Windows 7 and Windows Server 2008 R2 May 2017 Security Updates

high Nessus Plugin ID 100058

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4019263 or cumulative update 4019264. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)

- An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0175)

- An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)

- An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)

- An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0220)

- A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)

- A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.
(CVE-2017-0231)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0267)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0268)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0269)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0270)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0271)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0272)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0273)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0274)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0275)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0276)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0277)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0278)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0279)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0280)

- An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)

Solution

Apply Security Only update KB4019263 or Cumulative update KB4019264.

See Also

http://www.nessus.org/u?89dd1a9e

Plugin Details

Severity: High

ID: 100058

File Name: smb_nt_ms17_may_4019264.nasl

Version: 1.17

Type: local

Agent: windows

Published: 5/9/2017

Updated: 3/29/2022

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-0272

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2017

Vulnerability Publication Date: 5/9/2017

CISA Known Exploited Vulnerability Due Dates: 4/18/2022, 8/25/2022

Exploitable With

Core Impact

Reference Information

CVE: CVE-2017-0171, CVE-2017-0175, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0222, CVE-2017-0231, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280, CVE-2017-8552

BID: 98097, 98102, 98103, 98110, 98111, 98127, 98173, 98259, 98260, 98261, 98263, 98264, 98265, 98266, 98267, 98268, 98270, 98271, 98272, 98273, 98274

IAVA: 2017-A-0148

MSFT: MS17-4019263, MS17-4019264

MSKB: 4019263, 4019264