Newest Plugins

KB4023307:Security Update for the Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Silverlight 5 (2017年6月)


Synopsis:

A web application framework running on the remote host is affected by
multiple remote code execution vulnerabilities.

Description:

The version of Silverlight 5 installed on the remote Windows host is
missing security update KB4023307.It is, therefore, affected by
multiple vulnerabilities :

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user.(CVE-2017-0283)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user.(CVE-2017-8527)

See also :

http://www.nessus.org/u?73572b10
http://www.nessus.org/u?36ab262f
http://www.nessus.org/u?5c2ca141

Solution :

Apply security update KB4023307.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

KB4022730:Security update for Adobe Flash Player (2017年6月)


Synopsis:

The remote Windows host has a browser plugin installed that is
affected by multiple vulnerabilities.

Description:

The remote Windows host is missing security update KB4022730.It is,
therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an
unauthenticated, remote attacker to execute arbitrary
code.(CVE-2017-3075, CVE-2017-3081, CVE-2017-3083,
CVE-2017-3084)

- Multiple memory corruption issues exist that allow an
unauthenticated, remote attacker to execute arbitrary
code.(CVE-2017-3076, CVE-2017-3077, CVE-2017-3078,
CVE-2017-3079, CVE-2017-3082)

See also :

https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
http://www.nessus.org/u?968acd88
http://www.nessus.org/u?75601286

Solution :

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,
2012 R2, 10, and 2016.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

KB4022727:Windows 10 Version 1507 2017年6月 Cumulative Update


Synopsis:

The remote Windows host is affected by multiple vulnerabilities.

Description:

The remote Windows 10 version 1507 host is missing security update
KB4022727.It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in
Windows Hyper-V instruction emulation due to a failure
to properly enforce privilege levels.An attacker on a
guest operating system can exploit this to gain elevated
privileges on the guest.Note that the host operating
system is not vulnerable.(CVE-2017-0193)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0218)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0219)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0282)

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user.(CVE-2017-0283)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0284)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0285)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0288)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0289)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0291)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0292)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user.(CVE-2017-0294)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it.A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions.(CVE-2017-0297)

- An elevation of privilege vulnerability exists in the
DCOM object in Helppane.exe, when configured to run as
the interactive user, due to a failure to properly
authenticate the client.An authenticated, remote
attacker can exploit this, via a specially crafted
application, to run arbitrary code in another user's
session after that user has logged on to the same system
using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0299)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0300)

- An information disclosure vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to disclose the contents of memory.(CVE-2017-8460)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8462)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts.An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user.(CVE-2017-8464)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8465)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8466)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8468)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8470)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8471)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8473)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8474)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8475)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8476)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8477)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8478)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8479)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8480)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8481)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8482)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8483)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8484)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8485)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8489)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8490)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8491)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8492)

- A security bypass vulnerability exists due to a failure
to enforce case sensitivity for certain variable checks.
A local attacker can exploit this, via a specially
crafted application, to bypass Unified Extensible
Firmware Interface (UEFI) variable security.
(CVE-2017-8493)

- An elevation of privilege vulnerability exists in the
Windows Secure Kernel Mode feature due to a failure to
properly handle objects in memory.A local attacker can
exploit this, via a specially crafted application, to
bypass virtual trust levels (VTL).(CVE-2017-8494)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8517)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8522)

- A same-origin policy bypass vulnerability exists in
Microsoft Edge due to a failure to properly apply the
Same Origin Policy for HTML elements.An
unauthenticated, remote attacker can exploit this, by
convincing a user to follow a link, to load a page with
malicious content.(CVE-2017-8523)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8524)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user.(CVE-2017-8527)

- An information disclosure vulnerability exists in
Microsoft browsers in the scripting engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to disclose files on a user's computer.(CVE-2017-8529)

- A same-origin policy bypass vulnerability exists in
Microsoft Edge due to a failure to properly enforce
same-origin policies.An unauthenticated, remote
attacker can exploit this, by convincing a user to visit
a specially crafted website, to disclose information
from origins outside the current one.(CVE-2017-8530)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8531)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8532)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8533)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code.(CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information.(CVE-2017-8544)

- A remote code execution vulnerability exists in Internet
Explorer due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8547)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8548)

- A remote code execution vulnerability exists in
Microsoft Edge in the JavaScript scripting engine due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8549)

See also :

http://www.nessus.org/u?05d092f6

Solution :

Apply security update KB4022727.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

KB4022726:Windows 8.1 and Windows Server 2012 R2 2017年6月 Cumulative Update


Synopsis:

The remote Windows host is affected by multiple vulnerabilities.

Description:

The remote Windows host is missing security update KB4022726.It is,
therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in
Windows Hyper-V instruction emulation due to a failure
to properly enforce privilege levels.An attacker on a
guest operating system can exploit this to gain elevated
privileges on the guest.Note that the host operating
system is not vulnerable.(CVE-2017-0193)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0282)

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user.(CVE-2017-0283)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0284)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0285)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0288)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0289)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0291)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0292)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user.(CVE-2017-0294)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it.A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions.(CVE-2017-0297)

- An elevation of privilege vulnerability exists in the
DCOM object in Helppane.exe, when configured to run as
the interactive user, due to a failure to properly
authenticate the client.An authenticated, remote
attacker can exploit this, via a specially crafted
application, to run arbitrary code in another user's
session after that user has logged on to the same system
using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0299)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0300)

- An information disclosure vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to disclose the contents of memory.(CVE-2017-8460)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8462)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts.An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user.(CVE-2017-8464)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8465)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8466)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8468)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8469)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8470)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8471)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8473)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8474)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8475)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8476)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8477)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8478)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8479)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8480)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8481)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8482)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8483)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8484)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8485)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8488)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8489)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8490)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8491)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8492)

- A security bypass vulnerability exists due to a failure
to enforce case sensitivity for certain variable checks.
A local attacker can exploit this, via a specially
crafted application, to bypass Unified Extensible
Firmware Interface (UEFI) variable security.
(CVE-2017-8493)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user.(CVE-2017-8527)

- A remote code execution vulnerability exists in Windows
Uniscribe due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website
or open a specially crafted document, to execute
arbitrary code in the context of the current user.
(CVE-2017-8528)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8531)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8532)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8533)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code.(CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information.(CVE-2017-8544)

- An information disclosure vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the contents of memory.(CVE-2017-8553)

See also :

http://www.nessus.org/u?5f83ad76

Solution :

Apply security update KB4022726.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

KB4022725:Windows 10 Version 1703 2017年6月 Cumulative Update


Synopsis:

The remote Windows host is affected by multiple vulnerabilities.

Description:

The remote Windows 10 version 1703 host is missing security update
KB4022725.It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0282)

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user.(CVE-2017-0283)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0285)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0288)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0289)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0291)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0292)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user.(CVE-2017-0294)

- A flaw exists in Microsoft Windows due to incorrect
permissions being set on folders inside the DEFAULT
folder structure.An authenticated, remote attacker can
exploit this, by logging in to the affected system
before the user can log in, to modify the user's DEFAULT
folder contents.(CVE-2017-0295)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it.A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions.(CVE-2017-0297)

- An elevation of privilege vulnerability exists in the
DCOM object in Helppane.exe, when configured to run as
the interactive user, due to a failure to properly
authenticate the client.An authenticated, remote
attacker can exploit this, via a specially crafted
application, to run arbitrary code in another user's
session after that user has logged on to the same system
using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0299)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0300)

- An information disclosure vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to disclose the contents of memory.(CVE-2017-8460)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8462)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts.An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user.(CVE-2017-8464)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8465)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8470)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8471)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8474)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8475)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8476)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8477)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8478)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8479)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8480)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8481)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8482)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8483)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8484)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8485)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8489)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8490)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8491)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8492)

- A security bypass vulnerability exists due to a failure
to enforce case sensitivity for certain variable checks.
A local attacker can exploit this, via a specially
crafted application, to bypass Unified Extensible
Firmware Interface (UEFI) variable security.
(CVE-2017-8493)

- An information disclosure vulnerability exists in
Microsoft Edge due to improper handling of JavaScript
XML DOM objects.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website, to disclose sensitive information.
(CVE-2017-8498)

- A remote code execution vulnerability exists in
Microsoft Edge in the JavaScript scripting engine due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website
or open a specially crafted Microsoft Office document,
to execute arbitrary code in the context of the current
user.(CVE-2017-8499)

- An information disclosure vulnerability exists in
Microsoft Edge in the Fetch API due to improper handling
of filtered response types.An unauthenticated, remote
attacker can exploit this, by convincing a user to visit
a specially crafted website, to disclose sensitive
information in the URL of a cross-origin request.
(CVE-2017-8504)

- A denial of service vulnerability exists in Windows due
to improper handling of kernel mode requests.An
unauthenticated, remote attacker can exploit this, via a
specially crafted kernel mode request, to cause the
machine to stop responding or rebooting.(CVE-2017-8515)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8517)

- A remote code execution vulnerability exists in
Microsoft Edge in the JavaScript scripting engine due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8520)

- A remote code execution vulnerability exists in
Microsoft Edge in the JavaScript scripting engine due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8521)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8522)

- A same-origin policy bypass vulnerability exists in
Microsoft Edge due to a failure to properly apply the
Same Origin Policy for HTML elements.An
unauthenticated, remote attacker can exploit this, by
convincing a user to follow a link, to load a page with
malicious content.(CVE-2017-8523)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8524)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user.(CVE-2017-8527)

- An information disclosure vulnerability exists in
Microsoft browsers in the scripting engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to disclose files on a user's computer.(CVE-2017-8529)

- A same-origin policy bypass vulnerability exists in
Microsoft Edge due to a failure to properly enforce
same-origin policies.An unauthenticated, remote
attacker can exploit this, by convincing a user to visit
a specially crafted website, to disclose information
from origins outside the current one.(CVE-2017-8530)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8531)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8532)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8533)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code.(CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information.(CVE-2017-8544)

- A remote code execution vulnerability exists in Internet
Explorer due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8547)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8548)

- A remote code execution vulnerability exists in
Microsoft Edge in the JavaScript scripting engine due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8549)

- A security bypass vulnerability exists in Microsoft Edge
in the Content Security Policy (CSP) due to improper
validation of documents.An unauthenticated, remote
attacker can exploit this, by convincing a user to
follow a link, to cause the user to load a malicious
website.(CVE-2017-8555)

See also :

http://www.nessus.org/u?c538cc09

Solution :

Apply security update KB4022725.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

KB4022724:Windows Server 2012 Standard 2017年6月 Cumulative Update


Synopsis:

The remote Windows host is affected by multiple vulnerabilities.

Description:

The remote Windows host is missing security update KB4022724.It is,
therefore, affected by the following vulnerabilities :

- An elevation of privilege vulnerability exists in
Windows Hyper-V instruction emulation due to a failure
to properly enforce privilege levels.An attacker on a
guest operating system can exploit this to gain elevated
privileges on the guest.Note that the host operating
system is not vulnerable.(CVE-2017-0193)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0282)

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user.(CVE-2017-0283)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0284)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0285)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0288)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0289)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0291)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0292)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user.(CVE-2017-0294)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it.A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions.(CVE-2017-0297)

- An elevation of privilege vulnerability exists in the
DCOM object in Helppane.exe, when configured to run as
the interactive user, due to a failure to properly
authenticate the client.An authenticated, remote
attacker can exploit this, via a specially crafted
application, to run arbitrary code in another user's
session after that user has logged on to the same system
using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0299)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0300)

- An information disclosure vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to disclose the contents of memory.(CVE-2017-8460)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8462)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts.An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user.(CVE-2017-8464)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8469)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8470)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8471)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8472)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8473)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8474)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8475)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8476)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8477)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8478)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8479)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8480)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8481)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8482)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8483)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8484)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8485)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8488)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8489)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8490)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8491)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8492)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8517)

- A remote code execution vulnerability exists in Internet
Explorer due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8519)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8522)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user.(CVE-2017-8527)

- A remote code execution vulnerability exists in Windows
Uniscribe due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website
or open a specially crafted document, to execute
arbitrary code in the context of the current user.
(CVE-2017-8528)

- An information disclosure vulnerability exists in
Microsoft browsers in the scripting engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to disclose files on a user's computer.(CVE-2017-8529)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8531)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8532)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8533)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code.(CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information.(CVE-2017-8544)

- A remote code execution vulnerability exists in Internet
Explorer due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8547)

- An information disclosure vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the contents of memory.(CVE-2017-8553)

See also :

http://www.nessus.org/u?4a3cabfc
http://www.nessus.org/u?fcd66520

Solution :

Apply security update KB4022724.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

KB4022722:Windows 7 and Windows 2008 R2 2017年6月 Cumulative Update


Synopsis:

The remote Windows host is affected by multiple vulnerabilities.

Description:

The remote Windows host is missing security update KB4022722.It is,
therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in
Windows Hyper-V instruction emulation due to a failure
to properly enforce privilege levels.An attacker on a
guest operating system can exploit this to gain elevated
privileges on the guest.Note that the host operating
system is not vulnerable.(CVE-2017-0193)

- A remote code execution vulnerability exists in
Microsoft Office due to improper validation of
user-supplied input before loading dynamic link library
(DLL) files.An unauthenticated, remote attacker can
exploit this, by convincing a user to open a specially
crafted file, to execute arbitrary code in the context
of the current user.(CVE-2017-0260)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0282)

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user.(CVE-2017-0283)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0284)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0285)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0286)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0288)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0289)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user.(CVE-2017-0294)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it.A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions.(CVE-2017-0297)

- An elevation of privilege vulnerability exists in the
DCOM object in Helppane.exe, when configured to run as
the interactive user, due to a failure to properly
authenticate the client.An authenticated, remote
attacker can exploit this, via a specially crafted
application, to run arbitrary code in another user's
session after that user has logged on to the same system
using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0299)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0300)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8462)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts.An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user.(CVE-2017-8464)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8469)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8470)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8471)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8472)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8473)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8475)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8476)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8477)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8478)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8479)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8480)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8481)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8482)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8483)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8484)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8485)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8488)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8489)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8490)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8491)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8492)

- A remote code execution vulnerability exists in Internet
Explorer due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8519)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8524)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user.(CVE-2017-8527)

- A remote code execution vulnerability exists in Windows
Uniscribe due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website
or open a specially crafted document, to execute
arbitrary code in the context of the current user.
(CVE-2017-8528)

- An information disclosure vulnerability exists in
Microsoft browsers in the scripting engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to disclose files on a user's computer.(CVE-2017-8529)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8531)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8532)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8533)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or open a specially crafted document, to
disclose the contents of memory.(CVE-2017-8534)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code.(CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information.(CVE-2017-8544)

- A remote code execution vulnerability exists in Internet
Explorer due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8547)

- An information disclosure vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the contents of memory.(CVE-2017-8553)

See also :

http://www.nessus.org/u?f131905d

Solution :

Apply security update KB4022722.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

KB4022715:Windows 10 Version 1607 and Windows Server 2016 2017年6月 Cumulative Update


Synopsis:

The remote Windows host is affected by multiple vulnerabilities.

Description:

The remote Windows host is missing security update KB4022715.It is,
therefore, affected by multiple vulnerabilities :

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0173)

- An elevation of privilege vulnerability exists in
Windows Hyper-V instruction emulation due to a failure
to properly enforce privilege levels.An attacker on a
guest operating system can exploit this to gain elevated
privileges on the guest.Note that the host operating
system is not vulnerable.(CVE-2017-0193)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0215)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0216)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0218)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0219)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0282)

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user.(CVE-2017-0283)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0284)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0285)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0288)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0289)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0291)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0292)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user.(CVE-2017-0294)

- A flaw exists in Microsoft Windows due to incorrect
permissions being set on folders inside the DEFAULT
folder structure.An authenticated, remote attacker can
exploit this, by logging in to the affected system
before the user can log in, to modify the user's DEFAULT
folder contents.(CVE-2017-0295)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it.A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions.(CVE-2017-0297)

- An elevation of privilege vulnerability exists in the
DCOM object in Helppane.exe, when configured to run as
the interactive user, due to a failure to properly
authenticate the client.An authenticated, remote
attacker can exploit this, via a specially crafted
application, to run arbitrary code in another user's
session after that user has logged on to the same system
using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0299)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0300)

- An information disclosure vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to disclose the contents of memory.(CVE-2017-8460)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8462)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts.An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user.(CVE-2017-8464)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8465)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8466)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8468)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8470)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8471)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8473)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8474)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8475)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8476)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8477)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8478)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8479)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8480)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8481)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8482)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8483)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8484)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8485)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8489)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8490)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8491)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8492)

- A security bypass vulnerability exists due to a failure
to enforce case sensitivity for certain variable checks.
A local attacker can exploit this, via a specially
crafted application, to bypass Unified Extensible
Firmware Interface (UEFI) variable security.
(CVE-2017-8493)

- An elevation of privilege vulnerability exists in the
Windows Secure Kernel Mode feature due to a failure to
properly handle objects in memory.A local attacker can
exploit this, via a specially crafted application, to
bypass virtual trust levels (VTL).(CVE-2017-8494)

- A remote code execution vulnerability exists in
Microsoft Edge due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website, to execute arbitrary code in the context of the
current user.(CVE-2017-8496)

- A remote code execution vulnerability exists in
Microsoft Edge due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website, to execute arbitrary code in the context of the
current user.(CVE-2017-8497)

- An information disclosure vulnerability exists in
Microsoft Edge due to improper handling of JavaScript
XML DOM objects.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website, to disclose sensitive information.
(CVE-2017-8498)

- An information disclosure vulnerability exists in
Microsoft Edge in the Fetch API due to improper handling
of filtered response types.An unauthenticated, remote
attacker can exploit this, by convincing a user to visit
a specially crafted website, to disclose sensitive
information in the URL of a cross-origin request.
(CVE-2017-8504)

- A denial of service vulnerability exists in Windows due
to improper handling of kernel mode requests.An
unauthenticated, remote attacker can exploit this, via a
specially crafted kernel mode request, to cause the
machine to stop responding or rebooting.(CVE-2017-8515)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8517)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8522)

- A same-origin policy bypass vulnerability exists in
Microsoft Edge due to a failure to properly apply the
Same Origin Policy for HTML elements.An
unauthenticated, remote attacker can exploit this, by
convincing a user to follow a link, to load a page with
malicious content.(CVE-2017-8523)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8524)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user.(CVE-2017-8527)

- An information disclosure vulnerability exists in
Microsoft browsers in the scripting engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to disclose files on a user's computer.(CVE-2017-8529)

- A same-origin policy bypass vulnerability exists in
Microsoft Edge due to a failure to properly enforce
same-origin policies.An unauthenticated, remote
attacker can exploit this, by convincing a user to visit
a specially crafted website, to disclose information
from origins outside the current one.(CVE-2017-8530)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8531)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8532)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8533)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code.(CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information.(CVE-2017-8544)

- A remote code execution vulnerability exists in Internet
Explorer due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8547)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8548)

- A remote code execution vulnerability exists in
Microsoft Edge in the JavaScript scripting engine due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8549)

- An information disclosure vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the contents of memory.(CVE-2017-8553)

See also :

http://www.nessus.org/u?4ac6572f

Solution :

Apply security update KB4022715.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

KB4022714:Windows 10 Version 1511 2017年6月 Cumulative Update


Synopsis:

The remote Windows host is affected by multiple vulnerabilities.

Description:

The remote Windows 10 version 1511 host is missing security update
KB4022714.It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in
Windows Hyper-V instruction emulation due to a failure
to properly enforce privilege levels.An attacker on a
guest operating system can exploit this to gain elevated
privileges on the guest.Note that the host operating
system is not vulnerable.(CVE-2017-0193)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0216)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0218)

- A security bypass vulnerability exists in Device Guard.
A local attacker can exploit this, via a specially
crafted script, to bypass the Device Guard Code
Integrity policy and inject arbitrary code into a
trusted PowerShell process.(CVE-2017-0219)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0282)

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user.(CVE-2017-0283)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0284)

- An information disclosure vulnerability exists in
Windows Uniscribe due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or to open a specially crafted document file, to
disclose the contents of memory.(CVE-2017-0285)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0287)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0288)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to disclose the contents of memory.
(CVE-2017-0289)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0291)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to execute arbitrary code in the context of the current
user.(CVE-2017-0292)

- A remote code execution vulnerability exists in
Microsoft Windows due to improper handling of cabinet
files.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
cabinet file, to execute arbitrary code in the context
of the current user.(CVE-2017-0294)

- An elevation of privilege vulnerability exists in
tdx.sys due to a failure to check the length of a buffer
prior to copying memory to it.A local attacker can
exploit this, via a specially crafted application, to
execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory.A local attacker can exploit this, via a
specially crafted application, to execute arbitrary code
with elevated permissions.(CVE-2017-0297)

- An elevation of privilege vulnerability exists in the
DCOM object in Helppane.exe, when configured to run as
the interactive user, due to a failure to properly
authenticate the client.An authenticated, remote
attacker can exploit this, via a specially crafted
application, to run arbitrary code in another user's
session after that user has logged on to the same system
using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0299)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-0300)

- An information disclosure vulnerability exists in
Microsoft Windows due to improper parsing of PDF files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF file,
to disclose the contents of memory.(CVE-2017-8460)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8462)

- A remote code execution vulnerability exists in Windows
due to improper handling of shortcuts.An
unauthenticated, remote attacker can exploit this, by
convincing a user to insert a removable drive containing
a malicious shortcut and binary, to automatically
execute arbitrary code in the context of the current
user.(CVE-2017-8464)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8465)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8466)

- An elevation of privilege vulnerability exists in the
Windows kernel-mode driver due to improper handling of
objects in memory.A local attacker can exploit this,
via a specially crafted application, to run processes in
an elevated context.(CVE-2017-8468)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8470)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8471)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8473)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8474)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8475)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8476)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8477)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8478)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8479)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8480)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8481)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8482)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8483)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8484)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
the base address of the kernel driver.(CVE-2017-8485)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8489)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8490)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8491)

- An information disclosure vulnerability exists in the
Windows kernel due to improper initialization of objects
in memory.An authenticated, remote attacker can exploit
this, via a specially crafted application, to disclose
sensitive information.(CVE-2017-8492)

- A security bypass vulnerability exists due to a failure
to enforce case sensitivity for certain variable checks.
A local attacker can exploit this, via a specially
crafted application, to bypass Unified Extensible
Firmware Interface (UEFI) variable security.
(CVE-2017-8493)

- An elevation of privilege vulnerability exists in the
Windows Secure Kernel Mode feature due to a failure to
properly handle objects in memory.A local attacker can
exploit this, via a specially crafted application, to
bypass virtual trust levels (VTL).(CVE-2017-8494)

- A denial of service vulnerability exists in Windows due
to improper handling of kernel mode requests.An
unauthenticated, remote attacker can exploit this, via a
specially crafted kernel mode request, to cause the
machine to stop responding or rebooting.(CVE-2017-8515)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8517)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8522)

- A same-origin policy bypass vulnerability exists in
Microsoft Edge due to a failure to properly apply the
Same Origin Policy for HTML elements.An
unauthenticated, remote attacker can exploit this, by
convincing a user to follow a link, to load a page with
malicious content.(CVE-2017-8523)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8524)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts.An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user.(CVE-2017-8527)

- An information disclosure vulnerability exists in
Microsoft browsers in the scripting engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to disclose files on a user's computer.(CVE-2017-8529)

- A same-origin policy bypass vulnerability exists in
Microsoft Edge due to a failure to properly enforce
same-origin policies.An unauthenticated, remote
attacker can exploit this, by convincing a user to visit
a specially crafted website, to disclose information
from origins outside the current one.(CVE-2017-8530)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8531)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8532)

- An information disclosure vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or open a specially crafted
document, to disclose the contents of memory.
(CVE-2017-8533)

- A remote code execution vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to execute arbitrary code.(CVE-2017-8543)

- An information disclosure vulnerability exists in the
Windows Search functionality due to improper handling of
objects in memory.An unauthenticated, remote attacker
can exploit this, via a specially crafted SMB message,
to disclose sensitive information.(CVE-2017-8544)

- A remote code execution vulnerability exists in Internet
Explorer due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8547)

- A remote code execution vulnerability exists in
Microsoft browsers in the JavaScript engines due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8548)

- A remote code execution vulnerability exists in
Microsoft Edge in the JavaScript scripting engine due to
improper handling of objects in memory.An
unauthenticated, remote attacker can exploit this, by
convincing a user to visit a specially crafted website,
to execute arbitrary code in the context of the current
user.(CVE-2017-8549)

See also :

http://www.nessus.org/u?46ed25c8

Solution :

Apply security update KB4022714.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Security Update for Microsoft Office (2017年6月) (macOS)


Synopsis:

An application installed on the remote macOS or Mac OS X host is
affected by multiple remote code execution vulnerabilities.

Description:

The Microsoft Office application installed on the remote macOS or Mac
OS X host is missing a security update.It is, therefore, affected by
multiple vulnerabilities :

- A remote code execution vulnerability exists in
Microsoft Office due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
Office document, to execute arbitrary code in the
context of the current user.(CVE-2017-8509)

- A remote code execution vulnerability exists in
Microsoft Office due to improper handling of objects in
memory.An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
Office document, to execute arbitrary code in the
context of the current user.(CVE-2017-8511)

See also :

http://www.nessus.org/u?8fbc6de6
http://www.nessus.org/u?68489292
http://www.nessus.org/u?069ce460
http://www.nessus.org/u?b685de7b

Solution :

Microsoft has released patches for Microsoft Office for Mac 2011 and
Microsoft Office 2016 for Mac.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Adobe Flash Player for Mac <= 25.0.0.171 Multiple Vulnerabilities (APSB17-17)


Synopsis:

The remote macOS or Mac OS X host has a browser plugin installed that
is affected by multiple vulnerabilities.

Description:

The version of Adobe Flash Player installed on the remote macOS or Mac
OS X host is equal or prior to version 25.0.0.171.It is, therefore,
affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an
unauthenticated, remote attacker to execute arbitrary
code.(CVE-2017-3075, CVE-2017-3081, CVE-2017-3083,
CVE-2017-3084)

- Multiple memory corruption issues exist that allow an
unauthenticated, remote attacker to execute arbitrary
code.(CVE-2017-3076, CVE-2017-3077, CVE-2017-3078,
CVE-2017-3079, CVE-2017-3082)

See also :

https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
http://www.nessus.org/u?0cb17c10

Solution :

Upgrade to Adobe Flash Player version 26.0.0.126 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Adobe Flash Player <= 25.0.0.171 Multiple Vulnerabilities (APSB17-17)


Synopsis:

The remote Windows host has a browser plugin installed that is
affected by multiple vulnerabilities.

Description:

The version of Adobe Flash Player installed on the remote Windows host
is equal or prior to version 25.0.0.171.It is, therefore, affected by
multiple vulnerabilities :

- Multiple use-after-free errors exist that allow an
unauthenticated, remote attacker to execute arbitrary
code.(CVE-2017-3075, CVE-2017-3081, CVE-2017-3083,
CVE-2017-3084)

- Multiple memory corruption issues exist that allow an
unauthenticated, remote attacker to execute arbitrary
code.(CVE-2017-3076, CVE-2017-3077, CVE-2017-3078,
CVE-2017-3079, CVE-2017-3082)

See also :

https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
http://www.nessus.org/u?0cb17c10

Solution :

Upgrade to Adobe Flash Player version 26.0.0.126 or later.

Risk factor :

High / CVSS Base Score :9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 :irssi vulnerabilities (USN-3317-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that Irssi incorrectly handled certain DCC messages.
A malicious IRC server could use this issue to cause Irssi to crash,
resulting in a denial of service.(CVE-2017-9468)

Joseph Bisch discovered that Irssi incorrectly handled receiving
incorrectly quoted DCC files.A remote attacker could possibly use
this issue to cause Irssi to crash, resulting in a denial of service.
(CVE-2017-9469).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected irssi package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update :libxml2 (SUSE-SU-2017:1538-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for libxml2 fixes the following security issues :

- CVE-2017-9050:A heap-based buffer over-read in
xmlDictAddString (bsc#1039069, bsc#1039661)

- CVE-2017-9049:A heap-based buffer overflow in
xmlDictComputeFastKey (bsc#1039066)

- CVE-2017-9048:A stack overflow vulnerability in
xmlSnprintfElementContent (bsc#1039063)

- CVE-2017-9047:A stack overflow vulnerability in
xmlSnprintfElementContent (bsc#1039064)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory.Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1039063
https://bugzilla.suse.com/1039064
https://bugzilla.suse.com/1039066
https://bugzilla.suse.com/1039069
https://bugzilla.suse.com/1039661
https://www.suse.com/security/cve/CVE-2017-9047.html
https://www.suse.com/security/cve/CVE-2017-9048.html
https://www.suse.com/security/cve/CVE-2017-9049.html
https://www.suse.com/security/cve/CVE-2017-9050.html
http://www.nessus.org/u?fda8d58b

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-939=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-939=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-939=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-939=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-939=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score :3.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available :true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update :libnettle (openSUSE-2017-675)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for libnettle fixes the following issues :

- CVE-2016-6489 :

- Reject invalid RSA keys with even modulo.

- Check for invalid keys, with even p, in dsa_sign().

- Use function mpz_powm_sec() instead of mpz_powm()
(bsc#991464).

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=991464

Solution :

Update the affected libnettle packages.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update :wireshark (openSUSE-2017-674)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for wireshark fixes minor vulnerabilities that could be
used to trigger dissector crashes, infinite loops, or cause excessive
use of CPU resources by making Wireshark read specially crafted
packages from the network or a capture file :

- CVE-2017-9352:Bazaar dissector infinite loop
(boo#1042304)

- CVE-2017-9348:DOF dissector read overflow (boo#1042303)

- CVE-2017-9351:DHCP dissector read overflow
(boo#1042302)

- CVE-2017-9346:SoulSeek dissector infinite loop
(boo#1042301)

- CVE-2017-9345:DNS dissector infinite loop (boo#1042300)

- CVE-2017-9349:DICOM dissector infinite loop
(boo#1042305)

- CVE-2017-9350:openSAFETY dissector memory exhaustion
(boo#1042299)

- CVE-2017-9344:BT L2CAP dissector divide by zero
(boo#1042298)

- CVE-2017-9343:MSNIP dissector crash (boo#1042309)

- CVE-2017-9347:ROS dissector crash (boo#1042308)

- CVE-2017-9354:RGMP dissector crash (boo#1042307)

- CVE-2017-9353:IPv6 dissector crash (boo#1042306)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1042298
https://bugzilla.opensuse.org/show_bug.cgi?id=1042299
https://bugzilla.opensuse.org/show_bug.cgi?id=1042300
https://bugzilla.opensuse.org/show_bug.cgi?id=1042301
https://bugzilla.opensuse.org/show_bug.cgi?id=1042302
https://bugzilla.opensuse.org/show_bug.cgi?id=1042303
https://bugzilla.opensuse.org/show_bug.cgi?id=1042304
https://bugzilla.opensuse.org/show_bug.cgi?id=1042305
https://bugzilla.opensuse.org/show_bug.cgi?id=1042306
https://bugzilla.opensuse.org/show_bug.cgi?id=1042307
https://bugzilla.opensuse.org/show_bug.cgi?id=1042308
https://bugzilla.opensuse.org/show_bug.cgi?id=1042309
https://bugzilla.opensuse.org/show_bug.cgi?id=1042330

Solution :

Update the affected wireshark packages.

Risk factor :

High / CVSS Base Score :7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :picocom (2017-f942f19ff4)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Upgrade to 2.2, fixing CVE-2015-9059

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-f942f19ff4

Solution :

Update the affected picocom package.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :wget (2017-ed1c665a3f)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixed CVE-2017-6508:CRLF injection in the url_parse function in url.c

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed1c665a3f

Solution :

Update the affected wget package.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :mingw-poppler (2017-eadc5f410e)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update fixes CVEs 2017-7511 and 2017-9083.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-eadc5f410e

Solution :

Update the affected mingw-poppler package.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :oniguruma (2017-e2d6d0067f)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Multiple security flaws were found on oniguruma currently being
shipped on Fedora.This new rpm should fix the issue.

Fixed CVEs:CVE-2017-9226 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229
CVE-2017-9228

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d6d0067f

Solution :

Update the affected oniguruma package.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :libsndfile (2017-abbac6c64b)


Synopsis:

The remote Fedora host is missing a security update.

Description:

fixes buffer overflows for flac and pcm

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-abbac6c64b

Solution :

Update the affected libsndfile package.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :log4j12 (2017-8348115acd)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2017-5645

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-8348115acd

Solution :

Update the affected log4j12 package.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :log4j12 (2017-7e0ff7f73a)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2017-5645

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e0ff7f73a

Solution :

Update the affected log4j12 package.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :ansible (2017-6aff7475b7)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to 2.3.1, with various bugfixes and fix for CVE-2017-7481.

Full changes available at :

https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-6aff7475b7
https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md

Solution :

Update the affected ansible package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :postgresql (2017-4de07172f4)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Per release notes:
http://www.postgresql.org/docs/9.5/static/release-9-5-7.html

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

http://www.postgresql.org/docs/9.5/static/release-9-5-7.html
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4de07172f4

Solution :

Update the affected postgresql package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :mosquitto (2017-486a536b62)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix CVE-2017-7650 (rhbz#1456507)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-486a536b62

Solution :

Update the affected mosquitto package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :perltidy (2017-1f11501a9f)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Cumulative bug-fix, enhancement and security update, including fix for
CVE-2016-10374:perltidy relies on the current working directory for
certain output files and did not have a symlink-attack protection
mechanism, which allowed local users to overwrite arbitrary files by
creating a symlink, as demonstrated by creating a perltidy.ERR symlink
that the victim could not delete.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f11501a9f

Solution :

Update the affected perltidy package.

Risk factor :

Low / CVSS Base Score :2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 24 :systemd (2017-0a1b2d495a)


Synopsis:

The remote Fedora host is missing a security update.

Description:

A security fix for a systemd-resolved crash on a crafted DNS packet.
Relevant only to systemd-resolved users (not enabled by default).否
need to reboot or logout.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1b2d495a

Solution :

Update the affected systemd package.

Risk factor :

Medium / CVSS Base Score :5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-3878-1 :zziplib - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a
library to access Zip archives, which could result in denial of
service and potentially the execution of arbitrary code if a malformed
archive is processed.

See also :

https://packages.debian.org/source/jessie/zziplib
http://www.debian.org/security/2017/dsa-3878

Solution :

Upgrade the zziplib packages.

For the stable distribution (jessie), these problems have been fixed
in version 0.13.62-3+deb8u1.

For the upcoming stable distribution (stretch), these problems have
been fixed in version 0.13.62-3.1.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update :mysql-connector-cpp / mysql-workbench (openSUSE-2017-671)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for mysql-connector-cpp and mysql-workbench fixes the
following issues :

Mysql-connector-cpp was updated to version 1.1.8 :

- See the news files on
https://dev.mysql.com/doc/relnotes/connector-cpp/en/

Mysql-workbench was updated to version 6.3.9 :

- https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-8.html

- https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-9.html

- resolves CVE-2017-3469 (boo#1035195)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1035195
https://dev.mysql.com/doc/relnotes/connector-cpp/en/
https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-8.html
https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-9.html

Solution :

Update the affected mysql-connector-cpp / mysql-workbench packages.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD :roundcube -- arbitrary password resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Roundcube reports :

Roundcube Webmail allows arbitrary password resets by authenticated
users.The problem is caused by an improperly restricted exec call in
the virtualmin and sasl drivers of the password plugin.

See also :

http://www.nessus.org/u?6be9ef57
http://www.nessus.org/u?7e9d9aac

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score :6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :gnutls (2017-f646217583)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- Update to upstream 3.5.13 release

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-f646217583

Solution :

Update the affected gnutls package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :freeradius (2017-e698bba980)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Upgrade FreeRADIUS to upstream v3.0.14 release.The release includes
fixes for various issues, including security issues, one of which is
CVE-2017-9148.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-e698bba980

Solution :

Update the affected freeradius package.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :mosquitto (2017-c2113aacd2)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix CVE-2017-7650 (rhbz#1456507)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2113aacd2

Solution :

Update the affected mosquitto package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :picocom (2017-ac7fc2fd8c)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Upgrade to 2.2, fixing CVE-2015-9059

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-ac7fc2fd8c

Solution :

Update the affected picocom package.

Risk factor :

Critical / CVSS Base Score :10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :perltidy (2017-a3c7d077c7)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Cumulative bug-fix, enhancement and security update, including fix for
CVE-2016-10374:perltidy relies on the current working directory for
certain output files and did not have a symlink-attack protection
mechanism, which allowed local users to overwrite arbitrary files by
creating a symlink, as demonstrated by creating a perltidy.ERR symlink
that the victim could not delete.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3c7d077c7

Solution :

Update the affected perltidy package.

Risk factor :

Low / CVSS Base Score :2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :ansible (2017-87a64155eb)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to 2.3.1, with various bugfixes and fix for CVE-2017-7481.

Full changes available at :

https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-87a64155eb
https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md

Solution :

Update the affected ansible package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :oniguruma (2017-60997f0d14)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Multiple security flaws were found on oniguruma currently being
shipped on Fedora.This new rpm should fix the issue.

Fixed CVEs:CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227
CVE-2017-9229 CVE-2017-9228

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-60997f0d14

Solution :

Update the affected oniguruma package.

Risk factor :

High / CVSS Base Score :7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 :mingw-poppler (2017-0ee7b8dd2a)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update fixes CVEs 2017-7511 and 2017-9083.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-0ee7b8dd2a

Solution :

Update the affected mingw-poppler package.

Risk factor :

Medium / CVSS Base Score :4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-3877-1 :tor - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

It has been discovered that Tor, a connection-based low-latency
anonymous communication system, contain a flaw in the hidden service
code when receiving a BEGIN_DIR cell on a hidden service rendezvous
circuit.A remote attacker can take advantage of this flaw to cause a
hidden service to crash with an assertion failure (TROVE-2017-005).

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864424
https://packages.debian.org/source/jessie/tor
http://www.debian.org/security/2017/dsa-3877

Solution :

Upgrade the tor packages.

For the stable distribution (jessie), this problem has been fixed in
version 0.2.5.14-1.

For the upcoming stable distribution (stretch), this problem will be
fixed in version 0.2.9.11-1~deb9u1.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now