9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
79.9%
The remote Windows host is missing multiple security updates released on 2017/11/14. It is, therefore, affected by multiple vulnerabilities :
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#
include("compat.inc");
if (description)
{
script_id(104561);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/17");
script_cve_id(
"CVE-2017-11788",
"CVE-2017-11831",
"CVE-2017-11832",
"CVE-2017-11835",
"CVE-2017-11847",
"CVE-2017-11849",
"CVE-2017-11851",
"CVE-2017-11852",
"CVE-2017-11853",
"CVE-2017-11880"
);
script_bugtraq_id(
101711,
101721,
101726,
101729,
101736,
101739,
101755,
101762,
101763,
101764
);
script_xref(name:"MSKB", value:"4046184");
script_xref(name:"MSFT", value:"MS17-4046184");
script_xref(name:"MSKB", value:"4047211");
script_xref(name:"MSFT", value:"MS17-4047211");
script_xref(name:"MSKB", value:"4048968");
script_xref(name:"MSFT", value:"MS17-4048968");
script_xref(name:"MSKB", value:"4048970");
script_xref(name:"MSFT", value:"MS17-4048970");
script_xref(name:"MSKB", value:"4049164");
script_xref(name:"MSFT", value:"MS17-4049164");
script_name(english:"Windows 2008 November 2017 Multiple Security Updates");
script_summary(english:"Checks the existence of Windows Server 2008 November 2017 Patches.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing multiple security updates released
on 2017/11/14. It is, therefore, affected by multiple
vulnerabilities :
- An information disclosure vulnerability exists when the
Windows kernel improperly initializes objects in memory.
(CVE-2017-11880)
- An information disclosure vulnerability exists in the
way that the Microsoft Windows Embedded OpenType (EOT)
font engine parses specially crafted embedded fonts. An
attacker who successfully exploited this vulnerability
could potentially read data that was not intended to be
disclosed. Note that this vulnerability would not allow
an attacker to execute code or to elevate their user
rights directly, but it could be used to obtain
information that could be used to try to further
compromise the affected system. (CVE-2017-11832,
CVE-2017-11835)
- An elevation of privilege vulnerability exists when the
Windows kernel fails to properly handle objects in
memory. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change,
or delete data; or create new accounts with full user
rights. (CVE-2017-11847)
- An information disclosure vulnerability exists when the
Windows kernel fails to properly initialize a memory
address. An attacker who successfully exploited this
vulnerability could obtain information to further
compromise the users system. (CVE-2017-11831,
CVE-2017-11849, CVE-2017-11853)
- A denial of service vulnerability exists when Windows
Search improperly handles objects in memory. An attacker
who successfully exploited the vulnerability could cause
a remote denial of service against a system.
(CVE-2017-11788)
- A Win32k information disclosure vulnerability exists
when the Windows GDI component improperly discloses
kernel memory addresses. An attacker who successfully
exploited the vulnerability could obtain information to
further compromise the users system. (CVE-2017-11851,
CVE-2017-11852)");
# https://support.microsoft.com/en-us/help/4046184/security-update-for-windows-information-disclosure
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?93affd27");
# https://support.microsoft.com/en-us/help/4048968/windows-eot-font-engine-information-disclosure-vulnerability
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6ae2aa8e");
# https://support.microsoft.com/en-us/help/4049164/security-update-for-information-disclosure-vulnerability-in-windows-se
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8a4acc26");
# https://support.microsoft.com/en-us/help/4048970/security-update-for-vulnerabilities-in-windows-server-2008
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b1232ba");
# https://support.microsoft.com/en-us/help/4047211/security-update-for-the-windows-search-denial-of-service-vulnerability
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fea3380b");
script_set_attribute(attribute:"solution", value:
"Apply the following security updates :
- 4046184
- 4047211
- 4048968
- 4048970
- 4049164");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11847");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/14");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2008");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS17-11';
kbs = make_list(
"4046184",
"4047211",
"4048968",
"4048970",
"4049164"
);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
# KBs only apply to Windows 2008
if (hotfix_check_sp_range(vista:'2') <= 0)
audit(AUDIT_OS_SP_NOT_VULN);
productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Vista" >< productname) audit(AUDIT_OS_SP_NOT_VULN);
systemroot = hotfix_get_systemroot();
if (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');
port = kb_smb_transport();
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');
winsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:"\1\WinSxS", string:systemroot);
winsxs_share = hotfix_path2share(path:systemroot);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);
if (rc != 1)
{
NetUseDel();
audit(AUDIT_SHARE_FAIL, winsxs_share);
}
the_session = make_array(
'login', login,
'password', pass,
'domain', domain,
'share', winsxs_share
);
vuln = 0;
# 4049164
files = list_dir(basedir:winsxs, level:0, dir_pat:"ntfs_31bf3856ad364e35", file_pat:"^ntfs\.sys$", max_recurse:1);
vuln += hotfix_check_winsxs(os:'6.0',
sp:2,
files:files,
versions:make_list('6.0.6002.24215'),
max_versions:make_list('6.0.6003.99999'),
bulletin:bulletin,
kb:"4049164", session:the_session);
# 4047211
files = list_dir(basedir:winsxs, level:0, dir_pat:"c..ent-indexing-common_31bf3856ad364e35", file_pat:"^query\.dll$", max_recurse:1);
vuln += hotfix_check_winsxs(os:'6.0',
sp:2,
files:files,
versions:make_list('6.0.6002.24215'),
max_versions:make_list('6.0.6003.99999'),
bulletin:bulletin,
kb:"4047211", session:the_session);
# 4048970
files = list_dir(basedir:winsxs, level:0, dir_pat:"win32k_31bf3856ad364e35", file_pat:"^win32k\.sys$", max_recurse:1);
vuln += hotfix_check_winsxs(os:'6.0',
sp:2,
files:files,
versions:make_list('6.0.6002.24215'),
max_versions:make_list('6.0.6003.99999'),
bulletin:bulletin,
kb:"4048970", session:the_session);
# 4048968
files = list_dir(basedir:winsxs, level:0, dir_pat:"font-embedding_31bf3856ad364e35", file_pat:"^t2embed\.dll$", max_recurse:1);
vuln += hotfix_check_winsxs(os:'6.0',
sp:2,
files:files,
versions:make_list('6.0.6002.24215'),
max_versions:make_list('6.0.6003.99999'),
bulletin:bulletin,
kb:"4048968", session:the_session);
# 4046184
files = list_dir(basedir:winsxs, level:0, dir_pat:"lua-filevirtualization_31bf3856ad364e35", file_pat:"^luafv\.sys$", max_recurse:1);
vuln += hotfix_check_winsxs(os:'6.0',
sp:2,
files:files,
versions:make_list('6.0.6002.24215'),
max_versions:make_list('6.0.6003.99999'),
bulletin:bulletin,
kb:"4046184", session:the_session);
if (vuln > 0)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_server_2008 | cpe:/o:microsoft:windows_server_2008 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11831
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11832
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11849
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11851
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11852
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11880
www.nessus.org/u?2b1232ba
www.nessus.org/u?6ae2aa8e
www.nessus.org/u?8a4acc26
www.nessus.org/u?93affd27
www.nessus.org/u?fea3380b
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
79.9%