Windows 8.1 and Windows Server 2012 R2 May 2017 Security Updates

Critical Nessus Plugin ID 100057

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4019213 or cumulative update 4019215. It is, therefore, affected by multiple vulnerabilities :

- A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)

- An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)

- A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)

- An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)

- An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)

- An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)

- A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)

- A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)

- A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)

- A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.
(CVE-2017-0231)

- A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)

- An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)

- A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)

- An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)

- An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)

- An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0267)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0268)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0269)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0270)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0271)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0272)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0273)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0274)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0275)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0276)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0277)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0278)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0279)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0280)

Solution

Apply Security Only update KB4019213 or Cumulative update KB4019215.

See Also

http://www.nessus.org/u?09cc032f

Plugin Details

Severity: Critical

ID: 100057

File Name: smb_nt_ms17_may_4019215.nasl

Version: 1.13

Type: local

Agent: windows

Published: 2017/05/09

Updated: 2018/07/30

Dependencies: 93962, 13855, 57033

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/05/09

Vulnerability Publication Date: 2017/05/09

Exploitable With

Core Impact

Reference Information

CVE: CVE-2017-0064, CVE-2017-0077, CVE-2017-0171, CVE-2017-0190, CVE-2017-0213, CVE-2017-0214, CVE-2017-0222, CVE-2017-0226, CVE-2017-0228, CVE-2017-0231, CVE-2017-0238, CVE-2017-0246, CVE-2017-0248, CVE-2017-0258, CVE-2017-0259, CVE-2017-0263, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280

BID: 98097, 98102, 98103, 98108, 98112, 98113, 98114, 98117, 98121, 98127, 98139, 98164, 98173, 98237, 98258, 98259, 98260, 98261, 98263, 98264, 98265, 98266, 98267, 98268, 98270, 98271, 98272, 98273, 98274, 98298

MSKB: 4019215, 4019213

MSFT: MS17-4019215, MS17-4019213

IAVA: 2017-A-0148