Description
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, gain privileges.
Below is a complete list of vulnerabilities:
- An information disclosure vulnerability in Windows SMB can be exploited remotely via specially crafted packet to obtain sensitive information.
- A denial of service vulnerability in Windows DNS Server can be exploited remotely to cause denial of service.
- A denial of service vulnerability in Windows SMB can be exploited remotely via specially crafted requests to cause denial of service.
- A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Windows COM can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows COM can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Windows Hyper-V vSMB can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to cause denial of service.
- An elevation of privilege vulnerability in Dxgkrnl.sys can be exploited remotely via specially crafted application to cause denial of service.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
Original advisories
- CVE-2017-0274
- CVE-2017-0272
- CVE-2017-0279
- CVE-2017-0273
- CVE-2017-0276
- CVE-2017-0278
- CVE-2017-0213
- CVE-2017-0212
- CVE-2017-0270
- CVE-2017-0245
- CVE-2017-0171
- CVE-2017-0259
- CVE-2017-0246
- CVE-2017-0277
- CVE-2017-0258
- CVE-2017-0269
- CVE-2017-0267
- CVE-2017-0077
- CVE-2017-0190
- CVE-2017-0275
- CVE-2017-0271
- CVE-2017-0214
- CVE-2017-0263
- CVE-2017-0268
- CVE-2017-0220
Exploitation
The following public exploits exists for this vulnerability:
https://www.exploit-db.com/exploits/44478
https://www.exploit-db.com/exploits/42007
https://www.exploit-db.com/exploits/42006
https://www.exploit-db.com/exploits/42008
https://www.exploit-db.com/exploits/42009
https://www.exploit-db.com/exploits/42021
https://www.exploit-db.com/exploits/42020
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
CVE list
- CVE-2017-0280 high
- CVE-2017-0279 high
- CVE-2017-0278 high
- CVE-2017-0277 high
- CVE-2017-0276 warning
- CVE-2017-0275 warning
- CVE-2017-0274 warning
- CVE-2017-0273 warning
- CVE-2017-0272 critical
- CVE-2017-0271 warning
- CVE-2017-0270 warning
- CVE-2017-0269 warning
- CVE-2017-0268 warning
- CVE-2017-0267 warning
- CVE-2017-0263 high
- CVE-2017-0259 warning
- CVE-2017-0258 warning
- CVE-2017-0246 high
- CVE-2017-0245 warning
- CVE-2017-0220 warning
- CVE-2017-0214 warning
- CVE-2017-0213 warning
- CVE-2017-0212 high
- CVE-2017-0190 warning
- CVE-2017-0171 warning
- CVE-2017-0077 high
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com