Windows : Microsoft Bulletins : Microsoft Windows Multiple Vulnerabilities (KB4041691)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.812026
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows Multiple Vulnerabilities (KB4041691)
Zusammenfassung:	This host is missing a critical security; update according to Microsoft KB4041691
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft KB4041691 Vulnerability Insight: Multiple flaws exist due to: - A spoofing vulnerability in the Windows implementation of wireless networking (KRACK) - An error when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). - An error in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. - An error in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. - An error in certain Trusted Platform Module (TPM) chipsets. - An error when Internet Explorer improperly accesses objects in memory. - An error in the way that certain Windows components handle the loading of DLL files. - An error when the Windows kernel improperly handles objects in memory. - An error when the Windows font library improperly handles specially crafted embedded fonts. - An error when the Microsoft Windows Graphics Component improperly handles objects in memory. - An error when the Windows kernel-mode driver fails to properly handle objects in memory. - An error in the way the scripting engine handle objects in memory in Microsoft browsers. - An error in the way that the scripting engine handles objects in memory in Microsoft Edge. - An error in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. - An error in the Microsoft JET Database Engine that could allow remote code execution on an affected system. - An error when Internet Explorer improperly handles objects in memory. - An error when the Windows Graphics Component improperly handles objects in memory. - An error in the way that the scripting engine handles objects in memory in Internet Explorer. - An error when the Windows Update Delivery Optimization does not properly enforce file share permissions. - An error in Windows Domain Name System (DNS) DNSAPI. - An error in the default Windows SMB Server configuration which allows anonymous users to remotely access certain named pipes that are also configured to allow anonymous access to users who are logged on locally. - An error when Windows Search improperly handles objects in memory. - An error in Microsoft Windows storage when it fails to validate an integrity-level check. - An error in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. - when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. - An error when the Windows kernel improperly initializes objects in memory. - An error in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. - An error in the way that the Windows SMB Server handles certain requests. Vulnerability Impact: Successful exploitation will allow an attacker to run arbitrary code in the security context of the local system, conduct NTLM dictionary attacks, cause the affected system to crash, take complete control of an affected system, obtain sensitive information to further compromise the user's system, inject code into a trusted PowerShell process, run processes in an elevated context, inject code code in kernel mode and gain elevated privileges. Affected Software/OS: - Microsoft Windows Server 2016 - Microsoft Windows 10 Version 1607 x32/x64 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8717 BugTraq ID: 101161 http://www.securityfocus.com/bid/101161 http://www.securitytracker.com/id/1039527 Common Vulnerability Exposure (CVE) ID: CVE-2017-11763 BugTraq ID: 101109 http://www.securityfocus.com/bid/101109 http://www.securitytracker.com/id/1039536 Common Vulnerability Exposure (CVE) ID: CVE-2017-11765 BugTraq ID: 101111 http://www.securityfocus.com/bid/101111 http://www.securitytracker.com/id/1039526 Common Vulnerability Exposure (CVE) ID: CVE-2017-11769 BugTraq ID: 101112 http://www.securityfocus.com/bid/101112 http://www.securitytracker.com/id/1039535 Common Vulnerability Exposure (CVE) ID: CVE-2017-8718 BugTraq ID: 101162 http://www.securityfocus.com/bid/101162 Common Vulnerability Exposure (CVE) ID: CVE-2017-8726 BugTraq ID: 101084 http://www.securityfocus.com/bid/101084 http://www.securitytracker.com/id/1039529 Common Vulnerability Exposure (CVE) ID: CVE-2017-8727 BugTraq ID: 101142 http://www.securityfocus.com/bid/101142 http://www.securitytracker.com/id/1039537 Common Vulnerability Exposure (CVE) ID: CVE-2017-11771 BugTraq ID: 101114 http://www.securityfocus.com/bid/101114 http://www.securitytracker.com/id/1039538 Common Vulnerability Exposure (CVE) ID: CVE-2017-11772 BugTraq ID: 101116 http://www.securityfocus.com/bid/101116 Common Vulnerability Exposure (CVE) ID: CVE-2017-11779 BugTraq ID: 101166 http://www.securityfocus.com/bid/101166 http://www.securitytracker.com/id/1039533 Common Vulnerability Exposure (CVE) ID: CVE-2017-11780 BugTraq ID: 101110 http://www.securityfocus.com/bid/101110 http://www.securitytracker.com/id/1039528 Common Vulnerability Exposure (CVE) ID: CVE-2017-11781 BugTraq ID: 101140 http://www.securityfocus.com/bid/101140 Common Vulnerability Exposure (CVE) ID: CVE-2017-11782 BugTraq ID: 101143 http://www.securityfocus.com/bid/101143 Common Vulnerability Exposure (CVE) ID: CVE-2017-11783 BugTraq ID: 101144 http://www.securityfocus.com/bid/101144 Common Vulnerability Exposure (CVE) ID: CVE-2017-11785 BugTraq ID: 101149 http://www.securityfocus.com/bid/101149 https://www.exploit-db.com/exploits/43001/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11790 BugTraq ID: 101077 http://www.securityfocus.com/bid/101077 http://www.securitytracker.com/id/1039532 Common Vulnerability Exposure (CVE) ID: CVE-2017-11793 BugTraq ID: 101141 http://www.securityfocus.com/bid/101141 https://www.exploit-db.com/exploits/43368/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11798 BugTraq ID: 101125 http://www.securityfocus.com/bid/101125 Common Vulnerability Exposure (CVE) ID: CVE-2017-11799 BugTraq ID: 101126 http://www.securityfocus.com/bid/101126 https://www.exploit-db.com/exploits/42998/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11800 BugTraq ID: 101127 http://www.securityfocus.com/bid/101127 Common Vulnerability Exposure (CVE) ID: CVE-2017-11802 BugTraq ID: 101130 http://www.securityfocus.com/bid/101130 https://www.exploit-db.com/exploits/43000/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11804 BugTraq ID: 101131 http://www.securityfocus.com/bid/101131 Common Vulnerability Exposure (CVE) ID: CVE-2017-11808 BugTraq ID: 101135 http://www.securityfocus.com/bid/101135 Common Vulnerability Exposure (CVE) ID: CVE-2017-11809 BugTraq ID: 101137 http://www.securityfocus.com/bid/101137 https://www.exploit-db.com/exploits/42999/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11810 BugTraq ID: 101081 http://www.securityfocus.com/bid/101081 https://www.exploit-db.com/exploits/43131/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11811 BugTraq ID: 101138 http://www.securityfocus.com/bid/101138 https://www.exploit-db.com/exploits/43152/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11812 BugTraq ID: 101139 http://www.securityfocus.com/bid/101139 Common Vulnerability Exposure (CVE) ID: CVE-2017-11814 BugTraq ID: 101093 http://www.securityfocus.com/bid/101093 Common Vulnerability Exposure (CVE) ID: CVE-2017-11815 BugTraq ID: 101136 http://www.securityfocus.com/bid/101136 Common Vulnerability Exposure (CVE) ID: CVE-2017-11816 BugTraq ID: 101094 http://www.securityfocus.com/bid/101094 Common Vulnerability Exposure (CVE) ID: CVE-2017-11817 BugTraq ID: 101095 http://www.securityfocus.com/bid/101095 Common Vulnerability Exposure (CVE) ID: CVE-2017-11818 BugTraq ID: 101101 http://www.securityfocus.com/bid/101101 Common Vulnerability Exposure (CVE) ID: CVE-2017-11822 BugTraq ID: 101122 http://www.securityfocus.com/bid/101122 Common Vulnerability Exposure (CVE) ID: CVE-2017-11823 BugTraq ID: 101102 http://www.securityfocus.com/bid/101102 https://www.exploit-db.com/exploits/42997/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11824 BugTraq ID: 101099 http://www.securityfocus.com/bid/101099 Common Vulnerability Exposure (CVE) ID: CVE-2017-11829 BugTraq ID: 101213 http://www.securityfocus.com/bid/101213 Common Vulnerability Exposure (CVE) ID: CVE-2017-8689 BugTraq ID: 101128 http://www.securityfocus.com/bid/101128 Common Vulnerability Exposure (CVE) ID: CVE-2017-8693 BugTraq ID: 101096 http://www.securityfocus.com/bid/101096 Common Vulnerability Exposure (CVE) ID: CVE-2017-11762 BugTraq ID: 101108 http://www.securityfocus.com/bid/101108 Common Vulnerability Exposure (CVE) ID: CVE-2017-8694 BugTraq ID: 101100 http://www.securityfocus.com/bid/101100 Common Vulnerability Exposure (CVE) ID: CVE-2017-8715 BugTraq ID: 101163 http://www.securityfocus.com/bid/101163 Common Vulnerability Exposure (CVE) ID: CVE-2017-13080 BugTraq ID: 101274 http://www.securityfocus.com/bid/101274 CERT/CC vulnerability note: VU#228519 http://www.kb.cert.org/vuls/id/228519 Cisco Security Advisory: 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa Debian Security Information: DSA-3999 (Google Search) http://www.debian.org/security/2017/dsa-3999 FreeBSD Security Advisory: FreeBSD-SA-17:07 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc https://security.gentoo.org/glsa/201711-03 https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://www.krackattacks.com/ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html RedHat Security Advisories: RHSA-2017:2907 https://access.redhat.com/errata/RHSA-2017:2907 RedHat Security Advisories: RHSA-2017:2911 https://access.redhat.com/errata/RHSA-2017:2911 http://www.securitytracker.com/id/1039572 http://www.securitytracker.com/id/1039573 http://www.securitytracker.com/id/1039576 http://www.securitytracker.com/id/1039577 http://www.securitytracker.com/id/1039578 http://www.securitytracker.com/id/1039581 http://www.securitytracker.com/id/1039585 http://www.securitytracker.com/id/1039703 SuSE Security Announcement: SUSE-SU-2017:2745 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html SuSE Security Announcement: SUSE-SU-2017:2752 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html SuSE Security Announcement: openSUSE-SU-2017:2755 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html http://www.ubuntu.com/usn/USN-3455-1
Copyright	Copyright (C) 2017 Greenbone AG