100090

1039096

https://fortiguard.com/zeroday/FG-VD-17-142

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8691

The remote Windows host is missing multiple security updates released on 2017/08/08. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when Microsoft Windows     improperly handles NetBIOS packets. An attacker who successfully     exploited this vulnerability could cause a target computer to     become completely unresponsive. A remote unauthenticated attacker     could exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent denial of     service condition. The update addresses the vulnerability by     correcting how the Windows network stack handles NetBIOS traffic.
    (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft JET     Database Engine that could allow remote code execution on an     affected system. An attacker who successfully exploited this     vulnerability could take complete control of an affected system.
    An attacker could then install programs; view, change, or delete     data; or create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the system     could be less impacted than users who operate with administrative     user rights. Exploitation of this vulnerability requires that a     user open or preview a specially crafted database file while using     an affected version of Microsoft Windows. In an email attack     scenario, an attacker could exploit the vulnerability by sending a     specially crafted database file to the user and then convincing     the user to open the file. The update addresses the vulnerability     by modifying how the Microsoft JET Database Engine handles objects     in memory. (CVE-2017-0250)

  - An information disclosure vulnerability exists when the Windows     kernel fails to properly initialize a memory address, allowing an     attacker to retrieve information that could lead to a Kernel Address     Space Layout Randomization (KASLR) bypass. (CVE-2017-0299)

  - An elevation of privilege vulnerability exists in Windows when the     Win32k component fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability could run     arbitrary code in kernel mode. An attacker could then install     programs; view, change, or delete data; or create new accounts     with full user rights. To exploit this vulnerability, an attacker     would first have to log on to the system. An attacker could then     run a specially crafted application that could exploit the     vulnerability and take control of an affected system. The update     addresses this vulnerability by correcting how Win32k handles     objects in memory. (CVE-2017-8593)

  - A remote code execution vulnerability exists when Windows Search     handles objects in memory. An attacker who successfully exploited     this vulnerability could take control of the affected system. An     attacker could then install programs; view, change, or delete     data; or create new accounts with full user rights. To exploit the     vulnerability, the attacker could send specially crafted messages     to the Windows Search service. An attacker with access to a target     computer could exploit this vulnerability to elevate privileges     and take control of the computer. Additionally, in an enterprise     scenario, a remote unauthenticated attacker could remotely trigger     the vulnerability through an SMB connection and then take control     of a target computer. The security update addresses the     vulnerability by correcting how Windows Search handles objects in     memory. (CVE-2017-8620)

  - An elevation of privilege vulnerability exists when the Windows     Common Log File System (CLFS) driver improperly handles objects in     memory. In a local attack scenario, an attacker could exploit this     vulnerability by running a specially crafted application to take     control of the affected system. An attacker who successfully     exploited this vulnerability could run processes in an elevated     context. The update addresses the vulnerability by correcting how     CLFS handles objects in memory. Note: The Common Log File System     (CLFS) is a high-performance, general-purpose log file subsystem     that dedicated client applications can use and multiple clients     can share to optimize log access. (CVE-2017-8624)

  - This security update resolves a vulnerability in Windows Error     Reporting (WER). The vulnerability could allow elevation of     privilege if successfully exploited by an attacker. An attacker     who successfully exploited this vulnerability could gain greater     access to sensitive information and system functionality. This     update corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way that     Microsoft browser JavaScript engines render content when     handling objects in memory. The vulnerability could corrupt     memory in such a way that an attacker could execute arbitrary     code in the context of the current user. (CVE-2017-8636)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in memory     in Microsoft browsers. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary code in     the context of the current user. An attacker who successfully     exploited the vulnerability could gain the same user rights as     the current user. If the current user is logged on with     administrative user rights, an attacker who successfully exploited     the vulnerability could take control of an affected system. An     attacker could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-8641)

  - A remote code execution vulnerability exists when Internet     Explorer improperly accesses objects in memory. The vulnerability     could corrupt memory in such a way that an attacker could execute     arbitrary code in the context of the current user.
    (CVE-2017-8651)

  - A remote code execution vulnerability exists when Microsoft     browsers improperly access objects in memory. The vulnerability     could corrupt memory in such a way that enables an attacker to     execute arbitrary code in the context of the current user.
    (CVE-2017-8653)

  - An information disclosure vulnerability exists when the win32k     component improperly provides kernel information. An attacker     who successfully exploited the vulnerability could obtain     information to further compromise the user's system.
    (CVE-2017-8666)

  - An information disclosure vulnerability exists when the Volume     Manager Extension Drivercomponent improperly provides kernel     information. An attacker who successfully exploited the     vulnerability could obtain information to further compromise the     users system. To exploit this vulnerability, an attacker would     have to log on to an affected system and run a specially crafted     application. The security update addresses the vulnerability by     correcting how Volume Manager Extension Driver handles objects in     memory. (CVE-2017-8668)

  - A remote code execution vulnerability exists when the Windows font     library improperly handles specially crafted embedded fonts. An     attacker who successfully exploited this vulnerability     would gain code execution on the target system. Users whose     accounts are configured to have fewer user rights on the system     could be less impacted than users who operate with administrative     user rights. There are multiple ways an attacker could exploit the     vulnerability: In a web-based attack scenario, an attacker could     host a specially crafted website that is designed to exploit the     vulnerability and then convince users to view the website. An     attacker would have no way to force users to view the     attacker-controlled content. Instead, an attacker would have to     convince users to take action, typically by getting them to click     a link in an email or Instant Messenger message that takes users     to the attacker's website, or by opening an attachment sent     through email. In a file sharing attack scenario, an attacker     could provide a specially crafted document file that is designed     to exploit the vulnerability, and then convince users to open the     document file. The security update addresses the vulnerability by     correcting how the Windows font library handles embedded fonts.
    (CVE-2017-8691)

The remote Windows host is missing security update 4034679 or cumulative update 4034664. It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when Microsoft     Windows improperly handles NetBIOS packets. An attacker     who successfully exploited this vulnerability could     cause a target computer to become completely     unresponsive. A remote unauthenticated attacker could     exploit this vulnerability by sending a series of TCP     packets to a target system, resulting in a permanent     denial of service condition. The update addresses the     vulnerability by correcting how the Windows network     stack handles NetBIOS traffic. (CVE-2017-0174)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     complete control of an affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2017-0250)

  - A remote code execution vulnerability exists when     Microsoft Windows PDF Library improperly handles objects     in memory. The vulnerability could corrupt memory in a     way that enables an attacker to execute arbitrary code     in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-0293)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights. (CVE-2017-8593)

  - A remote code execution vulnerability exists when     Windows Search handles objects in memory. An attacker     who successfully exploited this vulnerability could take     control of the affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights.To exploit the     vulnerability, the attacker could send specially crafted     messages to the Windows Search service. An attacker with     access to a target computer could exploit this     vulnerability to elevate privileges and take control of     the computer. Additionally, in an enterprise scenario, a     remote unauthenticated attacker could remotely trigger     the vulnerability through an SMB connection and then     take control of a target computer.The security update     addresses the vulnerability by correcting how Windows     Search handles objects in memory. (CVE-2017-8620)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. (CVE-2017-8624)

  - This security update resolves a vulnerability in Windows     Error Reporting (WER). The vulnerability could allow     elevation of privilege if successfully exploited by an     attacker. An attacker who successfully exploited this     vulnerability could gain greater access to sensitive     information and system functionality. This update     corrects the way the WER handles and executes files.
    (CVE-2017-8633)

  - A remote code execution vulnerability exists in the way     that Microsoft browser JavaScript engines render content     when handling objects in memory. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. (CVE-2017-8636)

  - A remote code execution vulnerability exists in the way     JavaScript engines render when handling objects in     memory in Microsoft browsers. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user. (CVE-2017-8641)

  - A remote code execution vulnerability exists when     Microsoft browsers improperly access objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user. (CVE-2017-8653)

  - An information disclosure vulnerability exists when the     win32k component improperly provides kernel information.
    An attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system. (CVE-2017-8666)

  - An information disclosure vulnerability exists when the     Volume Manager Extension Driver component improperly     provides kernel information. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.To     exploit this vulnerability, an attacker would have to     log on to an affected system and run a specially crafted     application.The security update addresses the     vulnerability by correcting how Volume Manager Extension     Driver handles objects in memory. (CVE-2017-8668)

  - A remote code execution vulnerability exists when the     Windows font library improperly handles specially     crafted embedded fonts. An attacker who successfully     exploits exploited this vulnerability would gain code     execution on the target system. (CVE-2017-8691)

ID	Name	Product	Family	Severity
102273	Windows 2008 August 2017 Multiple Security Updates	Nessus	Windows : Microsoft Bulletins	high
102267	Windows 7 and Windows Server 2008 R2 August 2017 Security Updates	Nessus	Windows : Microsoft Bulletins	high

CVE-2017-8691

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high