Vulnerability

CERT-In Vulnerability Note CIVN-2017-0173
Cumulative Security Update for Microsoft Windows

Original Issue Date:November 21, 2017

Severity Rating: HIGH

Software Affected

Windows RT 8.1
Windows 8.1 for x64-based systems and 32-bit systems
Windows 7 for 32-bit and x64-based Systems Service Pack 1
Windows 10 Version 1709 for 32-bit and 64-based Systems
Windows 10 Version 1703 for 32-bit and x64-based Systems
Windows 10 Version 1607 for 32-bit and x64-based Systems
Windows 10 Version 1511 for 32-bit and x64-based Systems
Windows 10 for 32-bit and x64-based Systems
Windows Server version 1709 (Server Core Installation)
Windows Server 2016 (Server Core installation also affected)
Windows Server 2012 R2 (Server Core installation also affected)
Windows Server 2012 (Server Core installation also affected)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation also affected)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation also affected)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation also affected)

Overview

Multiple vulnerabilities have been reported in Microsoft Windows, which could be exploited by an attacker to obtain sensitive information, denial of service (DoS) condition, execute arbitrary code and bypass certain security feature to gain elevated privileges on the targeted system.

Description

1. Windows Media Player Information Disclosure Vulnerability ( CVE-2017-11768   )

This vulnerability exists in Microsoft Windows due to improper disclosure of file information by the affected software when handling user-supplied input. A local attacker could exploit this vulnerability by accessing a targeted system and executing an application that submits malicious input to the affected software.
Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system.

2. Windows Search Denial of Service Vulnerability ( CVE-2017-11788   )

This vulnerability exists in Microsoft Windows due to improper memory operations that are performed by the affected software when handling user-supplied input. A remote attacker could exploit this vulnerability by sending malicious messages to the Search service on a targeted system or via a Server Message Block (SMB) connection with the targeted system.
Successful exploitation of this vulnerability could allow the attacker to cause the system to terminate abnormally, resulting in a DoS condition.

3. Windows Information Disclosure Vulnerability ( CVE-2017-11880   CVE-2017-11831   CVE-2017-11842   CVE-2017-11849   CVE-2017-11853   )

This vulnerability exists in Microsoft Windows kernel due to improper memory operations that are performed by the affected software when handling user-supplied input. A local attacker could exploit this vulnerability by accessing a targeted system and executing an application that submits malicious input to the affected software.
Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system.

4. Device Guard Security Feature Bypass Vulnerability ( CVE-2017-11830   )

This vulnerability exists in Microsoft Windows due to improper validation of untrusted files by the affected software. A local attacker could exploit this vulnerability by accessing the system and executing an unsigned application that submits malicious input to the affected software.
Successful exploitation of this vulnerability could allow the attacker to cause the malicious application to execute arbitrary code, and compromise the system completely.

5. Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability ( CVE-2017-11832   CVE-2017-11835   )

This vulnerability exists in Microsoft Windows Embedded OpenType (EOT) font engine due to improperly parses embedded fonts. A local attacker could exploit this vulnerability by accessing a targeted system and opening a document containing embedded fonts that submit malicious input to the affected software.
Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system.

6. Windows Kernel Elevation of Privilege Vulnerability ( CVE-2017-11847   )

This vulnerability exists in Microsoft Windows kernel due to improper memory operations that are performed by the affected software when handling user-supplied input. A local attacker could exploit this vulnerability by accessing a targeted system and executing an application that submits malicious input to the affected software.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in kernel mode and compromise the targeted system completely.

7. Microsoft Graphics Component Information Disclosure Vulnerability ( CVE-2017-11850   CVE-2017-11851   CVE-2017-11852   )

This vulnerability exists in Graphics component of Microsoft Windows due to improper memory operations that are performed by the affected software when handling user-supplied input. A local attacker could exploit this vulnerability by accessing a targeted system and executing an application that submits malicious input to the affected software.
Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system.

8. Windows Wireless WPA Group Key Reinstallation Vulnerability ( CVE-2017-13080   )

This vulnerability exists in the Windows implementation of wireless networking due to improper security restrictions and protocols that are used by affected clients and access points. A remote attacker could exploit these vulnerabilities by manipulating handshake traffic to perform session-key reuse, which could lead to the reinstallation of keys on a targeted wireless client or access point.
Successful exploitation of this vulnerability could allow the attacker to inject arbitrary packets, decrypt wireless packets, or replay packets on the targeted wireless client or access point, if the attacker is within range of the client and the access point.

Solution

Apply appropriate patch as mentioned in Microsoft Security Bulletin
https://portal.msrc.microsoft.com/en-us/security-guidance

Vendor Information

Microsoft
https://portal.msrc.microsoft.com/en-us/security-guidance

References

Security Tracker
https://securitytracker.com/id/1039794
https://securitytracker.com/id/1039792
https://securitytracker.com/id/1039782
https://securitytracker.com/id/1039790

CVE Name
CVE-2017-11768
CVE-2017-11788
CVE-2017-11880
CVE-2017-11831
CVE-2017-11842
CVE-2017-11849
CVE-2017-11853
CVE-2017-11830
CVE-2017-11832
CVE-2017-11835
CVE-2017-11847
CVE-2017-11850
CVE-2017-11851
CVE-2017-11852
CVE-2017-13080

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India