Upload
others
View
31
Download
0
Embed Size (px)
Citation preview
0
1
2
3
4
5
6
7
8
9
10
Windows
10 RTM
Windows
10 1511
Windows
10 1607
and Server
2016
Windows
10 1703
Windows
8.1 and
Windows
Server
2012 R2
Windows
Server
2012
Windows 7
and
Windows
Server
2008 R2
Windows
Vista and
Windows
Server
2008
Microsoft
Internet
Explorer
Microsoft
Edge
Microsoft
Silverlight
Microsoft
.NET
Framework
Microsoft
Office
Vulnerabilities fixed by component and by impact
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
CVSS 8.1
More Information:Windows 10 Creators Update available April 11. Windows Blog
Components:Graphics Component,
Scripting Engine, Active Directory, Hyper-V,
Windows Kernel
Kernel-Mode Drivers
Windows OLE
24%
19%
24%
33%Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
22 CVEs
0 public
0 exploited
Components:Graphics Component,
Scripting Engine, Active Directory, Hyper-V,
Windows Kernel
Kernel-Mode Drivers
Windows OLE
21%
17%
21%
4%
37% Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
24 CVEs
0 public
0 exploited
CVSS 8.1
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.
Attack VectorsAn elevation of privilege vulnerability exists when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller
Impact, Severity, DisclosureElevation of Privilege | Important | Privately disclosed | No known exploits in the wild
Components:Graphics Component,
Scripting Engine, Active Directory, Hyper-V,
Windows Kernel
Kernel-Mode Drivers
Windows OLE
21%
22%
22%
35%Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
23 CVEs
0 public
0 exploited
CVSS 8.1
Components:Graphics Component,
Scripting Engine, Active Directory, Hyper-V,
Windows Kernel
Kernel-Mode Drivers
Windows OLE
21%
22%
22%
35%Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
23 CVEs
0 public
0 exploited
CVSS 8.1
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.
Attack VectorsTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
Impact, Severity, DisclosureElevation of Privilege | Important | Privately disclosed | No known exploits in the wild
Components:Graphics Component,
Scripting Engine, Active Directory, Hyper-V,
Windows Kernel
Kernel-Mode Drivers
Windows OLE
17%
17%
29%
4%
33%Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
24 CVEs
0 public
0 exploited
CVSS 8.1
Components:Graphics Component,
Scripting Engine, Active Directory, Hyper-V,
Windows Kernel
Kernel-Mode Drivers
Windows OLE
21%
16%
31%
32%
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
18 CVEs
0 public
0 exploited
CVSS 8.1
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsCustomers who have not enabled the Hyper-V role are not affected.
Attack VectorsTo exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild
Components:Graphics Component,
Scripting Engine, Active Directory, Hyper-V,
Windows Kernel
Kernel-Mode Drivers
20%
20%
27%
33%Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
15 CVEs
0 public
0 exploited
CVSS 8.1
Components:Graphics Component,
Scripting Engine, Active Directory, Hyper-V,
Windows Kernel
Kernel-Mode Drivers
37%
18%
36%
9%
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
11 CVEs
0 public
0 exploited
CVSS 8.1
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.
Attack VectorsTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system
Impact, Severity, DisclosureElevation of Privilege | Important | Privately disclosed | No known exploits in the wild
CVSS 7.5
More Information:Limited, targeted attacks associated with CVE-2017-0210. VBScript can be disabled in IE11. See KB4012494 for details.
Packages:Windows Vista/Server 2008 KB4014661
Windows 7/Server 2008 R2 KB4014661
Windows Server 2012 KB4014661
Windows 8.1/Server 2012 R2 KB4014661
Windows 10/Server 2016 KB4015583,4015217,4015219, KB4015221
67%
33%Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
3 CVEs
1 public
1 exploited
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.
Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.
Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.
Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Office document that hosts the Edge rendering engine.
Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.
Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.
Impact, Severity, DisclosureElevation of Privilege | Important | Publicly disclosed | Exploitation detected
CVSS 4.3
More Information:Creators Update attack surface reduction in Microsoft Edge sandbox
60%20%
20%
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
5 CVEs
1 public
0 exploited
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.
Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.
Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.
Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Office document that hosts the Edge rendering engine.
Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild
More Information:EPS filter disabled by default after applying applicable Office updates. See KB2479871 to re-enable (not recommended). CVE-2017-0199 received press coverage – link to US CERT Vulnerability Note http://www.kb.cert.org/vuls/id/921560
Products:Office 2007/2010/2013/2013 RT/2016, Excel 2007, Excel 2010, Outlook 2007/2010/2013,2016, OneNote 2007/2010, Outlook for Mac 2011, Excel Services on SharePoint Server 2010/2013, Office Web Apps 2010/2013, Office Online Server, Office Compatibility Pack
43%
15%
14%
14%
14%
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Feature Bypass
Denial of Service
Spoofing
6 CVEs
1 public
2 exploited
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.
Attack VectorsExploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.
Web Scenario - Attacker hosts a malicious website utilizing the vulnerability, then convinces users to visit the site or attacker takes advantage of compromised websites and/or sites hosting ads from other providers.
Email scenario - Attacker sends specially–crafted file and persuades user to open the file or preview the email.
Impact, Severity, DisclosureRemote Code Execution | Critical | Publicly disclosed | Exploitation detected
WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.
MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.
Attack VectorsAttacker who successfully exploits could perform cross-site scripting attacks in the context of current user. For this vulnerability to be exploited, a user must click a specially crafted URL In an email attack scenario, an attacker could exploit the vulnerability by sending an email message containing the specially crafted URL to the user and by convincing the user to click on the specially crafted URL. In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted URL In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability
Impact, Severity, DisclosureElevation of Privilege | Important | Privately disclosed | No known exploits in the wild
aka.ms/lifecycle
CVE Public Exploited Impact Product
CVE-2017-0203 Yes No RCE Edge
CVE-2017-0210 Yes Yes EoP IE
CVE-2017-0199 Yes Yes RCE Windows/Office
Office EPS filter No Yes RCE Office
KB4012213
KB4015547
KB3178690KB3191855
KB3191847
Overview of vulnerabilities addressed in this release - April
Vulnerability Detail
KBRemote
Code Execution
Elevation of
Privilege
Information
Disclosure
Security Feature Bypass
Denial of
ServiceSpoofing
Public Disclosure
Know Exploit
Max CVSS
Windows 10 RTM 4015221 5 5 5 0 8 0 0 0 8.1
Windows 10 1511 4015219 5 5 5 0 8 0 0 0 8.1
Windows 10 1607 and Server 2016 4015217 5 4 5 1 9 0 0 0 8.1
Windows 10 1703 4015583 5 4 5 0 7 0 0 0 8.1
Windows 8.1 and Windows Server 2012 R2 4015547 4 4 7 1 8 0 0 0 8.1
Windows Server 2012 4015548 4 3 6 0 6 0 0 0 8.1
Windows 7 and Windows Server 2008 R2 4015546 3 3 4 0 5 0 0 0 8.1
Windows Vista and Windows Server 2008
4014661,
4015583,4015217,401521
9, 4015221
4 2 4 - 1 0 0 0 8.1
Microsoft Internet Explorer
4014661,
4015583,4015217,401521
9, 4015221
2 1 0 0 0 0 1 1 7.5
Microsoft Edge several 3 0 1 1 0 0 1 0 4.3
Microsoft Silverlight 4017094 0 0 1 0 0 - 0 0 _
Microsoft .NET Framework
KB4014985, 4014986,
4014987, 4014988 1 0 0 0 0 0 0 0 _
Microsoft Office several 3 1 1 1 0 1 1 2 _
Software KB Link
Windows 10 RTM 4015221 http://support.microsoft.com/kb/4015221
Windows 10 1511 4015219 http://support.microsoft.com/kb/4015219
Windows 10 1607 and Server 2016 4015217 http://support.microsoft.com/kb/4015217
Windows 10 1703 4015583 http://support.microsoft.com/kb/4015583
Windows 8.1 and Windows Server 2012 R24015547 http://support.microsoft.com/kb/4015547
Windows Server 2012 4015548 http://support.microsoft.com/kb/4015548
Windows 7 and Windows Server 2008 R24015546 http://support.microsoft.com/kb/4015546
Windows Vista and Windows Server 20084014661, 4015583,4015217,4015219, 4015221 http://support.microsoft.com/kb/4014661
http://support.microsoft.com/kb/4015583
http://support.microsoft.com/kb/4015217
http://support.microsoft.com/kb/4015119
http://support.microsoft.com/kb/4015221
Microsoft Internet Explorer 4014661, 4015583,4015217,4015219, 4015221 http://support.microsoft.com/kb/4014661
http://support.microsoft.com/kb/4015583
http://support.microsoft.com/kb/4015217
http://support.microsoft.com/kb/4015119
http://support.microsoft.com/kb/4015221
Microsoft Edge several
Microsoft Silverlight 4017094 http://support.microsoft.com/kb/4017094
Microsoft .NET Framework KB4014985, 4014986, 4014987, 4014988 http://support.microsoft.com/kb/4013241
Microsft Office several
Overview in this release - April
https://www.first.org/cvss
Since the Security Update Guide has now become the formal replacement for
security bulletin webpages, and the preferred resource for security update
information from Microsoft, you and your customers should be actively
exploring the Security Update Guide. The new Security Update Guide portal allows
you to customize your views, create affected software spreadsheets, and download data via a RESTful API.
Security Update Guide webpage: https://aka.ms/securityupdateguide
MSRC blog post on November 8, 2017: Furthering our commitment to security updates
Security Update Guide Frequently Asked Questions (FAQ) webpage: https://technet.microsoft.com/en-us/security/mt791750
Starting in April 2017 - Security Updates Guide (SUG)
is standard -https://www.first.org/cvss