Description
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service.
Below is a complete list of vulnerabilities:
- An improper validation of certain elements of a signed PowerShell script in Device Guard can be exploited remotely to bypass security restrictions;
- An incorrect handling of certain requests sent by a malicious SMB server to the client can be exploited remotely via injected HTML header links, redirectors and some other methods causing the SMB client to connect to a malicious SMB server and cause a denial of service;
- An improper validation of input before loading DLL files can be exploited remotely to execute arbitrary code;
- A failure in handling requests in dnsclient can be exploited remotely via making a user visit an untrusted webpage (if the target is workstation) or sending a DNS query to a malicious server (if the target is a server) to obtain sensitive information;
- An improper client authentication in Helppane.exe can be exploited remotely to gain privileges and execute arbitrary code;
- An integer overflow vulnerability in the iSNS Server service can be exploited remotely via connecting to the iSNS Server with a specially designed apllication and sending malicious requests using it to execute arbitrary code in the context of the SYSTEM account.
Technical details
Vulnerability (2) is related to the implementations of the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client.
Vulnerability (3) can be exploited by an attacker who has an access to the local system and has an ability to run a malicious application.
Vulnerability (5) can be exploited in case a DCOM object in Helppane.exe is configured to run as the interactive user.
Vulnerability (6) occurs when iSNS Server service fails to validate input from the client in a proper way.
Original advisories
- CVE-2017-0051
- CVE-2017-0021
- CVE-2017-0095
- CVE-2017-0096
- CVE-2017-0097
- CVE-2017-0098
- CVE-2017-0099
- CVE-2017-0109
- CVE-2017-0074
- CVE-2017-0075
- CVE-2017-0076
- CVE-2017-0055
- CVE-2017-0102
- CVE-2017-0103
- CVE-2017-0101
- CVE-2017-0050
- CVE-2017-0056
- CVE-2017-0024
- CVE-2017-0026
- CVE-2017-0078
- CVE-2017-0079
- CVE-2017-0080
- CVE-2017-0081
- CVE-2017-0082
- CVE-2017-0043
- CVE-2017-0045
- CVE-2017-0022
- CVE-2017-0143
- CVE-2017-0144
- CVE-2017-0145
- CVE-2017-0146
- CVE-2017-0147
- CVE-2017-0148
- CVE-2017-0014
- CVE-2017-0060
- CVE-2017-0061
- CVE-2017-0062
- CVE-2017-0063
- CVE-2017-0025
- CVE-2017-0073
- CVE-2017-0108
- CVE-2017-0038
- CVE-2017-0001
- CVE-2017-0005
- CVE-2017-0047
- CVE-2017-0072
- CVE-2017-0083
- CVE-2017-0084
- CVE-2017-0085
- CVE-2017-0086
- CVE-2017-0087
- CVE-2017-0088
- CVE-2017-0089
- CVE-2017-0090
- CVE-2017-0091
- CVE-2017-0092
- CVE-2017-0111
- CVE-2017-0112
- CVE-2017-0113
- CVE-2017-0114
- CVE-2017-0115
- CVE-2017-0116
- CVE-2017-0117
- CVE-2017-0118
- CVE-2017-0119
- CVE-2017-0120
- CVE-2017-0121
- CVE-2017-0122
- CVE-2017-0123
- CVE-2017-0124
- CVE-2017-0125
- CVE-2017-0126
- CVE-2017-0127
- CVE-2017-0128
- CVE-2017-0130
- CVE-2017-0008
- CVE-2017-0057
- CVE-2017-0100
- CVE-2017-0104
- CVE-2017-0007
- CVE-2017-0016
- CVE-2017-0039
Exploitation
This vulnerability can be exploited by the following malware:
https://threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/
https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/
Public exploits exist for this vulnerability.
Related products
- Microsoft-Windows-Vista
- Microsoft-Windows-Server-2012
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
CVE list
- CVE-2017-0051 high
- CVE-2017-0021 critical
- CVE-2017-0095 critical
- CVE-2017-0096 warning
- CVE-2017-0097 high
- CVE-2017-0098 high
- CVE-2017-0099 high
- CVE-2017-0109 critical
- CVE-2017-0074 high
- CVE-2017-0075 critical
- CVE-2017-0076 high
- CVE-2017-0055 high
- CVE-2017-0102 critical
- CVE-2017-0103 high
- CVE-2017-0101 critical
- CVE-2017-0050 critical
- CVE-2017-0056 critical
- CVE-2017-0024 critical
- CVE-2017-0026 critical
- CVE-2017-0078 critical
- CVE-2017-0079 critical
- CVE-2017-0080 critical
- CVE-2017-0081 critical
- CVE-2017-0082 critical
- CVE-2017-0043 high
- CVE-2017-0045 high
- CVE-2017-0022 high
- CVE-2017-0143 critical
- CVE-2017-0144 critical
- CVE-2017-0145 critical
- CVE-2017-0146 critical
- CVE-2017-0147 critical
- CVE-2017-0148 critical
- CVE-2017-0014 critical
- CVE-2017-0060 high
- CVE-2017-0061 high
- CVE-2017-0062 warning
- CVE-2017-0063 high
- CVE-2017-0025 critical
- CVE-2017-0073 warning
- CVE-2017-0108 critical
- CVE-2017-0038 high
- CVE-2017-0001 critical
- CVE-2017-0005 critical
- CVE-2017-0047 critical
- CVE-2017-0072 critical
- CVE-2017-0083 critical
- CVE-2017-0084 critical
- CVE-2017-0085 warning
- CVE-2017-0086 critical
- CVE-2017-0087 critical
- CVE-2017-0088 critical
- CVE-2017-0089 critical
- CVE-2017-0090 critical
- CVE-2017-0091 warning
- CVE-2017-0092 warning
- CVE-2017-0111 warning
- CVE-2017-0112 warning
- CVE-2017-0113 warning
- CVE-2017-0114 warning
- CVE-2017-0115 warning
- CVE-2017-0116 warning
- CVE-2017-0117 warning
- CVE-2017-0118 warning
- CVE-2017-0119 warning
- CVE-2017-0120 warning
- CVE-2017-0121 warning
- CVE-2017-0122 warning
- CVE-2017-0123 warning
- CVE-2017-0124 warning
- CVE-2017-0125 warning
- CVE-2017-0126 warning
- CVE-2017-0127 warning
- CVE-2017-0128 warning
- CVE-2017-0130 critical
- CVE-2017-0008 warning
- CVE-2017-0057 warning
- CVE-2017-0100 critical
- CVE-2017-0104 critical
- CVE-2017-0007 high
- CVE-2017-0016 high
- CVE-2017-0039 critical
KB list
- 4012217
- 4012215
- 4012216
- 4012606
- 4013198
- 4013429
- 3211306
- 4012212
- 4012214
- 4012213
- 4012598
- 4012583
- 3217587
- 4012021
- 4012373
- 4012497
- 4017018
- 4012584
- 3218362
- 3205715
- 4011981
- 3217882
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com