Beschreibung
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, cause a denial of service, obtain sensitive information and possibly to write local files.
Below is a complete list of vulnerabilities:
- Incorrectly set permissions on folders inside the DEFAULT folder structure can be exploited locally by logging on and tampering wiht the DEFAULT folder contents possible to write local files;
- An improper client authentication in Helppane.exe can be exploited locally by using a specially designed application to gain privileges;
- An incorrect security feature behaviour while enforcing case sensitivity for certain variable checks can be exploited locally via a specially designed application to bypass security restrictions;
- An improper handling of kernel mode requests of some specific types can be exploited via a specially designed request to cause a denial of service;
- An improper handling of objects in memory in Windows Search can be exploited via specially designed SMB messages to obtain sensitive information;
- An incorrect handling of objects in memory in Windows Kernel can be exploited locally via a specially designed application to obtain sensitive information.
Technical details
Exploiting vulnerability (3) can lead to bypassing UEFI (Unified Extensible Firmware Interface) variable security.
NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-0295 warning
- CVE-2017-0298 warning
- CVE-2017-8493 warning
- CVE-2017-8515 warning
- CVE-2017-8544 warning
- CVE-2017-8553 warning
- CVE-2017-8554 warning
KB Liste
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com