system. An attacker could then install programs; view,     change, or delete data; or create new accounts with full     user rights.  (CVE-2017-11769)

  - A remote code execution vulnerability exists in the way     affected Microsoft scripting engines render when     handling objects in memory in Microsoft Edge. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2017-8726)

  - An information disclosure vulnerability exists when     Internet Explorer improperly handles objects in memory.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11790)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11822)

  - A spoofing vulnerability exists in the Windows     implementation of wireless networking. An attacker who     successfully exploited this vulnerability could     potentially replay broadcast and/or multicast traffic     to hosts on a WPA or WPA 2-protected wireless network.
    (CVE-2017-13080)

ID	Name	Product	Family	Severity
103749	KB4041691: Windows 10 Version 1607 and Windows Server 2016 October 2017 Cumulative Update (KRACK)	Nessus	Windows : Microsoft Bulletins	critical
103745	KB4041676: Windows 10 Version 1703 October 2017 Cumulative Update (KRACK)	Nessus	Windows : Microsoft Bulletins	critical

CVE-2017-11829

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins