KB4019264: Windows 7 and Windows 2008 R2 May 2017 Cumulative Update

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host is missing security update KB4019264. It is,
therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists in the Windows
DNS server when it's configured to answer version
queries. An unauthenticated, remote attacker can exploit
this, via a malicious DNS query, to cause the DNS server
to become nonresponsive. (CVE-2017-0171)

- An information disclosure vulnerability exists in the
Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this, via a
specially crafted application, to disclose sensitive
information. (CVE-2017-0175)

- An elevation of privilege vulnerability exists in the
Windows COM Aggregate Marshaler due to an unspecified
flaw. A local attacker can exploit this, via a specially
crafted application, to execute arbitrary code with
elevated privileges. (CVE-2017-0213)

- An elevation of privilege vulnerability exists in
Windows due to improper validation of user-supplied
input when loading type libraries. A local attacker can
exploit this, via a specially crafted application, to
gain elevated privileges. (CVE-2017-0214)

- An information disclosure vulnerability exists in the
Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this, via a
specially crafted application, to disclose sensitive
information. (CVE-2017-0220)

- A remote code execution vulnerability exists in
Microsoft Internet Explorer due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website, to execute arbitrary code in
the context of the current user. (CVE-2017-0222)

- A spoofing vulnerability exists in Microsoft browsers
due to improper rendering of the SmartScreen filter. An
unauthenticated, remote attacker can exploit this, via a
specially crafted URL, to redirect users to a malicious
website that appears to be a legitimate website.
(CVE-2017-0231)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0267)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0268)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0269)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0270)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0271)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0272)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0273)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0274)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0275)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0276)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0277)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0278)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0279)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0280)

- An information disclosure vulnerability exists in the
GDI component due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
document or visit a specially crafted website, to
disclose the contents of memory. (CVE-2017-8552)

See also :

http://www.nessus.org/u?89dd1a9e

Solution :

Apply security update KB4019264.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true