|CERT-In Vulnerability Note
Multiple Vulnerabilities in Microsoft Windows
Original Issue Date:December 14, 2017
Severity Rating: HIGH
- Windows 7 for 32-bit Systems SP1 and x64-based Systems SP1
- Microsoft Windows 8.1 for 32-bit Systems and x64-based Systems
- Microsoft Windows RT 8.1
- Windows 10 for 32-bit Systems and x64-based Systems
- Windows 10 Version 1511 for 32-bit Systems and x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems and x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems and x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems and x64-based Systems
- Microsoft Windows Server 2008 R2 32-bit Systems, x64-based Systems and Itanium-based Systems SP2
- Windows Server 2008 R2 for x64-based Systems SP1 and Itanium-Based Systems SP1
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2016
- Windows Server 2008 for 32-bit Systems SP 2 (Server Core installation)
- Windows Server 2008 for x64-based Systems SP 2 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems SP 1 (Server Core installation)
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016 (Server Core installation)
- Windows Server Version 1709 (Server Core Installation)
Multiple vulnerabilities have been reported in Microsoft Windows which could allow an attacker to execute arbitrary code on the targeted system, bypass security restrictions, or obtain sensitive information.
1. RRAS Service Remote Code Execution Vulnerability
This vulnerability is due to improper handling of requests performed by the RRAS enabled RPC server. A remote attacker could exploit this vulnerability by executing a specially crafted application against the RPC server to execute remote code. If the current logged in user has elevated privileges, the attacker could completely compromise the system.
2. Security Feature Bypass Vulnerability
This vulnerability exists in the Device Guard component of Microsoft Windows due to incorrect validation of an untrusted file. An attacker could exploit this vulnerability by accessing the system and executing an unsigned application which submits malicious input to the affected software.
Successful exploitation of this vulnerability could allow the attacker to bypass Device Guard security restrictions which could lead to further attacks.
3. Information Disclosure Vulnerability
This vulnerability exists in the its:// protocol handler of Microsoft Windows due to an error while sending traffic to a remote site to determine the zone of a provided URL. A remote attacker could exploit this vulnerability by enticing the user to visit a malicious website or SMB or UNC path destination.
Successful exploitation of this vulnerability could allow the attacker to obtain the user's NTLM hash and attempt a brute-force attack resulting in disclosure of the corresponding user¿s password.
Apply appropriate patches as mentioned in Microsoft Security Guidance
The information provided herein is on "as is" basis, without warranty of any kind.
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003