Microsoft Security Advisory 4025685: Windows Vista (June 2017)

Critical Nessus Plugin ID 100785

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows Vista host is missing a security update. It is, therefore, affected by the following vulnerabilities :

- A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)

- Multiple information disclosure vulnerabilities exist in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit these, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276)

- Multiple denial of service vulnerabilities exist in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit these, via a crafted SMB request, to cause the system to stop responding. (CVE-2017-0269, CVE-2017-0273, CVE-2017-0280)

- Multiple remote code execution vulnerabilities exist in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit these, via a specially crafted packet, to execute arbitrary code on a target server. (CVE-2017-0272, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279)

- A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)

- A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)

- An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)

Solution

Microsoft has released a set of patches for Windows Vista.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2017/4025685

http://www.nessus.org/u?a0780816

Plugin Details

Severity: Critical

ID: 100785

File Name: smb_nt_ms17_jun_4025685_vista.nasl

Version: 1.11

Type: local

Agent: windows

Published: 2017/06/14

Updated: 2018/11/15

Dependencies: 13855, 57033, 93962

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/06/13

Vulnerability Publication Date: 2017/05/09

Exploitable With

CANVAS (CANVAS)

Metasploit (LNK Code Execution Vulnerability)

Reference Information

CVE: CVE-2017-0222, CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271, CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276, CVE-2017-0277, CVE-2017-0278, CVE-2017-0279, CVE-2017-0280, CVE-2017-8464, CVE-2017-8543, CVE-2017-8552

BID: 98127, 98259, 98260, 98261, 98263, 98264, 98265, 98266, 98267, 98268, 98270, 98271, 98272, 98273, 98274, 98818, 98824, 99035

MSKB: 4018271, 4018466, 4019204, 4021903, 4024402

MSFT: MS17-4018271, MS17-4018466, MS17-4019204, MS17-4021903, MS17-4024402