Description
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows IME can be exploited remotely via specially crafted application to execute arbitrary code.
- A remote code execution vulnerability in Windows Search can be exploited remotely via specially crafted messages to execute arbitrary code.
- A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
- A remote code execution vulnerability in Microsoft JET Database Engine can be exploited remotely via specially crafted to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
- A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
- An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Volume Manager Extension Driver can be exploited remotely via specially crafted application to obtain sensitive information.
- A denial of service vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to cause denial of service.
- A remote code execution vulnerability in Windows PDF can be exploited remotely via specially crafted website to execute arbitrary code.
- A denial of service vulnerability in Windows NetBIOS can be exploited remotely to cause denial of service.
- An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
- A denial of service vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely via specially crafted requests to cause denial of service.
- An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
Original advisories
- CVE-2017-8591
- CVE-2017-8620
- CVE-2017-8664
- CVE-2017-0250
- CVE-2017-8633
- CVE-2017-8623
- CVE-2017-8622
- CVE-2017-8668
- CVE-2017-8627
- CVE-2017-0293
- CVE-2017-0174
- CVE-2017-8666
- CVE-2017-8673
- CVE-2017-8624
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Microsoft-Windows-10
CVE list
- CVE-2017-8593 high
- CVE-2017-8591 critical
- CVE-2017-8620 critical
- CVE-2017-8664 critical
- CVE-2017-0250 critical
- CVE-2017-8633 critical
- CVE-2017-8623 high
- CVE-2017-8622 critical
- CVE-2017-8668 high
- CVE-2017-8627 warning
- CVE-2017-0293 critical
- CVE-2017-0174 high
- CVE-2017-8666 high
- CVE-2017-8673 high
- CVE-2017-8624 critical
KB list
- 4034668
- 4034674
- 4034681
- 4034658
- 4034660
- 4034666
- 4034665
- 4034672
- 4041689
- 4041693
- 4041687
- 4041676
- 4041690
- 4041691
- 4042895
- 4041679
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!