KLA11009
Multiple vulnerabilities in Microsoft Windows
Updated: 05/22/2017
CVSS
?
1.4
Detect date
?
05/08/2017
Severity
?
Warning
Description

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause a denial of service, gain privileges, obtain sensitive information or execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An improper way of handling certain calls and escapes in Microsoft DirectX graphics kernel (dxgkrnl.sys) can be exploited remotely via a specially designed application to cause a denial of service;
  2. An incorrect processing of DNS queries in Windows DNS Server can be exploited remotely via specially designed DNS queries to cause a denial of service;
  3. An improper handling of objects in memory in Windows kernel can be exploited remotely via a specially designed application to obtain sensitive information;
  4. An improper handling of objects in memory in Windows GDI (Graphics Device Interface) can be exploited remotely via a specially designed application to obtain sensitive information;
  5. An improper validation of vSMB packet data in Windows Hyper-V can be exploited remotely to gain privileges;
  6. An incorrect processing of interface requests in Windows COM Aggregate Marshaler can be exploited remotely to gain privileges;
  7. An improper validation of permissions while loading type libraries in Windows COM can  be exploited locally via a specially designed application to gain privileges;
  8. An incorrect handing of objects in memory can be exploited remotely via a specially designed application to obtain sensitive information;
  9. An incorrect instantiation of some ActiveX objects can be exploited remotely by convincing user to open a malicious content designed to instantiate the vulnerable object to obtain sensitive information;
  10. An incorrect handing of objects in memory in Windows Kernel can be exploited remotely via a specially designed application to gain privileges;
  11. An improper handling of objects in memory in the win32k component can be exploited either locally by logging in or remotely by convincing a user to run a specially designed application to obtain sensitive information or gain privileges;
  12. An improper initializing of objects in memory in Windows kernel can be exploited via a specially designed application to obtain sensitive information;
  13. An improper handling of objects in memory in the Windows kernel-mode driver can be exploited via a specially designed application runned by an authenticated user to gain privileges;
  14. Multiple vulnerabilities related to an improper handling of certain requests in SMBv1 (Microsoft Server Message Block 1.0) can be exploited remotely via a specially designed packet to obtain sensitive information;
  15. Multiple vulnerabilities related to an improper handling of certain requests in SMB (Microsoft Server Message Block) can be exploited remotely via a specially SMB request to cause a denial of service;
  16. Multiple vulnerabilities related to an improper handling of certain requests in SMB (Microsoft Server Message Block) can be exploited remotely via a specially designed packet to execute arbitrary code;
  17. An incorrect manner of scanning specially designed files in Microsoft Malware Protection engine can be exploited remotely to execute arbitrary code.

Technical details

Users can disable SMBv1 as a workaround for vulnerabilities (14)-(16).

To exploit vulnerability (17), a specially designed file must be scanned by an affected version of Microsoft Malware Protection engine. A malicious file can be delivered by an Instant Messenger message, website or an email message. Vulnerability exploit doesn’t depend on whether real-time protection is turned on or not.

Affected products

Microsoft Windows Vista Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-0290
CVE-2017-0280
CVE-2017-0279
CVE-2017-0278
CVE-2017-0277
CVE-2017-0276
CVE-2017-0275
CVE-2017-0274
CVE-2017-0273
CVE-2017-0272
CVE-2017-0271
CVE-2017-0270
CVE-2017-0269
CVE-2017-0268
CVE-2017-0267
CVE-2017-0263
CVE-2017-0259
CVE-2017-0258
CVE-2017-0246
CVE-2017-0245
CVE-2017-0244
CVE-2017-0242
CVE-2017-0220
CVE-2017-0214
CVE-2017-0213
CVE-2017-0212
CVE-2017-0190
CVE-2017-0175
CVE-2017-0171
CVE-2017-0077

Impacts
?
ACE 
[?]

OSI 
[?]

PE 
[?]

DoS 
[?]
Related products
Windows RT
Microsoft Windows Server 2012
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows 10
CVE-IDS
?

CVE-2017-0290
CVE-2017-0280
CVE-2017-0279
CVE-2017-0278
CVE-2017-0277
CVE-2017-0276
CVE-2017-0275
CVE-2017-0274
CVE-2017-0273
CVE-2017-0272
CVE-2017-0271
CVE-2017-0270
CVE-2017-0269
CVE-2017-0268
CVE-2017-0267
CVE-2017-0263
CVE-2017-0259
CVE-2017-0258
CVE-2017-0246
CVE-2017-0245
CVE-2017-0244
CVE-2017-0242
CVE-2017-0220
CVE-2017-0214
CVE-2017-0213
CVE-2017-0212
CVE-2017-0190
CVE-2017-0175
CVE-2017-0171
CVE-2017-0077

MS list
CVE-2017-0290
CVE-2017-0280
CVE-2017-0279
CVE-2017-0278
CVE-2017-0277
CVE-2017-0276
CVE-2017-0275
CVE-2017-0274
CVE-2017-0273
CVE-2017-0272
CVE-2017-0271
CVE-2017-0270
CVE-2017-0269
CVE-2017-0268
CVE-2017-0267
CVE-2017-0263
CVE-2017-0259
CVE-2017-0258
CVE-2017-0246
CVE-2017-0245
CVE-2017-0244
CVE-2017-0242
CVE-2017-0220
CVE-2017-0214
CVE-2017-0213
CVE-2017-0212
CVE-2017-0190
CVE-2017-0175
CVE-2017-0171
CVE-2017-0077
KB list

4019474
4019473
4019472
4016871
4019264
4019263
4019215
4019213
4019149
4019216
4019214
4019216
4018885
4019206
4018821
4018927
4018556
4019204
4018466