SB2017101018 - Multiple vulnerabilities in Microsoft Windows

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017101018

SB2017101018 - Multiple vulnerabilities in Microsoft Windows

Published: October 10, 2017

Security Bulletin ID SB2017101018
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2017-11783)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to an error when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). A local attacker can run a specially crafted application and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Security restrictions bypass (CVE-ID: CVE-2017-8715)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to an error when PowerShell exposes functions and processes user supplied code. A local attacker can inject malicious code into a script that is trusted by the Code Integrity policy and bypass the Code Integrity policy.


3) Security restrictions bypass (CVE-ID: CVE-2017-11818)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. A local attacker can cause the application with a certain integrity level to execute code at a different integrity level.


4) Information disclosure (CVE-ID: CVE-2017-11817)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error when the Windows kernel improperly initializes objects in memory. A local attacker can run a specially crafted application and gain access to potentially sensitive information.

Successful exploitation of the vulnerability may result in further attacks.


Remediation

Install update from vendor's website.

References