MS17-012: Security Update for Microsoft Windows (4013078)

high Nessus Plugin ID 97743
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Windows host is affected multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in Device Guard due to improper validation of certain elements in a signed PowerShell script. An unauthenticated, remote attacker can exploit this vulnerability to modify the contents of a PowerShell script without invalidating the signature associated with the file, allowing the execution of a malicious script. (CVE-2017-0007)

- A denial of service vulnerability exists in the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client implementations due to improper handling of certain requests sent to the client. An unauthenticated, remote attacker can exploit this issue, via a malicious SMB server, to cause the system to stop responding until it is manually restarted. (CVE-2017-0016)

- A remote code execution vulnerability exists due to using an insecure path to load certain dynamic link library (DLL) files. A local attacker can exploit this, via a specially crafted library placed in the path, to execute arbitrary code. (CVE-2017-0039)

- An information disclosure vulnerability exists in Windows dnsclient due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to gain access to sensitive information on a targeted workstation. If the target is a server, the attacker can also exploit this issue by tricking the server into sending a DNS query to a malicious DNS server. (CVE-2017-0057)

- An elevation of privilege vulnerability exists in Helppane.exe due to a failure by an unspecified DCOM object, configured to run as the interactive user, to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in another user's session. (CVE-2017-0100)

- An integer overflow condition exists in the iSNS Server service due to improper validation of input from the client. An unauthenticated, remote attacker can exploit this issue, via a specially crafted application that connects and issues requests to the iSNS server, to execute arbitrary code in the context of the SYSTEM account. (CVE-2017-0104)

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-012

Plugin Details

Severity: High

ID: 97743

File Name: smb_nt_ms17-012.nasl

Version: 1.12

Type: local

Agent: windows

Published: 3/15/2017

Updated: 11/13/2019

Dependencies: smb_hotfixes.nasl, ms_bulletin_checks_possible.nasl, smb_check_rollup.nasl

Risk Information

CVSS Score Source: CVE-2017-0104

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/14/2017

Vulnerability Publication Date: 2/1/2017

Reference Information

CVE: CVE-2017-0007, CVE-2017-0016, CVE-2017-0039, CVE-2017-0057, CVE-2017-0100, CVE-2017-0104

BID: 95969, 96018, 96024, 96695, 96697, 96700

CERT: 867968

IAVA: 2017-A-0070

MSFT: MS17-012

MSKB: 3217587, 4012021, 4012212, 4012215, 4012213, 4012216, 4012214, 4012217, 4012606, 4013198