SB2017101005 - Multiple vulnerabilities in Win32k Graphics in Microsoft Windows

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2017-11823)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists Device Guard when PowerShell exposes functions and processes user supplied code. A local attacker can inject malicious code into a Windows PowerShell session and bypass the Device Guard Code Integrity policy.

2) Memory corruption (CVE-ID: CVE-2017-8694)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when the Windows kernel-mode driver fails to properly handle objects in memory. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Privilege escalation (CVE-ID: CVE-2017-8689)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when the Windows kernel-mode driver fails to properly handle objects in memory. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8694
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8689