Beschreibung
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause a denial of service, obtain sensitive information, bypass security restrictions and execute arbitrary code.
Below is a complete list of vulnerabilities:
- An incorrect handling of objects in memory in the Windows Graphics Device Interface (GDI) can be exploited locally to obtain sensitive information;
- Multiple vulnerabilities in the Windows Kernel can be exploited locally via running a specially designed application to obtain sensitive information;
- A memory corruption vulnerability in Microsoft Browsers can be exploited remotely via a specially designed website to execute arbitrary code;
- An incorrect integrity-level validation in Microsoft Windows Storage can be exploited locally to bypass security restrictions;
- An improper handling of embedded fonts in Microsoft font library can be exploited remotely via a specially designed website (web-based attack scenario) or document (file-sharing attack scenario) to execute arbitrary code;
- An incorrect handling of DLL loading process in certain Windows components can be exploited locally to execute arbitrary code;
- Multiple memory corruption vulnerabiltes in Windows Search can be exploited remotely via sending a specially designed messages to obtain sensitive information or execute arbitrary code;
- An improper handling of DNS responses in Windows Domain Name System (DNS) can be exploited remotely by sending corrupted DNS response to the target to execute arbitrary code;
- Multiple vulnerabilities in Microsoft Server Message Block server can be exploited remotely by sending a specially designed packet to the host to execute arbitrary code, cause denial of service, obtain sensitive information or gain privileges;
- An incorrect handling of Advanced Local Procedure calls in Microsoft Windows can be exploited locally by running a specially designed application to gain privileges;
- An unspecified vulnerability in Device Guard can be exploited locally by injecting malicious code into a script that is trusted by the Code Integrity policy to bypass securuty restrictions;
- Multiple vulnerabilities in Windows Graphics component can be exploited locally via a specially crafted application to gain privileges or obtain sensitive information;
- An incorrect enforcing of file sharing permissions in Windows Update Delivery Optimization can be exploited locally via creating a specially configued Delivery Optimization job to gain privileges;
- An improper handling of objects in memory in Windows kernel-mode driver can be exploited locally via a specially designed application to gain privileges;
- An incorrect handling of objects in memory in Windows Subsystem for Linux can be exploited locally via a specially designed application to cause denial of service;
- Buffer overflow vulnerability in Microsoft JET Database Engine can be exploited via a specially designed Excel file to execute arbitrary code;
- An improper accessing objects in memory in Microsoft Windows Text Services Framework can be exploited remotely via a specially designed website to execute arbitrary code.
Technical details
NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative.
NB: At this moment Microsoft has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.
Ursprüngliche Informationshinweise
- ADV170014
- CVE-2017-11762
- CVE-2017-11763
- CVE-2017-11765
- CVE-2017-11769
- CVE-2017-11771
- CVE-2017-11772
- CVE-2017-11779
- CVE-2017-11780
- CVE-2017-11781
- CVE-2017-11782
- CVE-2017-11783
- CVE-2017-11784
- CVE-2017-11785
- CVE-2017-11814
- CVE-2017-11815
- CVE-2017-11816
- CVE-2017-11817
- CVE-2017-11818
- CVE-2017-11819
- CVE-2017-11823
- CVE-2017-11824
- CVE-2017-11829
- CVE-2017-8689
- CVE-2017-8693
- CVE-2017-8694
- CVE-2017-8703
- CVE-2017-8715
- CVE-2017-8717
- CVE-2017-8718
- CVE-2017-8727
CVE Liste
- CVE-2017-11762 critical
- CVE-2017-11763 critical
- CVE-2017-11765 critical
- CVE-2017-11769 critical
- CVE-2017-11771 critical
- CVE-2017-11772 critical
- CVE-2017-11779 critical
- CVE-2017-11780 critical
- CVE-2017-11781 critical
- CVE-2017-11782 critical
- CVE-2017-11783 critical
- CVE-2017-11784 critical
- CVE-2017-11785 critical
- CVE-2017-11814 critical
- CVE-2017-11815 critical
- CVE-2017-11816 critical
- CVE-2017-11817 critical
- CVE-2017-11818 critical
- CVE-2017-11819 critical
- CVE-2017-11823 critical
- CVE-2017-11824 critical
- CVE-2017-11829 critical
- CVE-2017-8689 critical
- CVE-2017-8693 critical
- CVE-2017-8694 critical
- CVE-2017-8703 critical
- CVE-2017-8715 critical
- CVE-2017-8717 critical
- CVE-2017-8718 critical
- CVE-2017-8727 critical
KB Liste
- 4038793
- 4041689
- 4041693
- 4041687
- 4041676
- 4041690
- 4041678
- 4041681
- 4041691
- 4042895
- 4041679
- 4042122
- 4042123
- 4042120
- 4042121
- 4041995
- 4042007
- 4042067
- 4041944
- 4041671
- 4050795
- 4023490
- 4048955
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!