Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
2. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
3. A remote code execution vulnerability in TRIE can be exploited remotely to execute arbitrary code.
4. A remote code execution vulnerability in Windows Search can be exploited remotely via specially crafted messages to execute arbitrary code.
5. An information disclosure vulnerability in Microsoft Search can be exploited remotely via specially crafted messages to obtain sensitive information.
6. A remote code execution vulnerability in Windows DNSAPI can be exploited remotely to execute arbitrary code.
7. A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code.
8. A denial of service vulnerability in Microsoft Server Block Message can be exploited remotely via specially crafted requests to cause denial of service.
9. An elevation of privilege vulnerability in Windows SMB can be exploited remotely via specially crafted requests to gain privileges.
10. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely via specially crafted application to gain privileges.
11. An information disclosure vulnerability in Windows SMB can be exploited remotely to obtain sensitive information.
12. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
13. A security feature bypass vulnerability in Windows Storage can be exploited remotely to bypass security restrictions.
14. A security feature bypass vulnerability in Device Guard Code Integrity Policy can be exploited remotely to bypass security restrictions.
15. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
16. An elevation of privilege vulnerability in Windows Update Delivery Optimization can be exploited remotely to gain privileges.
17. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
18. An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
19. A denial of service vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to cause denial of service.
20. A remote code execution vulnerability in Microsoft JET Database Engine can be exploited remotely via specially crafted to execute arbitrary code.
21. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.

Первичный источник обнаружения

• CVE-2017-11762
  CVE-2017-11763
  CVE-2017-11765
  CVE-2017-11769
  CVE-2017-11771
  CVE-2017-11772
  CVE-2017-11779
  CVE-2017-11780
  CVE-2017-11781
  CVE-2017-11782
  CVE-2017-11783
  CVE-2017-11784
  CVE-2017-11785
  CVE-2017-11814
  CVE-2017-11815
  CVE-2017-11816
  CVE-2017-11817
  CVE-2017-11818
  CVE-2017-11823
  CVE-2017-11824
  CVE-2017-11829
  CVE-2017-8689
  CVE-2017-8693
  CVE-2017-8694
  CVE-2017-8703
  CVE-2017-8715
  CVE-2017-8717
  CVE-2017-8718
  CVE-2017-8727
  ADV170012
  ADV170014
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2017-11762
  high
• CVE-2017-11763
  high
• CVE-2017-11765
  warning
• CVE-2017-11769
  critical
• CVE-2017-11771
  critical
• CVE-2017-11772
  warning
• CVE-2017-11779
  critical
• CVE-2017-11780
  high
• CVE-2017-11781
  critical
• CVE-2017-11782
  warning
• CVE-2017-11783
  high
• CVE-2017-11784
  warning
• CVE-2017-11785
  warning
• CVE-2017-11814
  warning
• CVE-2017-11815
  warning
• CVE-2017-11816
  warning
• CVE-2017-11817
  warning
• CVE-2017-11818
  warning
• CVE-2017-11823
  high
• CVE-2017-11824
  high
• CVE-2017-11829
  warning
• CVE-2017-8689
  high
• CVE-2017-8693
  warning
• CVE-2017-8694
  high
• CVE-2017-8703
  warning
• CVE-2017-8715
  warning
• CVE-2017-8717
  critical
• CVE-2017-8718
  critical
• CVE-2017-8727
  critical

Список KB

• 4038793
• 4041689
• 4041693
• 4041687
• 4041676
• 4041690
• 4041691
• 4042895
• 4041679
• 4048955

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com