Vulnerabilities > CVE-2017-8746 - Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability".
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_SEP_4038788.NASL description The remote Windows host is missing security update 4038788. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161) - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766) - An information disclosure vulnerability exists when Microsoft Edge does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user last seen 2020-05-31 modified 2017-09-12 plugin id 103130 published 2017-09-12 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103130 title KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_SEP_4038782.NASL description The remote Windows host is missing security update 4038782. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161) - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766) - A spoofing vulnerability exists in Microsoft last seen 2020-05-31 modified 2017-09-12 plugin id 103128 published 2017-09-12 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103128 title KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update
The Hacker News
| id | THN:5133F80C8A11FE7678A971A326DDA682 |
| last seen | 2018-01-27 |
| modified | 2017-09-13 |
| published | 2017-09-13 |
| reporter | Mohit Kumar |
| source | https://thehackernews.com/2017/09/windows-zero-day-spyware.html |
| title | Immediately Patch Windows 0-Day Flaw That's Being Used to Spread Spyware |