Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-13 CVE-2017-8715 Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".
local
low complexity
microsoft
5.3
2017-10-13 CVE-2017-8703 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 1703
The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".
local
low complexity
microsoft CWE-119
5.5
2017-10-13 CVE-2017-8693 Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016
The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-200
5.5
2017-10-13 CVE-2017-11829 Files or Directories Accessible to External Parties vulnerability in Microsoft Windows 10 and Windows Server 2016
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.
local
low complexity
microsoft CWE-552
5.5
2017-10-13 CVE-2017-11823 Race Condition vulnerability in Microsoft Windows 10 and Windows Server 2016
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
local
low complexity
microsoft CWE-362
6.7
2017-10-13 CVE-2017-11820 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability".
network
low complexity
microsoft CWE-79
5.4
2017-10-13 CVE-2017-11818 7PK - Security Features vulnerability in Microsoft products
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability".
local
high complexity
microsoft CWE-254
4.5
2017-10-13 CVE-2017-11817 Information Exposure vulnerability in Microsoft products
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability".
local
high complexity
microsoft CWE-200
4.7
2017-10-13 CVE-2017-11816 Information Exposure vulnerability in Microsoft products
The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-200
5.5
2017-10-13 CVE-2017-11815 Information Exposure vulnerability in Microsoft products
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability".
network
high complexity
microsoft CWE-200
5.3