101750

1039801

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874

The remote Windows host is missing security update 4048955.
It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11827,     CVE-2017-11858)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,     CVE-2017-11846)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11803, CVE-2017-11844)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11855,     CVE-2017-11856, CVE-2017-11869)

  - An information vulnerability exists when Windows Media     Player improperly discloses file information. Successful     exploitation of the vulnerability could allow the     attacker to test for the presence of files on disk.
    (CVE-2017-11768)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Internet Explorer. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.
    (CVE-2017-11834)

  - A security feature bypass vulnerability exists in     Microsoft Edge when the Edge Content Security Policy     (CSP) fails to properly validate certain specially     crafted documents. An attacker who exploited the bypass     could trick a user into loading a page containing     malicious content.  (CVE-2017-11863)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2017-11880)

  - A Win32k information disclosure vulnerability exists     when the Windows GDI component improperly discloses     kernel memory addresses. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2017-11851)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11836,     CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,     CVE-2017-11861, CVE-2017-11862, CVE-2017-11866,     CVE-2017-11870, CVE-2017-11871, CVE-2017-11873)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft browsers. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.
    (CVE-2017-11791)

  - A security feature bypass vulnerability exists in     Microsoft Edge as a result of how memory is accessed in     code compiled by the Edge Just-In-Time (JIT) compiler     that allows Control Flow Guard (CFG) to be bypassed. By     itself, this CFG bypass vulnerability does not allow     arbitrary code execution. However, an attacker could use     the CFG bypass vulnerability in conjunction with another     vulnerability, such as a remote code execution     vulnerability, to run arbitrary code on a target system.
    (CVE-2017-11874)

  - A security feature bypass exists when Device Guard     incorrectly validates an untrusted file. An attacker who     successfully exploited this vulnerability could make an     unsigned file appear to be signed. Because Device Guard     relies on the signature to determine the file is non-     malicious, Device Guard could then allow a malicious     file to execute. In an attack scenario, an attacker     could make an untrusted file appear to be a trusted     file. The update addresses the vulnerability by     correcting how Device Guard handles untrusted files.
    (CVE-2017-11830)

  - An information disclosure vulnerability exists when     Internet Explorer improperly handles page content, which     could allow an attacker to detect the navigation of the     user leaving a maliciously crafted page.
    (CVE-2017-11848)

  - An information disclosure vulnerability exists when the     Windows kernel fails to properly initialize a memory     address. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2017-11831,     CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)

  - An information disclosure vulnerability exists when the     Microsoft Windows Graphics Component improperly handles     objects in memory. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2017-11850)

  - An information disclosure vulnerability exists in the     way that Microsoft Edge handles cross-origin requests.
    An attacker who successfully exploited this     vulnerability could determine the origin of all webpages     in the affected browser.  (CVE-2017-11833)

The remote Windows host is missing security update 4048954.
It is, therefore, affected by multiple vulnerabilities :

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles redirect requests. The     vulnerability allows Microsoft Edge to bypass Cross-     Origin Resource Sharing (CORS) redirect restrictions,     and to follow redirect requests that should otherwise be     ignored. An attacker who successfully exploited the     vulnerability could force the browser to send data that     would otherwise be restricted to a destination website     of the attacker's choice.  (CVE-2017-11872)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11836,     CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,     CVE-2017-11861, CVE-2017-11866, CVE-2017-11870,     CVE-2017-11871, CVE-2017-11873)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,     CVE-2017-11846)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2017-11803, CVE-2017-11844)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Internet Explorer. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.
    (CVE-2017-11834)

  - A security feature bypass vulnerability exists in     Microsoft Edge as a result of how memory is accessed in     code compiled by the Edge Just-In-Time (JIT) compiler     that allows Control Flow Guard (CFG) to be bypassed. By     itself, this CFG bypass vulnerability does not allow     arbitrary code execution. However, an attacker could use     the CFG bypass vulnerability in conjunction with another     vulnerability, such as a remote code execution     vulnerability, to run arbitrary code on a target system.
    (CVE-2017-11874)

  - An information vulnerability exists when Windows Media     Player improperly discloses file information. Successful     exploitation of the vulnerability could allow the     attacker to test for the presence of files on disk.
    (CVE-2017-11768)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11827,     CVE-2017-11858)

  - A security feature bypass vulnerability exists in     Microsoft Edge when the Edge Content Security Policy     (CSP) fails to properly validate certain specially     crafted documents. An attacker who exploited the bypass     could trick a user into loading a page containing     malicious content.  (CVE-2017-11863)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11855,     CVE-2017-11856, CVE-2017-11869)

  - An information disclosure vulnerability exists when the     Windows kernel improperly initializes objects in memory.
    (CVE-2017-11880)

  - A Win32k information disclosure vulnerability exists     when the Windows GDI component improperly discloses     kernel memory addresses. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2017-11851)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft browsers. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.
    (CVE-2017-11791)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2017-11847)

  - A security feature bypass exists when Device Guard     incorrectly validates an untrusted file. An attacker who     successfully exploited this vulnerability could make an     unsigned file appear to be signed. Because Device Guard     relies on the signature to determine the file is non-     malicious, Device Guard could then allow a malicious     file to execute. In an attack scenario, an attacker     could make an untrusted file appear to be a trusted     file. The update addresses the vulnerability by     correcting how Device Guard handles untrusted files.
    (CVE-2017-11830)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2017-11845)

  - An information disclosure vulnerability exists when the     Windows kernel fails to properly initialize a memory     address. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2017-11831,     CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)

  - A denial of service vulnerability exists when Windows     Search improperly handles objects in memory. An attacker     who successfully exploited the vulnerability could cause     a remote denial of service against a system.
    (CVE-2017-11788)

  - An information disclosure vulnerability exists when the     Microsoft Windows Graphics Component improperly handles     objects in memory. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2017-11850)

  - An information disclosure vulnerability exists in the     way that Microsoft Edge handles cross-origin requests.
    An attacker who successfully exploited this     vulnerability could determine the origin of all webpages     in the affected browser.  (CVE-2017-11833)

  - An information disclosure vulnerability exists when     Internet Explorer improperly handles page content, which     could allow an attacker to detect the navigation of the     user leaving a maliciously crafted page.
    (CVE-2017-11848)

ID	Name	Product	Family	Severity
104551	KB4048955: Windows 10 Version 1709 and Windows Server Version 1709 November 2017 Cumulative Update	Nessus	Windows : Microsoft Bulletins	high
104550	KB4048954: Windows 10 Version 1703 November 2017 Cumulative Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2017-11874

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins