Test ID:	1.3.6.1.4.1.25623.1.0.812016
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows Multiple Vulnerabilities (KB4041681)
Summary:	This host is missing a critical security; update according to Microsoft KB4041681
Description:	Summary: This host is missing a critical security update according to Microsoft KB4041681 Vulnerability Insight: Multiple flaws exist due to: - A spoofing vulnerability in the Windows implementation of wireless networking (KRACK) - An error in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. - An error in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. - An error when the Windows kernel improperly handles objects in memory. - An error when the Windows font library improperly handles specially crafted embedded fonts. - An error when the Windows kernel-mode driver fails to properly handle objects in memory. - An error when Internet Explorer improperly accesses objects in memory. - An error in the Microsoft JET Database Engine that could allow remote code execution on an affected system. - An error when Internet Explorer improperly handles objects in memory. - An error when the Windows Graphics Component improperly handles objects in memory. - An error in the way that the scripting engine handles objects in memory in Internet Explorer. - An error when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. - An error when Windows Search improperly handles objects in memory. - An error in the way that Microsoft browsers access objects in memory. - An error when the Windows kernel improperly initializes objects in memory. - An error in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. - An error in the way that the Windows SMB Server handles certain requests. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code, conduct denial-of-service, gain access to potentially sensitive information, take control of the affected system and gain escalated privileges. Affected Software/OS: - Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1 - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11762 BugTraq ID: 101108 http://www.securityfocus.com/bid/101108 http://www.securitytracker.com/id/1039536 Common Vulnerability Exposure (CVE) ID: CVE-2017-8694 BugTraq ID: 101100 http://www.securityfocus.com/bid/101100 http://www.securitytracker.com/id/1039526 Common Vulnerability Exposure (CVE) ID: CVE-2017-8717 BugTraq ID: 101161 http://www.securityfocus.com/bid/101161 http://www.securitytracker.com/id/1039527 Common Vulnerability Exposure (CVE) ID: CVE-2017-8718 BugTraq ID: 101162 http://www.securityfocus.com/bid/101162 Common Vulnerability Exposure (CVE) ID: CVE-2017-11763 BugTraq ID: 101109 http://www.securityfocus.com/bid/101109 Common Vulnerability Exposure (CVE) ID: CVE-2017-11765 BugTraq ID: 101111 http://www.securityfocus.com/bid/101111 Common Vulnerability Exposure (CVE) ID: CVE-2017-8727 BugTraq ID: 101142 http://www.securityfocus.com/bid/101142 http://www.securitytracker.com/id/1039537 Common Vulnerability Exposure (CVE) ID: CVE-2017-11771 BugTraq ID: 101114 http://www.securityfocus.com/bid/101114 http://www.securitytracker.com/id/1039538 Common Vulnerability Exposure (CVE) ID: CVE-2017-11772 BugTraq ID: 101116 http://www.securityfocus.com/bid/101116 Common Vulnerability Exposure (CVE) ID: CVE-2017-11780 BugTraq ID: 101110 http://www.securityfocus.com/bid/101110 http://www.securitytracker.com/id/1039528 Common Vulnerability Exposure (CVE) ID: CVE-2017-11781 BugTraq ID: 101140 http://www.securityfocus.com/bid/101140 Common Vulnerability Exposure (CVE) ID: CVE-2017-11784 BugTraq ID: 101147 http://www.securityfocus.com/bid/101147 Common Vulnerability Exposure (CVE) ID: CVE-2017-11785 BugTraq ID: 101149 http://www.securityfocus.com/bid/101149 https://www.exploit-db.com/exploits/43001/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11790 BugTraq ID: 101077 http://www.securityfocus.com/bid/101077 http://www.securitytracker.com/id/1039532 Common Vulnerability Exposure (CVE) ID: CVE-2017-11793 BugTraq ID: 101141 http://www.securityfocus.com/bid/101141 https://www.exploit-db.com/exploits/43368/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11810 BugTraq ID: 101081 http://www.securityfocus.com/bid/101081 https://www.exploit-db.com/exploits/43131/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11813 BugTraq ID: 101083 http://www.securityfocus.com/bid/101083 Common Vulnerability Exposure (CVE) ID: CVE-2017-11814 BugTraq ID: 101093 http://www.securityfocus.com/bid/101093 Common Vulnerability Exposure (CVE) ID: CVE-2017-11815 BugTraq ID: 101136 http://www.securityfocus.com/bid/101136 Common Vulnerability Exposure (CVE) ID: CVE-2017-11816 BugTraq ID: 101094 http://www.securityfocus.com/bid/101094 Common Vulnerability Exposure (CVE) ID: CVE-2017-11817 BugTraq ID: 101095 http://www.securityfocus.com/bid/101095 Common Vulnerability Exposure (CVE) ID: CVE-2017-11819 BugTraq ID: 101121 http://www.securityfocus.com/bid/101121 Common Vulnerability Exposure (CVE) ID: CVE-2017-11822 BugTraq ID: 101122 http://www.securityfocus.com/bid/101122 Common Vulnerability Exposure (CVE) ID: CVE-2017-11824 BugTraq ID: 101099 http://www.securityfocus.com/bid/101099 Common Vulnerability Exposure (CVE) ID: CVE-2017-8689 BugTraq ID: 101128 http://www.securityfocus.com/bid/101128 Common Vulnerability Exposure (CVE) ID: CVE-2017-13080 BugTraq ID: 101274 http://www.securityfocus.com/bid/101274 CERT/CC vulnerability note: VU#228519 http://www.kb.cert.org/vuls/id/228519 Cisco Security Advisory: 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa Debian Security Information: DSA-3999 (Google Search) http://www.debian.org/security/2017/dsa-3999 FreeBSD Security Advisory: FreeBSD-SA-17:07 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc https://security.gentoo.org/glsa/201711-03 https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://www.krackattacks.com/ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html RedHat Security Advisories: RHSA-2017:2907 https://access.redhat.com/errata/RHSA-2017:2907 RedHat Security Advisories: RHSA-2017:2911 https://access.redhat.com/errata/RHSA-2017:2911 http://www.securitytracker.com/id/1039572 http://www.securitytracker.com/id/1039573 http://www.securitytracker.com/id/1039576 http://www.securitytracker.com/id/1039577 http://www.securitytracker.com/id/1039578 http://www.securitytracker.com/id/1039581 http://www.securitytracker.com/id/1039585 http://www.securitytracker.com/id/1039703 SuSE Security Announcement: SUSE-SU-2017:2745 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html SuSE Security Announcement: SUSE-SU-2017:2752 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html SuSE Security Announcement: openSUSE-SU-2017:2755 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html http://www.ubuntu.com/usn/USN-3455-1
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.