MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083)

high Nessus Plugin ID 97738

Synopsis

The remote Windows host is affected multiple elevation of privilege vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.

See Also

https://technet.microsoft.com/library/security/ms17-018

Plugin Details

Severity: High

ID: 97738

File Name: smb_nt_ms17-018.nasl

Version: 1.8

Type: local

Agent: windows

Published: 3/15/2017

Updated: 7/30/2018

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/14/2017

Vulnerability Publication Date: 3/14/2017

Reference Information

CVE: CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082

BID: 96029, 96032, 96630, 96631, 96632, 96633, 96634, 96635

MSFT: MS17-018

MSKB: 4012497, 4012212, 4012213, 4012214, 4012215, 4012216, 4012217, 4012606, 4013198, 4013429

IAVA: 2017-A-0069