Kaspersky Threats

Erkennungsdatum

?

08/08/2017

Schweregrad

?

Kritisch

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause a denial of service and obtain sensitive information.

Below is a complete list of vulnerabilities:

An improper handling of embedded fonts in Windows font library can be exploited remotely by hosting a specially designed website or by providing a specially crafted document file to execute arbitrary code;
Multiple vulnerabilities related to an incorrect validating guest operating system user input in Windows Hyper-V can be exploited locally by running a specially designed application on a guest operating system to execute arbitrary code or to cause a denial of service;
An incorrect handling of connection requests in Remote Desktop Protocol (RDP) can be exploited remotely by running a specially designed application against a server that provides RDP services to cause a denial of service;
Multiple vulnerabilities related to an incorrect handling of objects in memory in Volume Manager Extension Driver and win32k component can be exploited locally by logging on to an affected system and running a specially designed application to obtain sensitive information;
An improper handling of objects and file executing way in Windows Error Reporting (WER) can be exploited locally via a specially designed application to gain privileges;
Multiple vulnerabilities related to an incorrect handling of objects in memory in Windows Subsystem for Linux and Windows Common Log File System can be exploited locally via a specially designed application to cause a denial of service against the local system;
An incorrect handling of NT pipes in memory of Windows Subsystem for Linux can be exploited locally by running a specially designed application to gain privileges;
An incorrect handling of objects in Win32k can be exploited locally by logging on to an affected system and running a specially designed application to execute arbitrary code in kernel mode;
An improper handling of parameters in a method of a DCOM class in Windows Input Method Editor (IME) can be exploited locally by running a specially designed application to execute arbitrary code;
An improper handling of objects in memory in Microsoft Windows PDF Library can be exploited remotely via a specially designed website that contains malicious PDF content to execute arbitrary code;
An incorrect handling of object in Microsoft JET Database Engine can be exploited remotely by sending a specially designed database file via email and convincing a user to open it to execute arbitrary code;
An incorrect handling of objects in memory in Windows Search can be exploited remotely by sending specially designed messages to the Windows Search service to execute arbitrary code;
An improper handling of objects in memory in Win32k component can be exploited locally via a specially designed application to gain privileges;
An improper NETBIOS packets handling in the Windows network stack can be exploited remotely by sending a series of TCP packets to a target system to cause denial of service.

Technical detailsVulnerability (9) can be exploited even if IME is not enabled.

On Windows 10, vulnerability (10) can be exploited via a specially designed website containing malicious PDF content. As for other operating systems, malicious users have to convince users to open a specially designed PDF document in browser by sending them a link in an email, instant message or as an email attachment.

Beeinträchtigte Produkte

Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Lösung

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Ursprüngliche Informationshinweise

CVE-2017-0174
CVE-2017-8620
CVE-2017-8593
CVE-2017-8591
CVE-2017-8633
CVE-2017-0293
CVE-2017-8691
CVE-2017-8623
CVE-2017-8622
CVE-2017-8668
CVE-2017-8627
CVE-2017-8673
CVE-2017-0250
CVE-2017-8664
CVE-2017-8666
CVE-2017-8624
CVE-2017-8620
CVE-2017-8691
CVE-2017-0250
CVE-2017-8633
CVE-2017-8668
CVE-2017-8627
CVE-2017-0293
CVE-2017-8666
CVE-2017-8673

Folgen

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

CVE-IDS

?

CVE-2017-85936.9Critical
CVE-2017-85917.2Critical
CVE-2017-86209.3Critical
CVE-2017-86647.2Critical
CVE-2017-86919.3Critical
CVE-2017-02509.3Critical
CVE-2017-86338.5Critical
CVE-2017-86236.8Critical
CVE-2017-86227.2Critical
CVE-2017-86682.1Critical
CVE-2017-86274.7Critical
CVE-2017-02937.6Critical
CVE-2017-01746.1Critical
CVE-2017-86662.1Critical
CVE-2017-86734.3Critical
CVE-2017-86247.2Critical

Offizielle Informationshinweise von Microsoft

Microsoft Sicherheitsupdate-Guide

KB-Liste

4034668
4034674
4034681
4034658
4034660
4034666
4034665
4034672
4034679
4034664
4035055
4035056
4035679
4022750
4034745
4034744
4034034
4042050
4041689
4041693
4041687
4041676
4041690
4041678
4041681
4041691
4042895
4041679

Link zum Original

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken

Erkennungsdatum ?	08/08/2017
Schweregrad ?	Kritisch
Beschreibung	Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause a denial of service and obtain sensitive information. Below is a complete list of vulnerabilities: An improper handling of embedded fonts in Windows font library can be exploited remotely by hosting a specially designed website or by providing a specially crafted document file to execute arbitrary code; Multiple vulnerabilities related to an incorrect validating guest operating system user input in Windows Hyper-V can be exploited locally by running a specially designed application on a guest operating system to execute arbitrary code or to cause a denial of service; An incorrect handling of connection requests in Remote Desktop Protocol (RDP) can be exploited remotely by running a specially designed application against a server that provides RDP services to cause a denial of service; Multiple vulnerabilities related to an incorrect handling of objects in memory in Volume Manager Extension Driver and win32k component can be exploited locally by logging on to an affected system and running a specially designed application to obtain sensitive information; An improper handling of objects and file executing way in Windows Error Reporting (WER) can be exploited locally via a specially designed application to gain privileges; Multiple vulnerabilities related to an incorrect handling of objects in memory in Windows Subsystem for Linux and Windows Common Log File System can be exploited locally via a specially designed application to cause a denial of service against the local system; An incorrect handling of NT pipes in memory of Windows Subsystem for Linux can be exploited locally by running a specially designed application to gain privileges; An incorrect handling of objects in Win32k can be exploited locally by logging on to an affected system and running a specially designed application to execute arbitrary code in kernel mode; An improper handling of parameters in a method of a DCOM class in Windows Input Method Editor (IME) can be exploited locally by running a specially designed application to execute arbitrary code; An improper handling of objects in memory in Microsoft Windows PDF Library can be exploited remotely via a specially designed website that contains malicious PDF content to execute arbitrary code; An incorrect handling of object in Microsoft JET Database Engine can be exploited remotely by sending a specially designed database file via email and convincing a user to open it to execute arbitrary code; An incorrect handling of objects in memory in Windows Search can be exploited remotely by sending specially designed messages to the Windows Search service to execute arbitrary code; An improper handling of objects in memory in Win32k component can be exploited locally via a specially designed application to gain privileges; An improper NETBIOS packets handling in the Windows network stack can be exploited remotely by sending a series of TCP packets to a target system to cause denial of service. Technical detailsVulnerability (9) can be exploited even if IME is not enabled. On Windows 10, vulnerability (10) can be exploited via a specially designed website containing malicious PDF content. As for other operating systems, malicious users have to convince users to open a specially designed PDF document in browser by sending them a link in an email, instant message or as an email attachment.
Beeinträchtigte Produkte	Microsoft Windows 7 Service Pack 1 Microsoft Windows 8.1 Microsoft Windows RT 8.1 Microsoft Windows 10 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016
Lösung	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Ursprüngliche Informationshinweise	CVE-2017-0174 CVE-2017-8620 CVE-2017-8593 CVE-2017-8591 CVE-2017-8633 CVE-2017-0293 CVE-2017-8691 CVE-2017-8623 CVE-2017-8622 CVE-2017-8668 CVE-2017-8627 CVE-2017-8673 CVE-2017-0250 CVE-2017-8664 CVE-2017-8666 CVE-2017-8624 CVE-2017-8620 CVE-2017-8691 CVE-2017-0250 CVE-2017-8633 CVE-2017-8668 CVE-2017-8627 CVE-2017-0293 CVE-2017-8666 CVE-2017-8673
Folgen ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?]
CVE-IDS ?	CVE-2017-85936.9Critical CVE-2017-85917.2Critical CVE-2017-86209.3Critical CVE-2017-86647.2Critical CVE-2017-86919.3Critical CVE-2017-02509.3Critical CVE-2017-86338.5Critical CVE-2017-86236.8Critical CVE-2017-86227.2Critical CVE-2017-86682.1Critical CVE-2017-86274.7Critical CVE-2017-02937.6Critical CVE-2017-01746.1Critical CVE-2017-86662.1Critical CVE-2017-86734.3Critical CVE-2017-86247.2Critical
Offizielle Informationshinweise von Microsoft	Microsoft Sicherheitsupdate-Guide
KB-Liste	4034668 4034674 4034681 4034658 4034660 4034666 4034665 4034672 4034679 4034664 4035055 4035056 4035679 4022750 4034745 4034744 4034034 4042050 4041689 4041693 4041687 4041676 4041690 4041678 4041681 4041691 4042895 4041679
	Link zum Original
	Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken

KLA11087Multiple vulnerabilities in Microsoft Windows

KLA11087
Multiple vulnerabilities in Microsoft Windows