SB2017061402 - Multiple vulnerabilities in Microsoft Windows
Published: June 14, 2017
Security Bulletin ID
SB2017061402
Severity
High
Patch available
YES
Number of vulnerabilities
11
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-8490)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper initialization of objects in memory by the Windows kernel. A local attacker can run a specially crafted application and obtain information to perform further attacks.
Successful exploitation of the vulnerability results in information disclosure.
2) Remote code execution (CVE-ID: CVE-2017-0294)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to an error when handling malicious cabinet files. A remote attacker can trick the victim into opening or installing a specially crafted cabinet file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
3) Security bypass (CVE-ID: CVE-2017-0295)
The vulnerability allows a local attacker to modify information on the target system.The weakness exists due to improper permissions on folders inside the DEFAULT folder structure. A local attacker who logged on to the affected system and tampered with the DEFAULT folder contents can modify the C:\Users\DEFAULT folder structure.
Successful exploitation of the vulnerability results in information modification.
4) Buffer overflow (CVE-ID: CVE-2017-0296)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to boundary error when checking the length of a buffer by tdx.sys. A local attacker can run a specially crafted application to gain system privileges and run processes in an elevated context.
Successful exploitation of the vulnerability results privilege escalation.
5) Privilege escalation (CVE-ID: CVE-2017-0297)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper handling of objects in memory by the Windows kernel. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability results in full system compromise.
6) Privilege escalation (CVE-ID: CVE-2017-0298)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to improper authentication by DCOM object in Helppane.exe. A local attacker can run a specially crafted application after another user logged on to the same system via Terminal Services or Fast User Switching and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability results in full system compromise.
7) Information disclosure (CVE-ID: CVE-2017-8491)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper initialization of objects in memory by the Windows kernel. A local attacker can run a specially crafted application and obtain information to perform further attacks.
Successful exploitation of the vulnerability results in information disclosure.
8) Information disclosure (CVE-ID: CVE-2017-0299)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper initialization of memory address by the Windows kernel. A local attacker can run a specially crafted application to retrieve the base address of the kernel driver from a compromised process and bypass Kernel Address Space Layout Randomization (KASLR).
Successful exploitation of the vulnerability may result in security bypass.
9) Information disclosure (CVE-ID: CVE-2017-0300)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper initialization of memory address by the Windows kernel. A local attacker can run a specially crafted application to retrieve the base address of the kernel driver from a compromised process and bypass Kernel Address Space Layout Randomization (KASLR).
Successful exploitation of the vulnerability may result in security bypass.
10) Security bypass (CVE-ID: CVE-2017-8493)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to an error when enforcing case sensitivity for certain variable checks. A remote attacker can run a specially crafted application to set variables that are either read-only or require authentication and bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.
Successful exploitation of the vulnerability may result in access to the system.
11) Privilege escalation (CVE-ID: CVE-2017-8494)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper handling of objects in memory by Windows Secure Kernel Mode. A local attacker can run a specially crafted application, gain system privileges and violate virtual trust levels (VTL).
Successful exploitation of the vulnerability results in full system compromise.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8490
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0294
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0295
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0296
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0298
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8491
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0299
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0300
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8493
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8494