-
Cumulative Security Update for Microsoft Internet Explorer and Edge
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8496) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the users system.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8497) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8517) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8520) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory.This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8522) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8548) MS Rating: Critical
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Remote Code Execution Vulnerability (CVE-2017-8549) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the users system.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8499) MS Rating: Critical
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8519) MS Rating: Important
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2017-8521) MS Rating: Important
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. This may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8523) MS Rating: Important
A security bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker can exploit this issue to trick a user into loading a page with malicious content.
Microsoft Browser Information Disclosure Vulnerability (CVE-2017-8529) MS Rating: Important
An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8530) MS Rating: Important
A security bypass vulnerability that affects Microsoft Edge.
Internet Explorer Memory Corruption Vulnerability (CVE-2017-8547) MS Rating: Important
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8555) MS Rating: Important
A security bypass vulnerability exists when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker can exploit this issue to trick a user into loading a web page with malicious content.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8498) MS Rating: Moderate
An information disclosure vulnerability exists in Microsoft Edge that allows JavaScript XML DOM objects to detect installed browser extensions. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a malicious website in an attempt to make a user visit it.
Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8504) MS Rating: Low
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request.
-
Cumulative Security Update for Microsoft Office
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0260) MS Rating: Important
A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8506) MS Rating: Important
A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Office Memory Corruption Vulnerability (CVE-2017-8507) MS Rating: Important
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this issue could take control of an affected system.
Microsoft Office Security Feature Bypass Vulnerability (CVE-2017-8508) MS Rating: Important
A security bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats. The security bypass by itself does not allow arbitrary code execution.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8510) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
MicrosoftOffice Remote Code Execution Vulnerability (CVE-2017-8511) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8512) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8513) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this issue could use a specially crafted file to perform actions in the security context of the current user.
Microsoft SharePoint Reflective XSS Vulnerability (CVE-2017-8514) MS Rating: Important
A cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server.
Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2017-8545) MS Rating: Important
A spoofing vulnerability exists when Microsoft Outlook for Mac does not sanitize html or treat it in a safe manner. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials.
Microsoft SharePoint XSS vulnerability (CVE-2017-8551) MS Rating: Important
A privilege escalation vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. Successful exploits may allow an attacker to perform cross-site scripting attacks.
-
Cumulative Security Update for Microsoft Windows Hyper-V
Hypervisor Code Integrity Elevation of Privilege Vulnerability (CVE-2017-0193) MS Rating: Important
A privilege escalation vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this issue could gain elevated privileges on a target guest operating system.
-
Cumulative Security Update for Skype for Business
Skype for Business Remote Code Execution Vulnerability (CVE-2017-8550) MS Rating: Critical
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync Servers fail to properly sanitize specially crafted content. An authenticated attacker who successfully exploited this issue could execute HTML and JavaScript content in the Skype for Business or Lync context.
-
Cumulative Security Update for Microsoft Windows Uniscribe
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8527) MS Rating: Critical
A remote code execution vulnerability exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this issue could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8528) MS Rating: Critical
A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this issue could take control of the affected system.
Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0283) MS Rating: Critical
A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker can exploit this issue could take control of the affected system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0282) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the users system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0284) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the users system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the users system.
Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-8534) MS Rating: Important
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information to further compromise the users system.
-
Cumulative Security Update for Microsoft Windows Graphics
Windows Graphics Information Disclosure Vulnerability (CVE-2017-0286) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the users system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-0287) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the users system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-0288) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the users system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-0289) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the users system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-8531) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the users system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-8532) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the users system.
Windows Graphics Information Disclosure Vulnerability (CVE-2017-8533) MS Rating: Important
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited this issue could obtain information further compromise the users system.
-
Cumulative Security Update for Microsoft Windows Kernel-Mode Drivers
Windows Kernel Elevation of Privilege Vulnerability (CVE-2017-0297) MS Rating: Important
A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited this issue could execute code with elevated permissions.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0299) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-0300) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8462) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this issue could retrieve the base address of the kernel driver from a compromised process.
Win32k Elevation of Privilege Vulnerability (CVE-2017-8465) MS Rating: Important
A privilege escalation vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could run processes in an elevated context.
Win32k Elevation of Privilege Vulnerability (CVE-2017-8468) MS Rating: Important
A privilege escalation vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could run processes in an elevated context.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8469) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8470) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8471) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8472) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8473) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8474) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8475) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8476) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8477) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8478) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8479) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8480) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8481) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8482) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8483) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Win32k Information Disclosure Vulnerability (CVE-2017-8484) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8485) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8488) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8489) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8490) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8491) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
Windows Kernel Information Disclosure Vulnerability (CVE-2017-8492) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by sending a specially crafted application.
-
Cumulative Security Update for Microsoft Windows
LNK Remote Code Execution Vulnerability (CVE-2017-8464) MS Rating: Critical
A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this issue could gain the same user rights as the local user.
Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted PDF file. An attacker who successfully exploited this issue could cause arbitrary code to execute in the context of the current user.
Windows PDF Remote Code Execution Vulnerability (CVE-2017-0292) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted PDF file. An attacker who successfully exploited this issue could cause arbitrary code to execute in the context of the current user.
Windows Remote Code Execution Vulnerability (CVE-2017-0294) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files. To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.
Windows Search Remote Code Execution Vulnerability (CVE-2017-8543) MS Rating: Critical
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this issue could take control of the affected system.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0173) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0215) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0216) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0218) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0219) MS Rating: Important
A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this issue could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
Windows Default Folder Tampering Vulnerability (CVE-2017-0295) MS Rating: Important
A tampering vulnerability exists in Microsoft Windows that could allow an authenticated attacker to modify the folder structure. An attacker who successfully exploited this issue could potentially modify files and folders that are synchronized the first time when a user logs in locally to the computer.
Windows TDX Elevation of Privilege Vulnerability (CVE-2017-0296) MS Rating: Important
A privilege escalation vulnerability exists when tdx. sys fails to check the length of a buffer prior to copying memory to it.
Windows COM Session Elevation of Privilege Vulnerability (CVE-2017-0298) MS Rating: Important
A privilege escalation exists in Windows when a DCOM object in Helppane. exe, configured to run as the interactive user, fails to properly authenticate the client.
Windows PDF Information Disclosure Vulnerability (CVE-2017-8460) MS Rating: Important
An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted PDF file. An attacker who successfully exploited this issue could read information in the context of the current user.
Windows Cursor Elevation of Privilege Vulnerability (CVE-2017-8466) MS Rating: Important
A privilege escalation vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this issue could run processes in an elevated context.
Windows Security Feature Bypass Vulnerability (CVE-2017-8493) MS Rating: Important
A security bypass vulnerability exists when Microsoft Windows fails to enforce case sensitivity for certain variable checks, which could allow an attacker to set variables that are either read-only or require authentication.
Windows Elevation of Privilege Vulnerability (CVE-2017-8494) MS Rating: Important
A privilege escalation vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.
Windows VAD Cloning Denial of Service Vulnerability (CVE-2017-8515) MS Rating: Important
A denial of service vulnerability exists in Microsoft Windows when an unauthenticated attacker sends a specially crafted kernel mode request. An attacker who successfully exploited this issue could cause a denial of service on the target system, causing the machine to either stop responding or reboot.
Windows Search Information Disclosure Vulnerability (CVE-2017-8544) MS Rating: Important
An information disclosure vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the users system.
GDI Information Disclosure Vulnerablity (CVE-2017-8553) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise the users system.