Windows 8 June 2017 Security Updates

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows 8 host is missing a security update. It is,
therefore, affected by the following vulnerabilities :

- A remote code execution vulnerability exists in
Microsoft Internet Explorer due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website, to execute arbitrary code in
the context of the current user. (CVE-2017-0222)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0267)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts. An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user. (CVE-2017-8464)

- A remote code execution vulnerability exists in Windows
OLE due to improper validation of user-supplied input.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website or
to open a specially crafted file or email message, to
execute arbitrary code in the context of the current
user. (CVE-2017-8487)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code. (CVE-2017-8543)

See also :

https://support.microsoft.com/en-us/help/4012598/title
http://www.nessus.org/u?ba79a274
http://www.nessus.org/u?d15161da
http://www.nessus.org/u?00067ec3
http://www.nessus.org/u?5470f743

Solution :

Microsoft has released emergency patches for Windows 8. Apply security
updates KB4022839, KB4019623, and KB4018271

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 100788 ()

Bugtraq ID: 98127
98259
98818
98824
99013

CVE ID: CVE-2017-0222
CVE-2017-0267
CVE-2017-8464
CVE-2017-8487
CVE-2017-8543

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now