DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK.

Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.

KLA11099
Multiple vulnerabilities in Microsoft Windows
Aktualisiert: 03/29/2019
Erkennungsdatum
?
09/12/2017
Schweregrad
?
Kritisch
Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause a denial of service, obtain sensitive information, bypass security restrictions, spoof user interface or execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An improper handling of objects in memory in the Windows kernel-mode driver can be exploited locally by logging on to the system and running a specially designed application to gain privileges;
  2. An incorrect handling of memory addresses in the Windows GDI (Graphics Device Interface) can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
  3. An improper validation of guest operating system user input in Hyper-V can be exploited locally via a specially designed application to obtain sensitive information;
  4. An improper validation of guest operating system user input in VM host agent service can be exploited locally by using a specially designed certificate on the guest operating system to execute arbitrary code;
  5. An incorrect handling of objects in memory in Windows Control Flow Guard can be exploited locally by running a specially designed application to bypass security restrictions;
  6. Multiple vulnerabilities related to an improper handling of objects in memory in the Windows kernel can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
  7. An improper handling of objects in memory in the Win32k component can be exploited locally by logging on to the system and running a specially designed application to gain privileges;
  8. An incorrect maintaining of certain sequencing requirements in NetBT Session Services can be exploited remotely by sending specially designed packets to an impacted system to execute arbitrary code;
  9. An improper handling of Bluetooth requests in Windows can be exploited to spoof user interface;
  10. Multiple vulnerabilities related to an incorrect handling of objects in memory in the Windows GDI+ component can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
  11. Multiple vulnerabilities related to an improper handling of objects in memory in the Windows kernel can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
  12. An incorrect handling of embedded fonts in the Windows font library can be exploited locally by hosting a special website and convincing a user to visit it (for example, by sending them an email or an Instant Messenger message with a specially designed link) or by convincing a user to open a specially designed document file to execute arbitrary code;
  13. An incorrect handling of objects in memory in the Windows Graphics Component can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
  14. An incorrect handling of memory addresses in the Windows GDI (Graphics Device Interface) can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
  15. Multiple vulnerabilities related to an improper disclosure of memory kernel addresses in the Windows GDI+ component can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
  16. An incorrect handling of network packets done by DHCP failover servers can be exploited remotely by sending a specially designed packet to a DHCP server which is set to failover mode to execute arbitrary code;
  17. Multiple vulnerabilities related to an incorrect handling of memory addresses in Windows kernel can be exploited locally by logging on to the system and running a specially designed application to obtain sensitive information;
  18. Multiple vulnerabilities related to an incorrect handling of objects in memory in Windows Uniscribe can be exploited remotely by hosting a special website and convincing a user to visit it (for example, by sending them an email or an Instant Messenger message with a specially designed link) or by convincing a user to open a specially designed document file to execute arbitrary code;
  19. An incorrect handling of objects in memory in Windows Uniscribe can be exploited by convincing a user to open a specially designed document or to visit an untrusted webpage to obtain sensitive information;
  20. An improper validation of file copy destinations in Windows Shell can be exploited remotely by sending an email with a specially designed file and convincing a user to open it or by hosting a specially designed website and convincing a user to visit it to execute arbitrary code;
  21. An incorrect handling and executing files done by WER (Windows Error Reporting) can be exploited locally via a specially designed application to gain privileges;
  22. An improper input validation in Microsoft Hyper-V Virtual PCI can be exploited locally by running a specially designed application on a virtual machine under a privileged account to cause a denial of service;
  23. Multiple vulnerabilities related to an improper guest operating system user input validation in Microsoft Hyper-V can be exploited locally by running a specially designed application on a virtual machine to obtain sensitive information;
  24. An incorrect parsing of XML input done by Microsoft Common Console Document (.msc) can be exploited locally by convincing an authenticated user to open a file containing a specially designed XML content to obtain sensitive information;
  25. Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Windows PDF Library can be exploited remotely via a specially designed website that contains malicious PDF content to execute arbitrary code;
  26. An incorrect exposure of functions and processing of user supplied code in PowerShell in Device Guard can be exploited locally by injecting a specially designed code into a script which is trusted by the Code Integrity Policy to bypass security restrictions;
  27. An improper handling of objects in memory done by the Broadcom chipset in HoloLens can be exploited by sending a specially designed WiFi packet to execute arbitrary code.

Technical details

To exploit vulnerability (9), the malicious user has to be within the physical proximity of the attack victim. Bluetooth on the targeted user’s computer is required to be enabled. In this case, a Bluetooth connection can be initiated to the target computer without any notifications.

Exploiting vulnerability (9) can lead to a man-in-the-middle attack and victim’s computer can be forced to unknowingly route traffic through the malicious user’s computer.

Information received after exploiting vulnerabilities (17) can lead to a KASLR (Kernel Address Space Layout Randomization) bypass.

On Windows 10, vulnerability (25) can be exploited via a specially designed website containing malicious PDF content. As for other operating systems, malicious users have to convince users to open a specially designed PDF document in browser by sending them a link in an email, instant message or as an email attachment.

NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative.

Beeinträchtigte Produkte

Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Lösung

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Ursprüngliche Informationshinweise

CVE-2017-0161
CVE-2017-8692
CVE-2017-8695
CVE-2017-8696
CVE-2017-8737
CVE-2017-8699
CVE-2017-8702
CVE-2017-8706
CVE-2017-8707
CVE-2017-8704
CVE-2017-8708
CVE-2017-8709
CVE-2017-8628
CVE-2017-8683
CVE-2017-8682
CVE-2017-8681
CVE-2017-8680
CVE-2017-8687
CVE-2017-8686
CVE-2017-8685
CVE-2017-8684
CVE-2017-8688
CVE-2017-8720
CVE-2017-8746
CVE-2017-8714
CVE-2017-8716
CVE-2017-8711
CVE-2017-8710
CVE-2017-8713
CVE-2017-8712
CVE-2017-8719
CVE-2017-9417
CVE-2017-8678
CVE-2017-8679
CVE-2017-8728
CVE-2017-8676
CVE-2017-8677
CVE-2017-8675
CVE-2017-8728
CVE-2017-8737
CVE-2017-8676
CVE-2017-8713
CVE-2017-8716
CVE-2017-8719
CVE-2017-8628
CVE-2017-8677
CVE-2017-8678
CVE-2017-8679
CVE-2017-8680
CVE-2017-8681
CVE-2017-8682
CVE-2017-8683
CVE-2017-8684
CVE-2017-8685
CVE-2017-8686
CVE-2017-8687
CVE-2017-8688
CVE-2017-8692
CVE-2017-8695
CVE-2017-8696
CVE-2017-8699
CVE-2017-8702
CVE-2017-8704
CVE-2017-8706
CVE-2017-8707
CVE-2017-8708
CVE-2017-8709
CVE-2017-8710
CVE-2017-8711
CVE-2017-8712
CVE-2017-8746
CVE-2017-9417

Folgen
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
CVE-IDS
?
CVE-2017-87287.6Critical
CVE-2017-87377.6Critical
CVE-2017-86756.9Critical
CVE-2017-86762.1Critical
CVE-2017-87131.9Critical
CVE-2017-87146.9Critical
CVE-2017-87164.6Critical
CVE-2017-87191.9Critical
CVE-2017-87207.2Critical
CVE-2017-01616.8Critical
CVE-2017-86284.3Critical
CVE-2017-86772.1Critical
CVE-2017-86782.1Critical
CVE-2017-86792.1Critical
CVE-2017-86802.1Critical
CVE-2017-86812.1Critical
CVE-2017-86829.3Critical
CVE-2017-86832.1Critical
CVE-2017-86842.1Critical
CVE-2017-86852.1Critical
CVE-2017-86867.5Critical
CVE-2017-86872.1Critical
CVE-2017-86882.1Critical
CVE-2017-86929.3Critical
CVE-2017-86952.6Critical
CVE-2017-86967.6Critical
CVE-2017-86997.6Critical
CVE-2017-87024.4Critical
CVE-2017-87044.9Critical
CVE-2017-87061.9Critical
CVE-2017-87071.9Critical
CVE-2017-87081.9Critical
CVE-2017-87091.9Critical
CVE-2017-87104.3Critical
CVE-2017-87111.9Critical
CVE-2017-87121.9Critical
CVE-2017-87464.6Critical
CVE-2017-94177.5Critical
Offizielle Informationshinweise von Microsoft
Microsoft Sicherheitsupdate-Guide
KB-Liste

4038788
4038782
4038786
4038783
4038792
4038799
4038793
4038781
4038779
4038777
4025333
4025337
4039038
4038874
4034786
4032201
4039266
4039384
4039325


Link zum Original