漏洞类别:Windows
漏洞等级: 
漏洞信息
Microsoft has released Cumulative Security Updates for Windows which addresses the following vulnerabilities:-
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. (CVE-2017-0167)
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-0168, CVE-2017-0169)
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2017-0178, CVE-2017-0179)
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-0180, CVE-2017-0181)
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185)
) An information disclosure vulnerability exists within the open-source libjpeg image-processing library where it fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. (CVE-2013-6629)
A Win32k information disclosure vulnerability exists when the win32k component improperly provides kernel information. (CVE-2017-0058)
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. (CVE-2017-0155, CVE-2017-0156)
An elevation of privilege vulnerability exists when LDAP request buffer lengths are improperly calculated. (CVE-2017-0166)
An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. (CVE-2017-0192)
A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. (CVE-2017-0199)
An elevation of privilege vulnerability exists in Microsoft Windows OLE when it fails an integrity-level check. (CVE-2017-0211)
KB Articles associated with the Update:
1) 4014652
2) 4014794
3) 4015383
4) 4015549
5) 4015550
6) 4015219
7) 4015551
8) 4015217
9) 4015221
10) 4015583
11) 4015195
12) 4015067
13) 3211308
14) 4015068
15) 3217841
16) 4015380
17) 4014793
18) 4015546
19) 4015547
20) 4015548
漏洞危害
Successful exploitation allows an attacker to execute arbitrary code and take control of an affected system.
解决方案
Customers are advised to refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论