KLA10979
Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service.

Below is a complete list of vulnerabilities:

1. An improper validation of certain elements of a signed PowerShell script in Device Guard can be exploited remotely to bypass security restrictions;
2. An incorrect handling of certain requests sent by a malicious SMB server to the client can be exploited remotely via injected HTML header links, redirectors and some other methods causing the SMB client to connect to a malicious SMB server and cause a denial of service;
3. An improper validation of input before loading DLL files can be exploited remotely to execute arbitrary code;
4. A failure in handling requests in dnsclient can be exploited remotely via making a user visit an untrusted webpage (if the target is workstation) or sending a DNS query to a malicious server (if the target is a server) to obtain sensitive information;
5. An improper client authentication in Helppane.exe can be exploited remotely to gain privileges and execute arbitrary code;
6. An integer overflow vulnerability in the iSNS Server service can be exploited remotely via connecting to the iSNS Server with a specially designed apllication and sending malicious requests using it to execute arbitrary code in the context of the SYSTEM account.

Technical details

Vulnerability (2) is related to the implementations of the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client.

Vulnerability (3) can be exploited by an attacker who has an access to the local system and has an ability to run a malicious application.

Vulnerability (5) can be exploited in case a DCOM object in Helppane.exe is configured to run as the interactive user.

Vulnerability (6) occurs when iSNS Server service fails to validate input from the client in a proper way.

Microsoft Windows Vista Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)