English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.811516
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4025341)
Summary:This host is missing a critical security; update according to Microsoft KB4025341
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4025341

Vulnerability Insight:
Multiple flaws exist when,

- Microsoft Windows fails to properly handle objects in memory.

- The way JavaScript engines render when handling objects in memory in
Microsoft browsers.

- Windows Explorer improperly handles executable files and shares during
rename operations.

- An affected Microsoft browser does not properly parse HTTP content.

- Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

- Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM)
Authentication Protocol as the default authentication protocol.

- Windows Kernel improperly handles objects in memory.

- The Windows kernel fails to properly initialize a memory address.

- PSObject wraps a CIM Instance.

- Microsoft Graphics Component fails to properly handle objects in memory.

- VBScript engine, when rendered in Internet Explorer, improperly handles
objects in memory.

- Microsoft Browsers improperly handle redirect requests.

- Microsoft Windows when Kerberos fails to prevent tampering with the SNAME
field during ticket exchange.

- Internet Explorer improperly accesses objects in memory.

- Windows System Information Console when it improperly parses XML input
containing a reference to an external entity.

- Windows Performance Monitor Console when it improperly parses XML input
containing a reference to an external entity.

- Microsoft WordPad parses specially crafted files.

- Windows Search improperly handles objects in memory.

- Windows Explorer attempts to open a non-existent file.

- Windows improperly handles objects in memory.

Vulnerability Impact:
Successful exploitation will allow
an attacker to obtain information to further compromise the user's system,
gain the same user rights as the current user, run arbitrary
code in the context of another user, trick a user by redirecting the user
to a specially crafted website, run processes in an elevated cretrieve the
base address of the kernel driver from a compromised process, embed an
ActiveX control marked 'safe for initialization' in an application or
Microsoft Office document that hosts the Internet Explorer rendering engine,
force the browser to send data that would otherwise be restricted to a
destination web site of their choice, bypass Extended Protection for
Authentication, read arbitrary files via an XML external entity (XXE)
declaration and cause a denial of service.

Affected Software/OS:
- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1

- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-8602
BugTraq ID: 99390
http://www.securityfocus.com/bid/99390
http://www.securitytracker.com/id/1038859
http://www.securitytracker.com/id/1038860
Common Vulnerability Exposure (CVE) ID: CVE-2017-0170
BugTraq ID: 99398
http://www.securityfocus.com/bid/99398
http://www.securitytracker.com/id/1038855
Common Vulnerability Exposure (CVE) ID: CVE-2017-8463
BugTraq ID: 99389
http://www.securityfocus.com/bid/99389
http://www.securitytracker.com/id/1038850
Common Vulnerability Exposure (CVE) ID: CVE-2017-8467
BugTraq ID: 99409
http://www.securityfocus.com/bid/99409
http://www.securitytracker.com/id/1038853
Common Vulnerability Exposure (CVE) ID: CVE-2017-8486
BugTraq ID: 99414
http://www.securityfocus.com/bid/99414
Common Vulnerability Exposure (CVE) ID: CVE-2017-8495
BugTraq ID: 99424
http://www.securityfocus.com/bid/99424
https://www.orpheus-lyre.info/
http://www.securitytracker.com/id/1038862
Common Vulnerability Exposure (CVE) ID: CVE-2017-8618
BugTraq ID: 99399
http://www.securityfocus.com/bid/99399
https://www.exploit-db.com/exploits/42337/
http://www.securitytracker.com/id/1038848
Common Vulnerability Exposure (CVE) ID: CVE-2017-8556
BugTraq ID: 99439
http://www.securityfocus.com/bid/99439
http://www.securitytracker.com/id/1038856
Common Vulnerability Exposure (CVE) ID: CVE-2017-8557
BugTraq ID: 99387
http://www.securityfocus.com/bid/99387
Common Vulnerability Exposure (CVE) ID: CVE-2017-8563
BugTraq ID: 99402
http://www.securityfocus.com/bid/99402
Common Vulnerability Exposure (CVE) ID: CVE-2017-8564
BugTraq ID: 99428
http://www.securityfocus.com/bid/99428
https://www.exploit-db.com/exploits/42338/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8565
BugTraq ID: 99394
http://www.securityfocus.com/bid/99394
http://www.securitytracker.com/id/1038854
Common Vulnerability Exposure (CVE) ID: CVE-2017-8573
BugTraq ID: 99431
http://www.securityfocus.com/bid/99431
Common Vulnerability Exposure (CVE) ID: CVE-2017-8577
BugTraq ID: 99416
http://www.securityfocus.com/bid/99416
Common Vulnerability Exposure (CVE) ID: CVE-2017-8578
BugTraq ID: 99419
http://www.securityfocus.com/bid/99419
Common Vulnerability Exposure (CVE) ID: CVE-2017-8580
BugTraq ID: 99421
http://www.securityfocus.com/bid/99421
Common Vulnerability Exposure (CVE) ID: CVE-2017-8581
BugTraq ID: 99423
http://www.securityfocus.com/bid/99423
Common Vulnerability Exposure (CVE) ID: CVE-2017-8582
BugTraq ID: 99429
http://www.securityfocus.com/bid/99429
http://www.securitytracker.com/id/1038863
Common Vulnerability Exposure (CVE) ID: CVE-2017-8587
BugTraq ID: 99413
http://www.securityfocus.com/bid/99413
Common Vulnerability Exposure (CVE) ID: CVE-2017-8588
BugTraq ID: 99400
http://www.securityfocus.com/bid/99400
http://www.securitytracker.com/id/1038857
Common Vulnerability Exposure (CVE) ID: CVE-2017-8589
BugTraq ID: 99425
http://www.securityfocus.com/bid/99425
http://www.securitytracker.com/id/1038866
Common Vulnerability Exposure (CVE) ID: CVE-2017-8590
BugTraq ID: 99427
http://www.securityfocus.com/bid/99427
Common Vulnerability Exposure (CVE) ID: CVE-2017-8592
BugTraq ID: 99396
http://www.securityfocus.com/bid/99396
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.