SB2017050908 - Multiple vulnerabilities in Win32.sys in Microsoft Windows

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Elevation of privilege (CVE-ID: CVE-2017-0263)

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to boundary error in Win32k.sys driver. A local user can escalate privileges on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

2) Elevation of privilege (CVE-ID: CVE-2017-0246)

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to boundary error in Win32k.sys driver. A local user can escalate privileges on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Information disclosure (CVE-ID: CVE-2017-0245)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists  when the win32k component improperly provides kernel information. A local use can gain access to potentially sensitive information.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245