Multiple vulnerabilities in Win32.sys driver in Microsoft Windows

Published: 2017-09-12 21:52:14
Severity Low
Patch available YES
Number of vulnerabilities 8
CVSSv2 5.3 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
5.3 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 7.5 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-8675
CVE-2017-8677
CVE-2017-8678
CVE-2017-8680
CVE-2017-8681
CVE-2017-8683
CVE-2017-8687
CVE-2017-8720
CWE ID CWE-119
CWE-200
Exploitation vector Local
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 7
Windows 10
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2016
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Memory corruption

Description

The vulnerability allows a local attacker to escalate privileges on the target system.

The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can execute arbitrary code on the target system with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8675

2) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses within Win32k.sys driver.  A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8677

3) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678

4) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses within Win32k.sys driver. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680

5) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses within Win32k.sys driver. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8681

6) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory within Win32k.sys driver. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8683

7) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass within Win32k.sys driver. A remote attacker can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687

8) Buffer overflow

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to boundary error within Win32k.sys driver . A local user can execute arbitrary code on the target system with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8720

Back to List