Windows 2008 November 2017 Multiple Security Updates

High Nessus Plugin ID 104561

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing multiple security updates released on 2017/11/14. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2017-11880)
- An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2017-11832, CVE-2017-11835)
- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11847)
- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11831, CVE-2017-11849, CVE-2017-11853)
- A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
(CVE-2017-11788)
- A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11851, CVE-2017-11852)

Solution

Apply the following security updates :

- 4046184
- 4047211
- 4048968
- 4048970
- 4049164

See Also

http://www.nessus.org/u?93affd27

http://www.nessus.org/u?6ae2aa8e

http://www.nessus.org/u?8a4acc26

http://www.nessus.org/u?2b1232ba

http://www.nessus.org/u?fea3380b

Plugin Details

Severity: High

ID: 104561

File Name: smb_nt_ms17_nov_win2008.nasl

Version: 1.13

Type: local

Agent: windows

Published: 2017/11/14

Updated: 2019/11/12

Dependencies: 57033, 93962, 13855

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2017-11847

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/11/14

Vulnerability Publication Date: 2017/11/14

Reference Information

CVE: CVE-2017-11788, CVE-2017-11831, CVE-2017-11832, CVE-2017-11835, CVE-2017-11847, CVE-2017-11849, CVE-2017-11851, CVE-2017-11852, CVE-2017-11853, CVE-2017-11880

BID: 101711, 101721, 101726, 101729, 101736, 101739, 101755, 101762, 101763, 101764

MSKB: 4046184, 4047211, 4048968, 4048970, 4049164

MSFT: MS17-4046184, MS17-4047211, MS17-4048968, MS17-4048970, MS17-4049164