Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows PDF can be exploited remotely via specially crafted website to execute arbitrary code.
2. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
3. An information disclosure vulnerability in Windows GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
4. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
5. A remote code execution vulnerability in Remote Desktop Virtual Host can be exploited remotely via specially crafted certificate to execute arbitrary code.
6. A security feature bypass vulnerability in Windows can be exploited remotely via specially crafted application to bypass security restrictions.
7. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
8. A remote code execution vulnerability in NetBIOS can be exploited remotely via specially crafted to execute arbitrary code.
9. A spoofing vulnerability in Microsoft Bluetooth Driver can be exploited remotely to spoof user interface.
10. A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
11. An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
12. A remote code execution vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to execute arbitrary code.
13. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
14. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
15. A remote code execution vulnerability in Windows Uniscribe can be exploited remotely via specially crafted website to execute arbitrary code.
16. An information disclosure vulnerability in Windows Uniscribe can be exploited remotely via specially crafted document to obtain sensitive information.
17. A remote code execution vulnerability in Windows Shell can be exploited remotely via specially crafted file to execute arbitrary code.
18. An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
19. A denial of service vulnerability in Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
20. A security feature bypass vulnerability in Device Guard Code Integrity Policy can be exploited remotely to bypass security restrictions.
21. A remote code execution vulnerability in Broadcom BCM43xx can be exploited remotely via specially crafted to execute arbitrary code.

Первичный источник обнаружения

• CVE-2017-8728
  CVE-2017-8737
  CVE-2017-8675
  CVE-2017-8676
  CVE-2017-8713
  CVE-2017-8714
  CVE-2017-8716
  CVE-2017-8719
  CVE-2017-8720
  CVE-2017-0161
  CVE-2017-8628
  CVE-2017-8677
  CVE-2017-8678
  CVE-2017-8679
  CVE-2017-8680
  CVE-2017-8681
  CVE-2017-8682
  CVE-2017-8683
  CVE-2017-8684
  CVE-2017-8686
  CVE-2017-8687
  CVE-2017-8688
  CVE-2017-8692
  CVE-2017-8695
  CVE-2017-8699
  CVE-2017-8702
  CVE-2017-8704
  CVE-2017-8706
  CVE-2017-8707
  CVE-2017-8708
  CVE-2017-8709
  CVE-2017-8711
  CVE-2017-8712
  CVE-2017-8746
  CVE-2017-9417
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Word
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2017-8728
  critical
• CVE-2017-8737
  critical
• CVE-2017-8675
  high
• CVE-2017-8676
  warning
• CVE-2017-8713
  high
• CVE-2017-8714
  critical
• CVE-2017-8716
  high
• CVE-2017-8719
  warning
• CVE-2017-8720
  critical
• CVE-2017-0161
  critical
• CVE-2017-8628
  high
• CVE-2017-8677
  high
• CVE-2017-8678
  high
• CVE-2017-8679
  high
• CVE-2017-8680
  high
• CVE-2017-8681
  high
• CVE-2017-8682
  critical
• CVE-2017-8683
  high
• CVE-2017-8684
  high
• CVE-2017-8686
  critical
• CVE-2017-8687
  high
• CVE-2017-8688
  high
• CVE-2017-8692
  critical
• CVE-2017-8695
  high
• CVE-2017-8699
  high
• CVE-2017-8702
  high
• CVE-2017-8704
  high
• CVE-2017-8706
  high
• CVE-2017-8707
  high
• CVE-2017-8708
  warning
• CVE-2017-8709
  warning
• CVE-2017-8711
  high
• CVE-2017-8712
  high
• CVE-2017-8746
  high
• CVE-2017-9417
  critical

Список KB

• 4038788
• 4038782
• 4038786
• 4038783
• 4038792
• 4038799
• 4038793
• 4038781
• 4025333

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com