Windows 7 and Windows Server 2008 R2 May 2017 Security Updates

Critical Nessus Plugin ID 100058

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4019263
or cumulative update 4019264. It is, therefore, affected by
multiple vulnerabilities :

- A denial of service vulnerability exists in the Windows
DNS server when it's configured to answer version
queries. An unauthenticated, remote attacker can exploit
this, via a malicious DNS query, to cause the DNS server
to become nonresponsive. (CVE-2017-0171)

- An information disclosure vulnerability exists in the
Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this, via a
specially crafted application, to disclose sensitive
information. (CVE-2017-0175)

- An elevation of privilege vulnerability exists in the
Windows COM Aggregate Marshaler due to an unspecified
flaw. A local attacker can exploit this, via a specially
crafted application, to execute arbitrary code with
elevated privileges. (CVE-2017-0213)

- An elevation of privilege vulnerability exists in
Windows due to improper validation of user-supplied
input when loading type libraries. A local attacker can
exploit this, via a specially crafted application, to
gain elevated privileges. (CVE-2017-0214)

- An information disclosure vulnerability exists in the
Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this, via a
specially crafted application, to disclose sensitive
information. (CVE-2017-0220)

- A remote code execution vulnerability exists in
Microsoft Internet Explorer due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website, to execute arbitrary code in
the context of the current user. (CVE-2017-0222)

- A spoofing vulnerability exists in Microsoft browsers
due to improper rendering of the SmartScreen filter. An
unauthenticated, remote attacker can exploit this, via a
specially crafted URL, to redirect users to a malicious
website that appears to be a legitimate website.
(CVE-2017-0231)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0267)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0268)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0269)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0270)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0271)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0272)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0273)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0274)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0275)

- An information disclosure vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to disclose sensitive information.
(CVE-2017-0276)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0277)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0278)

- A remote code execution vulnerability exists in the
Microsoft Server Message Block 1.0 (SMBv1) server when
handling certain requests. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet, to execute arbitrary code on a target server.
(CVE-2017-0279)

- A denial of service vulnerability exists in Microsoft
Server Message Block (SMB) when handling a specially
crafted request to the server. An unauthenticated,
remote attacker can exploit this, via a crafted SMB
request, to cause the system to stop responding.
(CVE-2017-0280)

- An information disclosure vulnerability exists in the
GDI component due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
document or visit a specially crafted website, to
disclose the contents of memory. (CVE-2017-8552)

Solution

Apply Security Only update KB4019263 or Cumulative update KB4019264.

See Also

http://www.nessus.org/u?89dd1a9e

Plugin Details

Severity: Critical

ID: 100058

File Name: smb_nt_ms17_may_4019264.nasl

Version: 1.14

Type: local

Agent: windows

Published: 2017/05/09

Modified: 2018/07/30

Dependencies: 13855, 93962, 57033

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/05/09

Vulnerability Publication Date: 2017/05/09

Exploitable With

Core Impact

Reference Information

CVE: CVE-2017-0171, CVE-2017-0175, CVE-2017-0213, CVE-2017-0214, CVE-2017-0220, CVE-2017-0222, CVE-2017-0231, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280, CVE-2017-8552

BID: 98097, 98102, 98103, 98110, 98111, 98127, 98173, 98259, 98260, 98261, 98263, 98264, 98265, 98266, 98267, 98268, 98270, 98271, 98272, 98273, 98274

MSKB: 4019263, 4019264

MSFT: MS17-4019263, MS17-4019264

IAVA: 2017-A-0148