Multiple vulnerabilities in Win32k Graphics in Microsoft Windows
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-11823 CVE-2017-8694 CVE-2017-8689 |
| CWE-ID | CWE-264 CWE-119 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU8758
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-11823
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists Device Guard when PowerShell exposes functions and processes user supplied code. A local attacker can inject malicious code into a Windows PowerShell session and bypass the Device Guard Code Integrity policy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 - 10
Windows Server: 2016 - 2016
CPE2.3 External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Memory corruption
EUVDB-ID: #VU8759
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-8694
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when the Windows kernel-mode driver fails to properly handle objects in memory. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10
Windows Server: 2008 - 2016
CPE2.3 External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8694
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Privilege escalation
EUVDB-ID: #VU8760
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-8689
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when the Windows kernel-mode driver fails to properly handle objects in memory. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10
Windows Server: 2008 - 2016
CPE2.3 External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8689
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
