Windows 2008 June 2017 Multiple Security Updates

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host is missing multiple security updates. It is,
therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when
affected Microsoft browsers improperly handle objects
in memory. An attacker who successfully exploited the
vulnerability could obtain information to further
compromise the user's system. (CVE-2016-3326)

- An elevation of privilege vulnerability exists in
Windows Hyper-V instruction emulation due to a failure
to properly enforce privilege levels. An attacker on a
guest operating system can exploit this to gain elevated
privileges on the guest. Note that the host operating
system is not vulnerable. (CVE-2017-0193)

- A remote code execution vulnerability exists in
Microsoft Office due to improper validation of
user-supplied input before loading dynamic link library
(DLL) files. An unauthenticated, remote attacker can
exploit this, by convincing a user to open a specially
crafted file, to execute arbitrary code in the context
of the current user. (CVE-2017-0260)

- Multiple information disclosure vulnerabilities exist in
Windows Uniscribe due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit
these, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory. (CVE-2017-0282,
CVE-2017-0284, CVE-2017-0285, CVE-2017-8534)

- Multiple remote code execution vulnerabilities exist in
Windows Uniscribe software due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit these, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user. (CVE-2017-0283, CVE-2017-8528)

- Multiple information disclosure vulnerabilities exist in
the Windows GDI component due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit these, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287, CVE-2017-0288, CVE-2017-0289)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files. An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user. (CVE-2017-0294)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it. A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- Multiple information disclosure vulnerabilities exist in
the Windows kernel due to improper initialization of
objects in memory. An authenticated, remote attacker can
exploit these, via a specially crafted application, to
disclose the base address of the kernel driver.
(CVE-2017-0299, CVE-2017-0300, CVE-2017-8462,
CVE-2017-8485)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts. An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user. (CVE-2017-8464)

- Multiple information disclosure vulnerabilities exist in
the Windows kernel due to improper initialization of
objects in memory. An authenticated, remote attacker can
exploit these, via a specially crafted application, to
disclose sensitive information. (CVE-2017-8469,
CVE-2017-8470, CVE-2017-8471, CVE-2017-8472,
CVE-2017-8473, CVE-2017-8475, CVE-2017-8476,
CVE-2017-8477, CVE-2017-8478, CVE-2017-8479,
CVE-2017-8480, CVE-2017-8481, CVE-2017-8482,
CVE-2017-8483, CVE-2017-8484, CVE-2017-8488,
CVE-2017-8489, CVE-2017-8491, CVE-2017-8492)

- A remote code execution vulnerability exists in the way
JavaScript engines render when handling objects in memory
in Microsoft browsers. The vulnerability could corrupt
memory in such a way that an attacker could execute
arbitrary code in the context of the current user.
(CVE-2017-8517)

- A remote code execution vulnerability exists when Internet
Explorer improperly accesses objects in memory. This
vulnerability could corrupt memory in such a way that an
attacker could execute arbitrary code in the context of
the current user. (CVE-2017-8519)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts. An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user. (CVE-2017-8527)

- Multiple information disclosure vulnerabilities exist in
the Windows GDI component due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit these, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code. (CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information. (CVE-2017-8544)

- Multiple information disclosure vulnerabilities exist in
the Windows kernel due to improper handling of objects
in memory. An authenticated, remote attacker can exploit
these, via a specially crafted application, to disclose
the contents of memory. (CVE-2017-8553, CVE-2017-8554)

See also :

http://www.nessus.org/u?092d59db
http://www.nessus.org/u?254e31fd
http://www.nessus.org/u?f2d033c7
http://www.nessus.org/u?fc374e23
http://www.nessus.org/u?473a6578
http://www.nessus.org/u?1d418d6a
http://www.nessus.org/u?efcac01f
http://www.nessus.org/u?b34d26a1
http://www.nessus.org/u?1ee2f1c8
https://support.microsoft.com/en-us/help/4022884
http://www.nessus.org/u?c4944e33
http://www.nessus.org/u?eb6eea1d

Solution :

Apply the following security updates :

- KB3217845
- KB4018106
- KB4021558
- KB4021903
- KB4021923
- KB4022008
- KB4022010
- KB4022013
- KB4022883
- KB4022884
- KB4022887
- KB4024402

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true