DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK.

Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.

KLA11067
Multiple vulnerabilities in Microsoft Windows
Aktualisiert: 03/29/2019
Erkennungsdatum
?
07/11/2017
Schweregrad
?
Kritisch
Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause a denial of service and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An improper parsing of XML input in the Windows Performance Monitor Console can be exploited via specially designed XML data to obtain sensitive information;
  2. An improper handling and sharing of executable files during rename operations in Windows Explorer can be exploited by sharing both a folder and malware named with an executable extension and making the user confuse the malware with the folder to execute arbitrary code;
  3. Multiple vulnerabilities related to incorrect handling of objects in the Microsoft Graphics Component can be exploited via a specially designed application to gain privileges;
  4. An improper handling of objects in Win32k can be exploited via a specially designed application to obtain sensitive information;
  5. A fail to prevent tampering with the SNAME field during ticket exchange in Kerberos can be exploited to bypass security restrictions;
  6. An improper parsing of XML input in the Windows System Information Console an be exploited via specially designed XML data to obtain sensitive information;
  7. Multiple vulnerabilities related to improper handling of objects in the Windows kernel can be exploited via a specially designed application to gain privileges;
  8. An incorrect handling of calls to Advanced Local Procedure Call in Windows can be exploited via a specially designed application to gain privileges;
  9. An improper fall back to NTLM (NT LAN Manager) Authentication Protocol in Kerberos can be exploited remotely via a specially designed application to gain privileges;
  10. An incorrect initializing of a memory address in the Windows kernel can be exploited via a specially designed application to obtain sensitive information;
  11. An incorrect deserializing of user supplied scripts in PowerShell can be exploited remotely to execute arbitrary code;
  12. An improper handling of parameters of in a method of a DCOM class in Windows Input Method Editor can be exploited via a specially designed application to gain privileges;
  13. Multiple vulnerabilities related to incorrect handling of objects in Windows can be exploited via a specially designed application to gain privileges;
  14. An improper handling of objects in the HTTP.sys server application component can exploited remotely by issuing a request to the HTTP.sys server application to obtain sensitive information;
  15. An improper handling of objects in HoloLens can be exploited by sending a specially designed WiFi packet to execute arbitrary code;
  16. A vulnerability when open a non-existent file in Windows Explorer can be exploited remotely by hosting a specially crafted web site and convincing a user to browse to the page, containing the reference to the non-existing file to cause denial of service;
  17. An improper parsing of files in WordPad can be exploited via a specially designed file to execute arbitrary code;
  18. An incorrect handling of objects in memory in Windows Search can be exploited remotely by sending specially designed messages to the Windows Search service to execute arbitrary code;
  19. An improper handling of objects in memory in the Windows Common Log File System driver can be exploited remotely via a specially designed application to gain privileges.

Technical details

Vulnerability (11) occurs when PSObject wraps a CIM instance.

Beeinträchtigte Produkte

Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Lösung

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Ursprüngliche Informationshinweise

CVE-2017-8495
CVE-2017-8557
CVE-2017-8556
CVE-2017-8562
CVE-2017-8563
CVE-2017-8561
CVE-2017-8566
CVE-2017-8564
CVE-2017-8565
CVE-2017-8580
CVE-2017-8581
CVE-2017-8582
CVE-2017-8584
CVE-2017-8587
CVE-2017-8486
CVE-2017-8588
CVE-2017-8589
CVE-2017-0170
CVE-2017-8467
CVE-2017-8463
CVE-2017-8574
CVE-2017-8577
CVE-2017-8573
CVE-2017-8590
CVE-2017-8578
CVE-2017-0170
CVE-2017-8463
CVE-2017-8486
CVE-2017-8557
CVE-2017-8563
CVE-2017-8564
CVE-2017-8565
CVE-2017-8566
CVE-2017-8578
CVE-2017-8581
CVE-2017-8582
CVE-2017-8584
CVE-2017-8587
CVE-2017-8588
CVE-2017-8589
CVE-2017-8590
CVE-2017-8592

Folgen
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
CVE-IDS
?
CVE-2017-01704.3Critical
CVE-2017-84639.3Critical
CVE-2017-84676.9Critical
CVE-2017-84861.9Critical
CVE-2017-84956.0Critical
CVE-2017-85566.9Critical
CVE-2017-85572.1Critical
CVE-2017-85616.9Critical
CVE-2017-85626.9Critical
CVE-2017-85635.1Critical
CVE-2017-85642.1Critical
CVE-2017-85659.3Critical
CVE-2017-85664.4Critical
CVE-2017-85736.9Critical
CVE-2017-85746.9Critical
CVE-2017-85776.9Critical
CVE-2017-85789.3Critical
CVE-2017-85806.2Critical
CVE-2017-85813.7Critical
CVE-2017-85824.3Critical
CVE-2017-85847.9Critical
CVE-2017-85874.3Critical
CVE-2017-85887.6Critical
CVE-2017-858910.0Critical
CVE-2017-85904.6Critical
CVE-2017-85924.3Critical
Offizielle Informationshinweise von Microsoft
Microsoft Sicherheitsupdate-Guide
KB-Liste

4025342
4025339
4025344
4025338
4022746
4022748
4022914
4025331
4025333
4025336
4025337
4025341
4025343
4025397
4025398
4025409
4025497
4025674
4025872
4025877
4026059
4026061
4032955
4025240


Link zum Original