Beschreibung
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause a denial of service, obtain sensitive information, bypass security restrictions, spoof user interface or execute arbitrary code.
Below is a complete list of vulnerabilities:
- An improper handling of objects in memory in the Windows kernel-mode driver can be exploited locally by logging on to the system and running a specially designed application to gain privileges;
- An incorrect handling of memory addresses in the Windows GDI (Graphics Device Interface) can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
- An improper validation of guest operating system user input in Hyper-V can be exploited locally via a specially designed application to obtain sensitive information;
- An improper validation of guest operating system user input in VM host agent service can be exploited locally by using a specially designed certificate on the guest operating system to execute arbitrary code;
- An incorrect handling of objects in memory in Windows Control Flow Guard can be exploited locally by running a specially designed application to bypass security restrictions;
- Multiple vulnerabilities related to an improper handling of objects in memory in the Windows kernel can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
- An improper handling of objects in memory in the Win32k component can be exploited locally by logging on to the system and running a specially designed application to gain privileges;
- An incorrect maintaining of certain sequencing requirements in NetBT Session Services can be exploited remotely by sending specially designed packets to an impacted system to execute arbitrary code;
- An improper handling of Bluetooth requests in Windows can be exploited to spoof user interface;
- Multiple vulnerabilities related to an incorrect handling of objects in memory in the Windows GDI+ component can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
- Multiple vulnerabilities related to an improper handling of objects in memory in the Windows kernel can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
- An incorrect handling of embedded fonts in the Windows font library can be exploited locally by hosting a special website and convincing a user to visit it (for example, by sending them an email or an Instant Messenger message with a specially designed link) or by convincing a user to open a specially designed document file to execute arbitrary code;
- An incorrect handling of objects in memory in the Windows Graphics Component can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
- An incorrect handling of memory addresses in the Windows GDI (Graphics Device Interface) can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
- Multiple vulnerabilities related to an improper disclosure of memory kernel addresses in the Windows GDI+ component can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
- An incorrect handling of network packets done by DHCP failover servers can be exploited remotely by sending a specially designed packet to a DHCP server which is set to failover mode to execute arbitrary code;
- Multiple vulnerabilities related to an incorrect handling of memory addresses in Windows kernel can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
- Multiple vulnerabilities related to an incorrect handling of objects in memory in Windows Uniscribe can be exploited remotely by hosting a special website and convincing a user to visit it (for example, by sending them an email or an Instant Messenger message with a specially designed link) or by convincing a user to open a specially designed document file to execute arbitrary code;
- An incorrect handling of objects in memory in Windows Uniscribe can be exploited by convincing a user to open a specially designed document or to visit an untrusted webpage to obtain sensitive information;
- An improper validation of file copy destinations in Windows Shell can be exploited remotely by sending an email with a specially designed file and convincing a user to open it or by hosting a specially designed website and convincing a user to visit it to execute arbitrary code;
- An incorrect handling and executing files done by WER (Windows Error Reporting) can be exploited locally via a specially designed application to gain privileges;
- An improper input validation in Microsoft Hyper-V Virtual PCI can be exploited locally by running a specially designed application on a virtual machine under a privileged account to cause a denial of service;
- Multiple vulnerabilities related to an improper guest operating system user input validation in Microsoft Hyper-V can be exploited locally by running a specially designed application on a virtual machine to obtain sensitive information;
- An incorrect parsing of XML input done by Microsoft Common Console Document (.msc) can be exploited locally by convincing an authenticated user to open a file containing a specially designed XML content to obtain sensitive information;
- Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Windows PDF Library can be exploited remotely via a specially designed website that contains malicious PDF content to execute arbitrary code;
- An incorrect exposure of functions and processing of user supplied code in PowerShell in Device Guard can be exploited locally by injecting a specially designed code into a script which is trusted by the Code Integrity Policy to bypass security restrictions;
- An improper handling of objects in memory done by the Broadcom chipset in HoloLens can be exploited by sending a specially designed WiFi packet to execute arbitrary code.
Technical details
To exploit vulnerability (9), the malicious user has to be within the physical proximity of the attack victim. Bluetooth on the targeted user’s computer is required to be enabled. In this case, a Bluetooth connection can be initiated to the target computer without any notifications.
Exploiting vulnerability (9) can lead to a man-in-the-middle attack and victim’s computer can be forced to unknowingly route traffic through the malicious user’s computer.
Information received after exploiting vulnerabilities (17) can lead to a KASLR (Kernel Address Space Layout Randomization) bypass.
On Windows 10, vulnerability (25) can be exploited via a specially designed website containing malicious PDF content. As for other operating systems, malicious users have to convince users to open a specially designed PDF document in browser by sending them a link in an email, instant message or as an email attachment.
NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative.
Ursprüngliche Informationshinweise
- CVE-2017-8692
- CVE-2017-8695
- CVE-2017-8696
- CVE-2017-8737
- CVE-2017-8699
- CVE-2017-8702
- CVE-2017-8706
- CVE-2017-8707
- CVE-2017-8704
- CVE-2017-8708
- CVE-2017-8709
- CVE-2017-8628
- CVE-2017-8683
- CVE-2017-8682
- CVE-2017-8681
- CVE-2017-8680
- CVE-2017-8687
- CVE-2017-8686
- CVE-2017-8685
- CVE-2017-8684
- CVE-2017-8688
- CVE-2017-8720
- CVE-2017-8746
- CVE-2017-8714
- CVE-2017-8716
- CVE-2017-8711
- CVE-2017-8710
- CVE-2017-8713
- CVE-2017-8712
- CVE-2017-8719
- CVE-2017-9417
- CVE-2017-8678
- CVE-2017-8679
- CVE-2017-8728
- CVE-2017-8676
- CVE-2017-8677
- CVE-2017-8675
- CVE-2017-8728
- CVE-2017-8737
- CVE-2017-8676
- CVE-2017-8713
- CVE-2017-8716
- CVE-2017-8719
- CVE-2017-8628
- CVE-2017-8677
- CVE-2017-8678
- CVE-2017-8679
- CVE-2017-8680
- CVE-2017-8681
- CVE-2017-8682
- CVE-2017-8683
- CVE-2017-8684
- CVE-2017-8685
- CVE-2017-8686
- CVE-2017-8687
- CVE-2017-8688
- CVE-2017-8692
- CVE-2017-8695
- CVE-2017-8696
- CVE-2017-8699
- CVE-2017-8702
- CVE-2017-8704
- CVE-2017-8706
- CVE-2017-8707
- CVE-2017-8708
- CVE-2017-8709
- CVE-2017-8710
- CVE-2017-8711
- CVE-2017-8712
- CVE-2017-8746
- CVE-2017-9417
CVE Liste
- CVE-2017-8728 critical
- CVE-2017-8737 critical
- CVE-2017-8675 critical
- CVE-2017-8676 critical
- CVE-2017-8713 critical
- CVE-2017-8714 critical
- CVE-2017-8716 critical
- CVE-2017-8719 critical
- CVE-2017-8720 critical
- CVE-2017-0161 critical
- CVE-2017-8628 critical
- CVE-2017-8677 critical
- CVE-2017-8678 critical
- CVE-2017-8679 critical
- CVE-2017-8680 critical
- CVE-2017-8681 critical
- CVE-2017-8682 critical
- CVE-2017-8683 critical
- CVE-2017-8684 critical
- CVE-2017-8685 critical
- CVE-2017-8686 critical
- CVE-2017-8687 critical
- CVE-2017-8688 critical
- CVE-2017-8692 critical
- CVE-2017-8695 critical
- CVE-2017-8696 critical
- CVE-2017-8699 critical
- CVE-2017-8702 critical
- CVE-2017-8704 critical
- CVE-2017-8706 critical
- CVE-2017-8707 critical
- CVE-2017-8708 critical
- CVE-2017-8709 critical
- CVE-2017-8710 critical
- CVE-2017-8711 critical
- CVE-2017-8712 critical
- CVE-2017-8746 critical
- CVE-2017-9417 critical
KB Liste
- 4038788
- 4038782
- 4038786
- 4038783
- 4038792
- 4038799
- 4038793
- 4038781
- 4038779
- 4038777
- 4025333
- 4025337
- 4039038
- 4038874
- 4034786
- 4032201
- 4039266
- 4039384
- 4039325
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!