Symantec product detections for Microsoft monthly Security Bulletins - September 2017

book

Article ID: 170131

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017 

Resolution

 

ID and Rating

CAN/CVE ID: AV170013

BID: N/A

Microsoft Rating: Critical

Vulnerability Type

September 2017 Flash Security Update

Vulnerability Affects

See Adobe Bulletin

Details

See Adobe Bulletin

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-0161

BID: 100728

Microsoft Rating: Critical

Vulnerability Type

NetBIOS Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacted system. An attacker who successfully exploits the vulnerability could execute arbitrary code on the target.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-11764

BID: 100726

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-11766

BID: 100729

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8649

BID: 100754

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8660

BID: 100757

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8676

BID: 100755

Microsoft Rating: Critical

Vulnerability Type

Windows GDI+ Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Live Meeting 2007 Add-in
Microsoft Live Meeting 2007 Console
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2010 (64-bit)
Microsoft Lync 2010 Attendee (admin level install)
Microsoft Lync 2010 Attendee (user level install)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Microsoft Lync Basic 2013 Service Pack 1 (32-bit)
Microsoft Lync Basic 2013 Service Pack 1 (64-bit)
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2016 for Mac
Microsoft Office Word Viewer
Microsoft Office for Mac 2011
Skype for Business 2016 (32-bit)
Skype for Business 2016 (64-bit)
Skype for Business 2016 Basic (32-bit)
Skype for Business 2016 Basic (64-bit)
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8682

BID: 100772

Microsoft Rating: Critical

Vulnerability Type

Win32k Graphics Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Word Viewer
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8686

BID: 100730

Microsoft Rating: Critical

Vulnerability Type

Windows DHCP Server Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8728

BID: 100739

Microsoft Rating: Critical

Vulnerability Type

Microsoft PDF Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)

Details

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-8728

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8729

BID: 100733

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8731

BID: 100735

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8734

BID: 100738

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Exp.CVE-2017-8734

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8737

BID: 100749

Microsoft Rating: Critical

Vulnerability Type

Microsoft PDF Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)

Details

 A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Exp.CVE-2017-8737

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-8738

BID: 100759

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-8738

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8740

BID: 100763

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8741

BID: 100764

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Microsoft Edge

Details

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8747

BID: 100765

Microsoft Rating: Critical

Vulnerability Type

Internet Explorer Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Internet Explorer 10
Internet Explorer 11

Details

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Exp.CVE-2017-8747

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8748

BID: 100766

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Internet Explorer 11
Microsoft Edge

Details

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8749

BID: 100770

Microsoft Rating: Critical

Vulnerability Type

Internet Explorer Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Internet Explorer 10
Internet Explorer 11

Details

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-8749

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8750

BID: 100771

Microsoft Rating: Critical

Vulnerability Type

Microsoft Browser Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Internet Explorer 11
Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8751

BID: 100774

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8752

BID: 100775

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8753

BID: 100776

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-8753

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8755

BID: 100778

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8756

BID: 100718

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8757

BID: 100721

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Exp.CVE-2017-8757

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-11761

BID: 100731

Microsoft Rating: Important

Vulnerability Type

Microsoft Exchange Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Exchange Server 2013 Cumulative Update 16
Microsoft Exchange Server 2013 Cumulative Update 17
Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2016 Cumulative Update 5
Microsoft Exchange Server 2016 Cumulative Update 6

Details

An input sanitization issue exists with Microsoft Exchange that could potentially result in unintended Information Disclosure. An attacker who successfully exploited the vulnerability could identify the existence of RFC1918 addresses on the local network from a client on the Internet. An attacker could use this internal host information as part of a larger attack.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8567

BID: 100719

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Remote Code Execution
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Excel for Mac 2011

Details

A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8597

BID: 100745

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists when Microsoft Edge does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8628

BID: 100744

Microsoft Rating: Important

Vulnerability Type

Microsoft Bluetooth Driver Spoofing Vulnerability
Spoofing

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems 
Microsoft Windows 10 for x64-based Systems 
Microsoft Windows 10 version 1511 for 32-bit Systems 
Microsoft Windows 10 version 1511 for x64-based Systems 
Microsoft Windows 10 Version 1607 for x64-based Systems 
Microsoft Windows 10 Version 1607 for 32-bit Systems 
Microsoft Windows 10 version 1703 for 32-bit Systems 
Microsoft Windows 10 version 1703 for x64-based Systems 
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8.1 for 32-bit Systems 
Microsoft Windows 8.1 for x64-based Systems 
Microsoft Windows RT 8.1
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2016 

Details

A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8629

BID: 100725

Microsoft Rating: Important

Vulnerability Type

Microsoft SharePoint XSS Vulnerability
Elevation of Privilege

Vulnerability Affects

Microsoft SharePoint Server 2013 Service Pack 1

Details

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8630

BID: 100732

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)

Details

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8631

BID: 100751

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Excel Services
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 for Mac
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Excel Web App 2013 Service Pack 1
Microsoft Excel for Mac 2011
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2013 Service Pack 1
Office Online Server

Details

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8632

BID: 100734

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Office Compatibility Pack Service Pack 3
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016 for Mac
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel for Mac 2011

Details

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8643

BID: 100747

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8648

BID: 100750

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8675

BID: 100752

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability
Elevation of Privilege

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8677

BID: 100767

Microsoft Rating: Important

Vulnerability Type

Win32k Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8678

BID: 100769

Microsoft Rating: Important

Vulnerability Type

Win32k Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8679

BID: 100720

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8680

BID: 100722

Microsoft Rating: Important

Vulnerability Type

Win32k Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)

Details

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8681

BID: 100727

Microsoft Rating: Important

Vulnerability Type

Win32k Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8683

BID: 100781

Microsoft Rating: Important

Vulnerability Type

Win32k Graphics Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8684

BID: 100782

Microsoft Rating: Important

Vulnerability Type

Windows GDI+ Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)

Details

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8685

BID: 100724

Microsoft Rating: Important

Vulnerability Type

Windows GDI+ Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Details

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8687

BID: 100736

Microsoft Rating: Important

Vulnerability Type

Win32k Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8688

BID: 100756

Microsoft Rating: Important

Vulnerability Type

Windows GDI+ Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8692

BID: 100762

Microsoft Rating: Important

Vulnerability Type

Uniscribe Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8695

BID: 100773

Microsoft Rating: Important

Vulnerability Type

Graphics Component Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Live Meeting 2007 Add-in
Microsoft Live Meeting 2007 Console
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2010 (64-bit)
Microsoft Lync 2010 Attendee (admin level install)
Microsoft Lync 2010 Attendee (user level install)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Microsoft Lync Basic 2013 Service Pack 1 (32-bit)
Microsoft Lync Basic 2013 Service Pack 1 (64-bit)
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Word Viewer
Skype for Business 2016 (32-bit)
Skype for Business 2016 (64-bit)
Skype for Business 2016 Basic (32-bit)
Skype for Business 2016 Basic (64-bit)
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8696

BID: 100780

Microsoft Rating: Important

Vulnerability Type

Microsoft Graphics Component Remote Code Execution
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Live Meeting 2007 Add-in
Microsoft Live Meeting 2007 Console
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2010 (64-bit)
Microsoft Lync 2010 Attendee (admin level install)
Microsoft Lync 2010 Attendee (user level install)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Microsoft Lync Basic 2013 Service Pack 1 (32-bit)
Microsoft Lync Basic 2013 Service Pack 1 (64-bit)
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Word Viewer
Skype for Business 2016 (32-bit)
Skype for Business 2016 (64-bit)
Skype for Business 2016 Basic (32-bit)
Skype for Business 2016 Basic (64-bit)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Details

A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8699

BID: 100783

Microsoft Rating: Important

Vulnerability Type

Windows Shell Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8702

BID: 100785

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability
Elevation of Privilege

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8704

BID: 100787

Microsoft Rating: Important

Vulnerability Type

Hyper-V Denial of Service Vulnerability
Denial of Service

Vulnerability Affects

Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8706

BID: 100789

Microsoft Rating: Important

Vulnerability Type

Hyper-V Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8707

BID: 100790

Microsoft Rating: Important

Vulnerability Type

Hyper-V Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for x64-based Systems
Windows 8.1 for x64-based systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8708

BID: 100791

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core nstallation)

Details

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8709

BID: 100792

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8710

BID: 100793

Microsoft Rating: Important

Vulnerability Type

Windows Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Details

An information disclosure vulnerability exists in the Microsoft Common Console Document (.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8711

BID: 100794

Microsoft Rating: Important

Vulnerability Type

Hyper-V Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8712

BID: 100795

Microsoft Rating: Important

Vulnerability Type

Hyper-V Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8713

BID: 100796

Microsoft Rating: Important

Vulnerability Type

Hyper-V Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for x64-based Systems
Windows 8.1 for x64-based systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8714

BID: 100797

Microsoft Rating: Important

Vulnerability Type

Remote Desktop Virtual Host Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Windows 10 Version 1607 for x64-based Systems
Windows 10 for x64-based Systems
Windows 8.1 for x64-based systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8716

BID: 100802

Microsoft Rating: Important

Vulnerability Type

Windows Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

A security feature bypass vulnerability exists when Windows Control Flow Guard mishandles objects in memory.

Details

Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8719

BID: 100803

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8720

BID: 100804

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability
Elevation of Privilege

Vulnerability Affects

Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)

Details

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8724

BID: 100777

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Spoofing Vulnerability
Spoofing

Vulnerability Affects

Microsoft Edge

Details

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8725

BID: 100758

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Publisher Remote Code Execution
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Publisher 2007 Service Pack 3
Microsoft Publisher 2010 Service Pack 2 (32-bit editions)
Microsoft Publisher 2010 Service Pack 2 (64-bit editions)

Details

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8733

BID: 100737

Microsoft Rating: Important

Vulnerability Type

Internet Explorer Spoofing Vulnerability
Spoofing

Vulnerability Affects

Internet Explorer 9
Internet Explorer 10
Internet Explorer 11

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8736

BID: 100743

Microsoft Rating: Important

Vulnerability Type

Microsoft Browser Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Internet Explorer 11
Microsoft Edge

Details

An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8739

BID: 100761

Microsoft Rating: Important

Vulnerability Type

Scripting Engine Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Details

Microsoft Edge

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

 

ID and Rating

CAN/CVE ID: CVE-2017-8742

BID: 100741

Microsoft Rating: Important

Vulnerability Type

PowerPoint Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft PowerPoint 2007 Service Pack 3
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
Microsoft PowerPoint 2013 RT Service Pack 1
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft PowerPoint Viewer 2007
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2013 Service Pack 1

Details

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8743

BID: 100746

Microsoft Rating: Important

Vulnerability Type

PowerPoint Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft PowerPoint 2016 (32-bit edition)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Office Online Server

Details

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8744

BID: 100748

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)

Details

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8745

BID: 100753

Microsoft Rating: Important

Vulnerability Type

Microsoft SharePoint Cross Site Scripting Vulnerability
Elevation of Privilege

Vulnerability Affects

Microsoft SharePoint Foundation 2013 Service Pack 1 

Details

A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8746

BID: 100760

Microsoft Rating: Important

Vulnerability Type

Device Guard Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows Server 2016
Windows Server 2016  (Server Core installation)

Details

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8754

BID: 100779

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

Microsoft Edge

Details

A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8758

BID: 100723

Microsoft Rating: Important

Vulnerability Type

Microsoft Exchange Cross-Site Scripting Vulnerability
Elevation of Privilege

Vulnerability Affects

Microsoft Exchange Server 2016 Cumulative Update 6

Details

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8759

BID: 100742

Microsoft Rating: Important

Vulnerability Type

.NET Framework Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.1
Microsoft .NET Framework 4.6.2/4.7
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7
Microsoft .NET Framework 4.7

Windows 7 for x64-based Systems Service Pack 1
Windows Server 2012 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 R2
Windows RT 8.1
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2016
Windows Server 2016  (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2012

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

 

Details

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Intrusion Protection System (IPS) Response

Sig ID: Attack: WSDL Soap CVE-2017-8759

Other Detections

AV: Exp.CVE-2017-8759

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-9417

BID: 99482

Microsoft Rating: Important

Vulnerability Type

Broadcom BCM43xx Remote Code Execution Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Windows 10 Version 1607 for 32-bit Systems

Details

A remote code execution vulnerability exists when the Broadcom chipset in HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8723

BID: 100768

Microsoft Rating: Moderate

Vulnerability Type

Microsoft Edge Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

Microsoft Edge

Details

A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: CVE-2017-8735

BID: 100740

Microsoft Rating: Moderate

Vulnerability Type

Microsoft Edge Spoofing Vulnerability
Spoofing

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review

 

ID and Rating

CAN/CVE ID: AV170015

BID: N/A

Microsoft Rating: None

Vulnerability Type

Microsoft Office Defense in Depth Update

Vulnerability Affects

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 (32-bit editions)
Microsoft Outlook 2013 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)

Details

N/A

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: Under review