Vulnerabilities fixed by component and by...

40

Transcript of Vulnerabilities fixed by component and by...

Page 1: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,
Page 2: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,
Page 3: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

0

1

2

3

4

5

6

7

8

9

10

Windows

10 RTM

Windows

10 1511

Windows

10 1607

and Server

2016

Windows

10 1703

Windows

8.1 and

Windows

Server

2012 R2

Windows

Server

2012

Windows 7

and

Windows

Server

2008 R2

Windows

Vista and

Windows

Server

2008

Microsoft

Internet

Explorer

Microsoft

Edge

Microsoft

Silverlight

Microsoft

.NET

Framework

Microsoft

Office

Vulnerabilities fixed by component and by impact

Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

Page 4: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

CVSS 8.1

More Information:Windows 10 Creators Update available April 11. Windows Blog

Components:Graphics Component,

Scripting Engine, Active Directory, Hyper-V,

Windows Kernel

Kernel-Mode Drivers

Windows OLE

24%

19%

24%

33%Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

22 CVEs

0 public

0 exploited

Page 5: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Components:Graphics Component,

Scripting Engine, Active Directory, Hyper-V,

Windows Kernel

Kernel-Mode Drivers

Windows OLE

21%

17%

21%

4%

37% Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

24 CVEs

0 public

0 exploited

CVSS 8.1

Page 6: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.

Attack VectorsAn elevation of privilege vulnerability exists when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller

Impact, Severity, DisclosureElevation of Privilege | Important | Privately disclosed | No known exploits in the wild

Page 7: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Components:Graphics Component,

Scripting Engine, Active Directory, Hyper-V,

Windows Kernel

Kernel-Mode Drivers

Windows OLE

21%

22%

22%

35%Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

23 CVEs

0 public

0 exploited

CVSS 8.1

Page 8: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Components:Graphics Component,

Scripting Engine, Active Directory, Hyper-V,

Windows Kernel

Kernel-Mode Drivers

Windows OLE

21%

22%

22%

35%Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

23 CVEs

0 public

0 exploited

CVSS 8.1

Page 9: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.

Attack VectorsTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Impact, Severity, DisclosureElevation of Privilege | Important | Privately disclosed | No known exploits in the wild

Page 10: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Components:Graphics Component,

Scripting Engine, Active Directory, Hyper-V,

Windows Kernel

Kernel-Mode Drivers

Windows OLE

17%

17%

29%

4%

33%Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

24 CVEs

0 public

0 exploited

CVSS 8.1

Page 11: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Components:Graphics Component,

Scripting Engine, Active Directory, Hyper-V,

Windows Kernel

Kernel-Mode Drivers

Windows OLE

21%

16%

31%

32%

Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

18 CVEs

0 public

0 exploited

CVSS 8.1

Page 12: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsCustomers who have not enabled the Hyper-V role are not affected.

Attack VectorsTo exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild

Page 13: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Components:Graphics Component,

Scripting Engine, Active Directory, Hyper-V,

Windows Kernel

Kernel-Mode Drivers

20%

20%

27%

33%Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

15 CVEs

0 public

0 exploited

CVSS 8.1

Page 14: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Components:Graphics Component,

Scripting Engine, Active Directory, Hyper-V,

Windows Kernel

Kernel-Mode Drivers

37%

18%

36%

9%

Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

11 CVEs

0 public

0 exploited

CVSS 8.1

Page 15: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.

Attack VectorsTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system

Impact, Severity, DisclosureElevation of Privilege | Important | Privately disclosed | No known exploits in the wild

Page 16: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

CVSS 7.5

More Information:Limited, targeted attacks associated with CVE-2017-0210. VBScript can be disabled in IE11. See KB4012494 for details.

Packages:Windows Vista/Server 2008 KB4014661

Windows 7/Server 2008 R2 KB4014661

Windows Server 2012 KB4014661

Windows 8.1/Server 2012 R2 KB4014661

Windows 10/Server 2016 KB4015583,4015217,4015219, KB4015221

67%

33%Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

3 CVEs

1 public

1 exploited

Page 17: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.

Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.

Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild

Page 18: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.

Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Office document that hosts the Edge rendering engine.

Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild

Page 19: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.

Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.

Impact, Severity, DisclosureElevation of Privilege | Important | Publicly disclosed | Exploitation detected

Page 20: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

CVSS 4.3

More Information:Creators Update attack surface reduction in Microsoft Edge sandbox

60%20%

20%

Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

5 CVEs

1 public

0 exploited

Page 21: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.

Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.

Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild

Page 22: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsAttacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by getting them to open an attachment sent through email. No way for attacker to force user to view malicious content. Exploitation only gains the same user rights as the logged on account.

Attack VectorsAn attacker could host a specially crafted website that is designed to exploit the vulnerability through affected Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Office document that hosts the Edge rendering engine.

Impact, Severity, DisclosureRemote Code Execution | Critical | Privately disclosed | No known exploits in the wild

Page 23: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

More Information:EPS filter disabled by default after applying applicable Office updates. See KB2479871 to re-enable (not recommended). CVE-2017-0199 received press coverage – link to US CERT Vulnerability Note http://www.kb.cert.org/vuls/id/921560

Products:Office 2007/2010/2013/2013 RT/2016, Excel 2007, Excel 2010, Outlook 2007/2010/2013,2016, OneNote 2007/2010, Outlook for Mac 2011, Excel Services on SharePoint Server 2010/2013, Office Web Apps 2010/2013, Office Online Server, Office Compatibility Pack

43%

15%

14%

14%

14%

Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Denial of Service

Spoofing

6 CVEs

1 public

2 exploited

Page 24: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.

Attack VectorsExploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Web Scenario - Attacker hosts a malicious website utilizing the vulnerability, then convinces users to visit the site or attacker takes advantage of compromised websites and/or sites hosting ads from other providers.

Email scenario - Attacker sends specially–crafted file and persuades user to open the file or preview the email.

Impact, Severity, DisclosureRemote Code Execution | Critical | Publicly disclosed | Exploitation detected

Page 25: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.

MitigationsMicrosoft has not identified any mitigating factors for this vulnerability.

Attack VectorsAttacker who successfully exploits could perform cross-site scripting attacks in the context of current user. For this vulnerability to be exploited, a user must click a specially crafted URL In an email attack scenario, an attacker could exploit the vulnerability by sending an email message containing the specially crafted URL to the user and by convincing the user to click on the specially crafted URL. In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted URL In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability

Impact, Severity, DisclosureElevation of Privilege | Important | Privately disclosed | No known exploits in the wild

Page 26: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,
Page 28: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,
Page 29: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,
Page 30: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

aka.ms/lifecycle

Page 31: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,
Page 32: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,
Page 33: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,
Page 34: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

CVE Public Exploited Impact Product

CVE-2017-0203 Yes No RCE Edge

CVE-2017-0210 Yes Yes EoP IE

CVE-2017-0199 Yes Yes RCE Windows/Office

Office EPS filter No Yes RCE Office

Page 36: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Overview of vulnerabilities addressed in this release - April

Vulnerability Detail

KBRemote

Code Execution

Elevation of

Privilege

Information

Disclosure

Security Feature Bypass

Denial of

ServiceSpoofing

Public Disclosure

Know Exploit

Max CVSS

Windows 10 RTM 4015221 5 5 5 0 8 0 0 0 8.1

Windows 10 1511 4015219 5 5 5 0 8 0 0 0 8.1

Windows 10 1607 and Server 2016 4015217 5 4 5 1 9 0 0 0 8.1

Windows 10 1703 4015583 5 4 5 0 7 0 0 0 8.1

Windows 8.1 and Windows Server 2012 R2 4015547 4 4 7 1 8 0 0 0 8.1

Windows Server 2012 4015548 4 3 6 0 6 0 0 0 8.1

Windows 7 and Windows Server 2008 R2 4015546 3 3 4 0 5 0 0 0 8.1

Windows Vista and Windows Server 2008

4014661,

4015583,4015217,401521

9, 4015221

4 2 4 - 1 0 0 0 8.1

Microsoft Internet Explorer

4014661,

4015583,4015217,401521

9, 4015221

2 1 0 0 0 0 1 1 7.5

Microsoft Edge several 3 0 1 1 0 0 1 0 4.3

Microsoft Silverlight 4017094 0 0 1 0 0 - 0 0 _

Microsoft .NET Framework

KB4014985, 4014986,

4014987, 4014988 1 0 0 0 0 0 0 0 _

Microsoft Office several 3 1 1 1 0 1 1 2 _

Page 37: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Software KB Link

Windows 10 RTM 4015221 http://support.microsoft.com/kb/4015221

Windows 10 1511 4015219 http://support.microsoft.com/kb/4015219

Windows 10 1607 and Server 2016 4015217 http://support.microsoft.com/kb/4015217

Windows 10 1703 4015583 http://support.microsoft.com/kb/4015583

Windows 8.1 and Windows Server 2012 R24015547 http://support.microsoft.com/kb/4015547

Windows Server 2012 4015548 http://support.microsoft.com/kb/4015548

Windows 7 and Windows Server 2008 R24015546 http://support.microsoft.com/kb/4015546

Windows Vista and Windows Server 20084014661, 4015583,4015217,4015219, 4015221 http://support.microsoft.com/kb/4014661

http://support.microsoft.com/kb/4015583

http://support.microsoft.com/kb/4015217

http://support.microsoft.com/kb/4015119

http://support.microsoft.com/kb/4015221

Microsoft Internet Explorer 4014661, 4015583,4015217,4015219, 4015221 http://support.microsoft.com/kb/4014661

http://support.microsoft.com/kb/4015583

http://support.microsoft.com/kb/4015217

http://support.microsoft.com/kb/4015119

http://support.microsoft.com/kb/4015221

Microsoft Edge several

Microsoft Silverlight 4017094 http://support.microsoft.com/kb/4017094

Microsoft .NET Framework KB4014985, 4014986, 4014987, 4014988 http://support.microsoft.com/kb/4013241

Microsft Office several

Overview in this release - April

Page 38: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

https://www.first.org/cvss

Page 39: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

Since the Security Update Guide has now become the formal replacement for

security bulletin webpages, and the preferred resource for security update

information from Microsoft, you and your customers should be actively

exploring the Security Update Guide. The new Security Update Guide portal allows

you to customize your views, create affected software spreadsheets, and download data via a RESTful API.

Security Update Guide webpage: https://aka.ms/securityupdateguide

MSRC blog post on November 8, 2017: Furthering our commitment to security updates

Security Update Guide Frequently Asked Questions (FAQ) webpage: https://technet.microsoft.com/en-us/security/mt791750

Starting in April 2017 - Security Updates Guide (SUG)

Page 40: Vulnerabilities fixed by component and by impactdownload.microsoft.com/documents/France/Securite/... · Windows Blog Components: Graphics Component, Scripting Engine, Active Directory,

is standard -https://www.first.org/cvss