KB4019215: Windows 8.1 and Windows Server 2012 R2 May 2017 Cumulative Update

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host is missing security update KB4019215. It is,
therefore, affected by multiple vulnerabilities :

- A security bypass vulnerability exists in Internet
Explorer due to an unspecified flaw. An unauthenticated,
remote attacker can exploit this, by convincing a user
to visit a specially crafted website, to bypass mixed
content warnings and load insecure content (HTTP) from
secure locations (HTTPS). (CVE-2017-0064)

- An elevation of privilege vulnerability exists in
Windows in the Microsoft DirectX graphics kernel
subsystem (dxgkrnl.sys) due to improper handling of
objects in memory. A local attacker can exploit this,
via a specially crafted application, to execute
arbitrary code in an elevated context. (CVE-2017-0077)

- A denial of service vulnerability exists in the Windows
DNS server when it's configured to answer version
queries. An unauthenticated, remote attacker can exploit
this, via a malicious DNS query, to cause the DNS server
to become nonresponsive. (CVE-2017-0171)

- An information disclosure vulnerability exists in the
Windows Graphics Device Interface (GDI) due to improper
handling of objects in memory. A local attacker can
exploit this, via a specially crafted application, to
disclose sensitive information. (CVE-2017-0190)

- An elevation of privilege vulnerability exists in the
Windows COM Aggregate Marshaler due to an unspecified
flaw. A local attacker can exploit this, via a specially
crafted application, to execute arbitrary code with
elevated privileges. (CVE-2017-0213)

- An elevation of privilege vulnerability exists in
Windows due to improper validation of user-supplied
input when loading type libraries. A local attacker can
exploit this, via a specially crafted application, to
gain elevated privileges. (CVE-2017-0214)

- A remote code execution vulnerability exists in
Microsoft Internet Explorer due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website, to execute arbitrary code in
the context of the current user. (CVE-2017-0222)

- A remote code execution vulnerability exists in
Microsoft Internet Explorer due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website, to execute arbitrary code in
the context of the current user. (CVE-2017-0226)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory. An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website
or open a specially crafted Microsoft Office document,
to execute arbitrary code in the context of the current
user. (CVE-2017-0228)

- A spoofing vulnerability exists in Microsoft browsers
due to improper rendering of the SmartScreen filter. An
unauthenticated, remote attacker can exploit this, via a
specially crafted URL, to redirect users to a malicious
website that appears to be a legitimate website.
(CVE-2017-0231)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript scripting engines
due to improper handling of objects in memory. An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website
or open a specially crafted Office document, to
execute arbitrary code in the context of the current
user. (CVE-2017-0238)

- An elevation of privilege vulnerability exists in the
win32k component due to improper handling of objects in
memory. A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions. Note that an attacker can
also cause a denial of service condition on Windows 7
x64 or later systems. (CVE-2017-0246)

- A security bypass vulnerability exists in the Microsoft
.NET Framework and .NET Core components due to a failure
to completely validate certificates. An attacker can
exploit this to present a certificate that is marked
invalid for a specific use, but the component uses it
for that purpose, resulting in a bypass of the Enhanced
Key Usage taggings. (CVE-2017-0248)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory. A local attacker can exploit this, via a
specially crafted application, to disclose sensitive
information. (CVE-2017-0258)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory. A local attacker can exploit this, via a
specially crafted application, to disclose sensitive
information. (CVE-2017-0259)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory. A local attacker can exploit this,
via a specially crafted application, to run arbitrary
code in kernel mode. (CVE-2017-0263)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0267)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0268)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0269)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0270)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0271)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0272)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0273)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0274)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0275)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0276)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0277)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0278)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0279)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0280)

See also :

http://www.nessus.org/u?09cc032f

Solution :

Apply security update KB4019215.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true