KB4022724: Windows Server 2012 Standard June 2017 Cumulative Update

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host is missing security update KB4022724. It is,
therefore, affected by the following vulnerabilities :

- An elevation of privilege vulnerability exists in
Windows Hyper-V instruction emulation due to a failure
to properly enforce privilege levels. An attacker on a
guest operating system can exploit this to gain elevated
privileges on the guest. Note that the host operating
system is not vulnerable. (CVE-2017-0193)

- Multiple information disclosure vulnerabilities exist in
Windows Uniscribe due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit
these, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory. (CVE-2017-0282,
CVE-2017-0284, CVE-2017-0285)

- Multiple remote code execution vulnerabilities exist in
Windows Uniscribe due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit
these, by convincing a user to visit a specially crafted
website or open a specially crafted document, to execute
arbitrary code in the context of the current user.
(CVE-2017-0283, CVE-2017-8528)

- Multiple information disclosure vulnerabilities exist in
the Windows GDI component due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit these, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287, CVE-2017-0288, CVE-2017-0289,
CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)

- Multiple remote code execution vulnerabilities exist in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit these,
by convincing a user to open a specially crafted PDF
file, to execute arbitrary code in the context of the
current user. (CVE-2017-0291, CVE-2017-0292)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files. An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user. (CVE-2017-0294)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it. A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions. (CVE-2017-0297)

- An elevation of privilege vulnerability exists in the
DCOM object in Helppane.exe, when configured to run as
the interactive user, due to a failure to properly
authenticate the client. An authenticated, remote
attacker can exploit this, via a specially crafted
application, to run arbitrary code in another user's
session after that user has logged on to the same system
using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- Multiple information disclosure vulnerabilities exist in
the Windows kernel due to improper initialization of
objects in memory. An authenticated, remote attacker can
exploit these, via a specially crafted application, to
disclose the base address of the kernel driver.
(CVE-2017-0299, CVE-2017-0300, CVE-2017-8462)

- An information disclosure vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to disclose the contents of memory. (CVE-2017-8460)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts. An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user. (CVE-2017-8464)

- Multiple information disclosure vulnerabilities exist in
the Windows kernel due to improper initialization of
objects in memory. An authenticated, remote attacker can
exploit these, via a specially crafted application, to
disclose sensitive information. (CVE-2017-8469,
CVE-2017-8470, CVE-2017-8471, CVE-2017-8472,
CVE-2017-8473, CVE-2017-8474, CVE-2017-8475,
CVE-2017-8476, CVE-2017-8477, CVE-2017-8478,
CVE-2017-8479, CVE-2017-8480, CVE-2017-8481,
CVE-2017-8482, CVE-2017-8483, CVE-2017-8484,
CVE-2017-8485, CVE-2017-8488, CVE-2017-8489,
CVE-2017-8490, CVE-2017-8491, CVE-2017-8492)

- Multiple remote code execution vulnerabilities exist in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory. An
unauthenticated, remote attacker can exploit these, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user. (CVE-2017-8517, CVE-2017-8522)

- Multiple remote code execution vulnerabilities exist in
Internet Explorer due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit
these, by convincing a user to visit a specially crafted
website, to execute arbitrary code in the context of the
current user. (CVE-2017-8519, CVE-2017-8547)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts. An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user. (CVE-2017-8527)

- An information disclosure vulnerability exists in
Microsoft browsers in the scripting engines due to
improper handling of objects in memory. An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to disclose files on a user's computer. (CVE-2017-8529)*

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code. (CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information. (CVE-2017-8544)

- Multiple information disclosure vulnerabilities exist in
the Windows kernel due to improper handling of objects
in memory. An authenticated, remote attacker can exploit
these, via a specially crafted application, to disclose
the contents of memory. (CVE-2017-8553, CVE-2017-8554)

* note that a registry value must be added to enable the
fix for CVE-2017-8529. if the patch is installed but
not enabled, the registry key needed will be detailed
in the output below.

See also :

http://www.nessus.org/u?4a3cabfc
http://www.nessus.org/u?fcd66520

Solution :

Apply security update KB4022724.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true