Mcafee Foundstone Fsl Update

2017-JUN-16 FSL version 7.5.934

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

21915 - (MSPT-June2017) Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8528)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8528

Description A vulnerability is present in some versions of Microsoft Windows Uniscribe.

Observation Uniscribe is a set of services for rendering Unicode-encoded text in Microsoft Windows.

A vulnerability is present in some versions of Microsoft Windows Uniscribe. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to execute remote code on the target system.

21918 - (MSPT-June2017) Windows Uniscribe Remote Code Execution (CVE-2017-0283)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0283

Description A vulnerability is present in some versions of Microsoft Windows Uniscribe.

Observation Uniscribe is a set of services for rendering Unicode-encoded text on Microsoft Windows.

21924 - (MSPT-June2017) Windows Graphics Remote Code Execution Vulnerability (CVE-2017-8527)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8527

Description A vulnerability is present in some versions of Microsoft Windows and Office products. Observation Microsoft Windows is a popular operating system.

A vulnerability is present in some versions of Microsoft Windows and Office products. The flaw lies in Windows Graphics component. Successful exploitation could allow an attacker to execute remote code on the target system.

185731 - Ubuntu Linux 16.04 USN-3312-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE- 2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895

Description The scan detected that the host is missing the following update: USN-3312-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003886.html

Ubuntu 16.04 linux-image-raspi2_4.4.0.1057.58 linux-image-4.4.0-79-powerpc64-smp_4.4.0-79.100 linux-image-4.4.0-79-lowlatency_4.4.0-79.100 linux-image-lowlatency_4.4.0.79.85 linux-image-powerpc-e500mc_4.4.0.79.85 linux-image-aws_4.4.0.1018.21 linux-image-4.4.0-1057-raspi2_4.4.0-1057.64 linux-image-4.4.0-79-generic_4.4.0-79.100 linux-image-generic_4.4.0.79.85 linux-image-4.4.0-79-powerpc-smp_4.4.0-79.100 linux-image-powerpc64-emb_4.4.0.79.85 linux-image-virtual_4.4.0.79.85 linux-image-4.4.0-1059-snapdragon_4.4.0-1059.63 linux-image-4.4.0-79-generic-lpae_4.4.0-79.100 linux-image-powerpc64-smp_4.4.0.79.85 linux-image-4.4.0-79-powerpc-e500mc_4.4.0-79.100 linux-image-powerpc-smp_4.4.0.79.85 linux-image-gke_4.4.0.1014.16 linux-image-4.4.0-1018-aws_4.4.0-1018.27 linux-image-snapdragon_4.4.0.1059.52 linux-image-4.4.0-1014-gke_4.4.0-1014.14 linux-image-generic-lpae_4.4.0.79.85

185735 - Ubuntu Linux 14.04 USN-3312-2 Update Is Not Installed

Description The scan detected that the host is missing the following update: USN-3312-2

Ubuntu 14.04 linux-image-4.4.0-79-powerpc-e500mc_4.4.0-79.100~14.04.1 linux-image-powerpc-e500mc-lts-xenial_4.4.0.79.64 linux-image-powerpc64-smp-lts-xenial_4.4.0.79.64 linux-image-lowlatency-lts-xenial_4.4.0.79.64 linux-image-generic-lpae-lts-xenial_4.4.0.79.64 linux-image-powerpc-smp-lts-xenial_4.4.0.79.64 linux-image-4.4.0-79-powerpc64-smp_4.4.0-79.100~14.04.1 linux-image-4.4.0-79-powerpc-smp_4.4.0-79.100~14.04.1 linux-image-powerpc64-emb-lts-xenial_4.4.0.79.64 linux-image-4.4.0-79-generic_4.4.0-79.100~14.04.1 linux-image-4.4.0-79-lowlatency_4.4.0-79.100~14.04.1 linux-image-4.4.0-79-generic-lpae_4.4.0-79.100~14.04.1 linux-image-generic-lts-xenial_4.4.0.79.64 linux-image-4.4.0-79-powerpc64-emb_4.4.0-79.100~14.04.1

185738 - Ubuntu Linux 17.04 USN-3314-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2016-9604, CVE-2017-0605, CVE-2017-2671, CVE-2017-7277, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE- 2017-7889, CVE-2017-7895, CVE-2017-7979, CVE-2017-8063, CVE-2017-8064, CVE-2017-8067

Description The scan detected that the host is missing the following update: USN-3314-1

Ubuntu 17.04 linux-image-raspi2_4.10.0.1006.8 linux-image-lowlatency_4.10.0.22.24 linux-image-generic-lpae_4.10.0.22.24 linux-image-4.10.0-22-generic_4.10.0-22.24 linux-image-4.10.0-22-lowlatency_4.10.0-22.24 linux-image-4.10.0-22-generic-lpae_4.10.0-22.24 linux-image-generic_4.10.0.22.24 linux-image-4.10.0-1006-raspi2_4.10.0-1006.8

192188 - Fedora Linux 24 FEDORA-2017-f942f19ff4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-9059

Description The scan detected that the host is missing the following update: FEDORA-2017-f942f19ff4

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2

Fedora Core 24 picocom-2.2-2.fc24

192220 - Fedora Linux 25 FEDORA-2017-ac7fc2fd8c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-9059

Description The scan detected that the host is missing the following update: FEDORA-2017-ac7fc2fd8c

Fedora Core 25 picocom-2.2-2.fc25

192230 - Fedora Linux 24 FEDORA-2017-6554692044 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077

Description The scan detected that the host is missing the following update: FEDORA-2017-6554692044

Fedora Core 24 kernel-4.11.4-100.fc24

21958 - (MSPT-June2017) Win32k Elevation of Privilege Vulnerability (CVE-2017-8465)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8465

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel- mode driver handles objects in memory. Successful exploitation could allow an attacker to execute processes with elevated privileges. Exploitation requires an attacker to gain access to the local system.

21960 - (MSPT-June2017) Windows Cursor Elevation Of Privilege Vulnerability (CVE-2017-8466)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8466

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

22005 - (MSPT-June2017) Microsoft Office Memory Corruption Vulnerability (CVE-2017-8507)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8507

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how Microsoft Outlook parses e- mail messages. Successful exploitation could allow an attacker to execute remote code. Exploitation requires a user to open a maliciously crafted e-mail message. 178452 - Gentoo Linux GLSA-201706-15 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2015-2330, CVE-2015-7096, CVE-2015-7098, CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE- 2016-1727, CVE-2016-1728, CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016- 7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE- 2016-7652, CVE-2016-7654, CVE-2016-7656, CVE-2016-9642, CVE-2016-9643, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2367, CVE-2017- 2369, CVE-2017-2371, CVE-2017-2373, CVE-2017-2376, CVE-2017-2377, CVE-2017-2386, CVE-2017-2392, CVE-2017-2394, CVE- 2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460, CVE-2017- 2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2475, CVE- 2017-2476, CVE-2017-2481, CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017- 2531, CVE-2017-2536, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984

Description The scan detected that the host is missing the following update: GLSA-201706-15

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/201706-15

Affected packages: net-libs/webkit-gtk < 2.16.3

185732 - Ubuntu Linux 16.10 USN-3313-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2017-0605

Description The scan detected that the host is missing the following update: USN-3313-1

Ubuntu 16.10 linux-image-powerpc-e500mc_4.8.0.54.66 linux-image-4.8.0-54-powerpc64-emb_4.8.0-54.57 linux-image-generic_4.8.0.54.66 linux-image-lowlatency_4.8.0.54.66 linux-image-4.8.0-54-generic-lpae_4.8.0-54.57 linux-image-4.8.0-1038-raspi2_4.8.0-1038.41 linux-image-powerpc-smp_4.8.0.54.66 linux-image-4.8.0-54-powerpc-smp_4.8.0-54.57 linux-image-generic-lpae_4.8.0.54.66 linux-image-4.8.0-54-generic_4.8.0-54.57 linux-image-powerpc64-emb_4.8.0.54.66 linux-image-4.8.0-54-lowlatency_4.8.0-54.57 linux-image-4.8.0-54-powerpc-e500mc_4.8.0-54.57 linux-image-raspi2_4.8.0.1038.42

185736 - Ubuntu Linux 16.04 USN-3313-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2017-0605

Description The scan detected that the host is missing the following update: USN-3313-2

Ubuntu 16.04 linux-image-4.8.0-54-generic_4.8.0-54.57~16.04.1 linux-image-generic-lpae-hwe-16.04_4.8.0.54.25 linux-image-lowlatency-hwe-16.04_4.8.0.54.25 linux-image-4.8.0-54-generic-lpae_4.8.0-54.57~16.04.1 linux-image-4.8.0-54-lowlatency_4.8.0-54.57~16.04.1 linux-image-generic-hwe-16.04_4.8.0.54.25

192223 - Fedora Linux 26 FEDORA-2017-a50319c820 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9078, CVE-2017-9079

Description The scan detected that the host is missing the following update: FEDORA-2017-a50319c820

Fedora Core 26 dropbear-2017.75-1.fc26

192224 - Fedora Linux 26 FEDORA-2017-a7161eb173 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-7692

Description The scan detected that the host is missing the following update: FEDORA-2017-a7161eb173

Fedora Core 26 squirrelmail-1.4.22-19.fc26

21975 - (MSPT-June2017) Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8543

Description A remote code execution vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

A remote code execution vulnerability is present in some versions of Microsoft Windows. The flaw lies in Windows Search due to improper handling of objects in memory. Successful exploitation could allow an attacker to take control of the affected system.

21988 - (MSPT-June2017) Windows Remote Code Execution Vulnerability (CVE-2017-0294)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0294

Description An remote code execution vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An remote code execution vulnerability is present in some versions of Microsoft Windows. The flaw lies in how Microsoft Windows handles cabinet files. Successful exploitation could allow an attacker to execute remote arbitrary code. Exploitation requires the user to open a maliciously crafted cabinet file.

21904 - (MSPT-June2017) Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8513) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8513

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how the product handles objects in memory. Successful exploitation could allow an attacker to execute remote code. Exploitation requires a user to open a maliciously crafted file.

21912 - (MSPT-June2017) Windows TDX Elevation of Privilege Vulnerability (CVE-2017-0296)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0296

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw is due to failing to properly validate buffer length. Successful exploitation could allow an attacker to run processes in an elevated context. Exploitation requires an attacker to gain access to the local system.

21928 - (MSPT-June2017) Scripting Engine Memory Corruption Vulnerability (CVE-2017-8517)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8517

Description A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine.

Observation Microsoft Scripting Engine is used by Internet browser developed by Microsoft.

A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine. The flaw is due to improper handling of objects in memory. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.

21929 - (MSPT-June2017) Internet Explorer Memory Corruption Vulnerability (CVE-2017-8519)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8519

Description A memory corruption vulnerability is present in some versions of Microsoft Internet Explorer.

Observation Internet Explorer is an Internet browser developed by Microsoft.

A memory corruption vulnerability is present in some versions of Microsoft Internet Explorer. The flaw is due to improper handling of objects in memory. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.

21931 - (MSPT-June2017) Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8524

Description A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine.

Observation Microsoft Scripting Engine is used by Internet browser developed by Microsoft.

21932 - (MSPT-June2017) Internet Explorer Memory Corruption Vulnerability (CVE-2017-8547)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8547

Description A memory corruption vulnerability is present in some versions of Microsoft Internet Explorer.

Observation Internet Explorer is an Internet browser developed by Microsoft.

A memory corruption vulnerability is present in some versions of Microsoft Internet Explorer. The flaw is due to improper accessing objects in memory. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.

21933 - (MSPT-June2017) Scripting Engine Memory Corruption Vulnerability (CVE-2017-8522)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8522

Description A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine. Observation Microsoft Scripting Engine is used by Internet browser developed by Microsoft.

21943 - (MSPT-June2017) Windows Kernel Elevation of Privileges Vulnerability (CVE-2017-0297)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0297

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles objects in memory. Successful exploitation could allow an attacker to execute arbitrary code with elevated privileges. Exploitation requires an attacker to gain access to the local system.

21944 - (MSPT-June2017) Windows Kernel Elevation of Privileges Vulnerability (CVE-2017-8494)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8494

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles objects in memory. Successful exploitation could allow an attacker to violate virtual trust levels. Exploitation requires an attacker to gain access to the local system.

21946 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8548)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8548

Description A memory corruption vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10. A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw lies in the JavaScript engine in handling objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.

21950 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8549)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8549

Description A memory corruption vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw lies in the JavaScript engine in handling objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.

21952 - (MSPT-May2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0223)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0223

Description A memory corruption vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

21955 - (MSPT-June2017) Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8496)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8496

Description A memory corruption vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw is due to improper access of objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.

21956 - (MSPT-June2017) Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8497)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-MAP-NOMATCH

Description A memory corruption vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

21962 - (MSPT-June2017) Windows Virtual memory Denial of Service Vulnerability (CVE-2017-8515)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8515

Description A Denial of Service vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

A Denial of Service vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows handles certain types of kernel mode requests. Successful exploitation could allow an attacker to cause a denial of service condition.

21963 - (MSPT-June2017) Windows COM Elevation of Privilege Vulnerability (CVE-2017-0298)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0298

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in Helppane.exe. Successful exploitation could allow an attacker to execute arbitrary code in another user's session.

21964 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8499) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8499

Description A memory corruption vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

21965 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8520)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8520

Description A memory corruption vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

21966 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8521)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8521

Description A memory corruption vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

21984 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8509

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how the Microsoft Office handle objects in memory. Successful exploitation could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires the user to open a specially crafted file.

21985 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8511)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8511

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

21986 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8512)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8512

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

21989 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509)

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-8509 Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

21990 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8511)

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-8511

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

21998 - (MSPT-June2017) Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0291

Description A vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

A vulnerability is present in some versions of Microsoft Windows. The flaw lies in how Windows parses PDF files. Successful exploitation could allow an attacker to execute arbitrary code in the context of current user on the target system.

22000 - (MSPT-June2017) Windows PDF Remote Code Execution Vulnerability (CVE-2017-0292)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0292

Description A vulnerability is present in some versions of Microsoft Windows and Microsoft Word.

Observation Windows is a popular operation system developed by Microsoft and Microsoft Word is a popular document and word processing software.

A vulnerability is present in some versions of Microsoft Windows and Microsoft Word. The flaw lies in how Windows and Microsoft Word parse PDF files. Successful exploitation could allow an attacker to execute arbitrary code in the context of current user on the target system.

22002 - (MSPT-June2017) LNK Remote Code Execution Vulnerability (CVE-2017-8464)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8464

Description A remote code execution vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

A remote code execution vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Microsoft Office handles LNK files. Successful exploitation could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires the user to open a specially crafted LNK file.

22003 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8510)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8510

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw is due to an improper object handling in memory. Successful exploitation could allow an attacker to remotely execute arbitrary code.

22004 - (MSPT-June2017) Microsoft Office Remote Code Execution (CVE-2017-8506)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8506

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite. A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how Microsoft Office validates input before loading DLL files. Successful exploitation could allow an attacker to execute remote code. Exploitation requires a user to open a maliciously crafted Office document.

130787 - Debian Linux 8.0 DSA-3875-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2017-9433

Description The scan detected that the host is missing the following update: DSA-3875-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3875

Debian 8.0 all libmwaw-tools_0.3.1-2+deb8u1 libmwaw-doc_0.3.1-2+deb8u1 libmwaw-0.3-3_0.3.1-2+deb8u1 libmwaw-dev_0.3.1-2+deb8u1

130788 - Debian Linux 8.0 DSA-3874-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2017-6430, CVE-2017-8366

Description The scan detected that the host is missing the following update: DSA-3874-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3874

Debian 8.0 all ettercap-text-only_1:0.8.1-3+deb8u1 ettercap-graphical_1:0.8.1-3+deb8u1 ettercap-common_1:0.8.1-3+deb8u1 ettercap-dbg_1:0.8.1-3+deb8u1

185733 - Ubuntu Linux 17.04 USN-3316-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2017-9148 Description The scan detected that the host is missing the following update: USN-3316-1

Ubuntu 17.04 freeradius_3.0.12+dfsg-4ubuntu1.1

185737 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3253-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2013-7108, CVE-2013-7205, CVE-2014-1878, CVE-2016-9566

Description The scan detected that the host is missing the following update: USN-3253-2

Ubuntu 16.04 nagios3-cgi_3.5.1.dfsg-2.1ubuntu1.3 nagios3-core_3.5.1.dfsg-2.1ubuntu1.3

Ubuntu 14.04 nagios3-cgi_3.5.1-1ubuntu1.3 nagios3-core_3.5.1-1ubuntu1.3

Ubuntu 16.10 nagios3-cgi_3.5.1.dfsg-2.1ubuntu3.3 nagios3-core_3.5.1.dfsg-2.1ubuntu3.3

Ubuntu 17.04 nagios3-core_3.5.1.dfsg-2.1ubuntu5.2 nagios3-cgi_3.5.1.dfsg-2.1ubuntu5.2

192174 - Fedora Linux 24 FEDORA-2017-7e0ff7f73a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-5645 Description The scan detected that the host is missing the following update: FEDORA-2017-7e0ff7f73a

Fedora Core 24 log4j12-1.2.17-19.fc24

192177 - Fedora Linux 26 FEDORA-2017-f7849e04f4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-8849

Description The scan detected that the host is missing the following update: FEDORA-2017-f7849e04f4

Fedora Core 26 smb4k-1.2.2-3.fc26

192182 - Fedora Linux 25 FEDORA-2017-60997f0d14 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229

Description The scan detected that the host is missing the following update: FEDORA-2017-60997f0d14

Fedora Core 25 oniguruma-6.1.3-2.fc25 192183 - Fedora Linux 26 FEDORA-2017-7ee5c17024 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9148

Description The scan detected that the host is missing the following update: FEDORA-2017-7ee5c17024

Fedora Core 26 freeradius-3.0.14-1.fc26

192184 - Fedora Linux 26 FEDORA-2017-b8358cda24 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-5645

Description The scan detected that the host is missing the following update: FEDORA-2017-b8358cda24

Fedora Core 26 log4j12-1.2.17-19.fc26

192187 - Fedora Linux 26 FEDORA-2017-988ee3e365 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-8366

Description The scan detected that the host is missing the following update: FEDORA-2017-988ee3e365

Fedora Core 26 ettercap-0.8.2-8.20170306git60aca9.fc26

192211 - Fedora Linux 26 FEDORA-2017-f986009363 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9432

Description The scan detected that the host is missing the following update: FEDORA-2017-f986009363

Fedora Core 26 libstaroffice-0.0.3-3.fc26

192213 - Fedora Linux 25 FEDORA-2017-8348115acd Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-5645

Description The scan detected that the host is missing the following update: FEDORA-2017-8348115acd

Fedora Core 25 log4j12-1.2.17-19.fc25

192227 - Fedora Linux 26 FEDORA-2017-ee01a2ced6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229

Description The scan detected that the host is missing the following update: FEDORA-2017-ee01a2ced6

Fedora Core 26 oniguruma-6.3.0-1.fc26

192228 - Fedora Linux 24 FEDORA-2017-e2d6d0067f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229

Description The scan detected that the host is missing the following update: FEDORA-2017-e2d6d0067f

Fedora Core 24 oniguruma-5.9.6-4.fc24

192231 - Fedora Linux 25 FEDORA-2017-e698bba980 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9148

Description The scan detected that the host is missing the following update: FEDORA-2017-e698bba980

Fedora Core 25 freeradius-3.0.14-1.fc25

192233 - Fedora Linux 26 FEDORA-2017-57e8f5ec61 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-8779

Description The scan detected that the host is missing the following update: FEDORA-2017-57e8f5ec61

Fedora Core 26 libtirpc-1.0.1-4.rc3.fc26

21891 - Apache Tomcat Vulnerability Prior To 8.5.15

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2017-5664

Description A vulnerability is present in some versions of Apache Tomcat.

Observation Apache Tomcat is a container for the Java Servlet and Java Server Pages Web applications.

A vulnerability is present in some versions of Apache Tomcat. The flaw is due to improper error page mechanism. Successful exploitation could allow an attacker to bypass certain security restriction.

21905 - (MSPT-June2017) Microsoft SharePoint Reflective XSS Vulnerability (CVE-2017-8514)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8514

Description A cross-site scripting vulnerability is present in some versions of Microsoft SharePoint.

Observation Microsoft SharePoint is a web-based, collaborative platform that integrates with Microsoft Office products.

A cross-site scripting vulnerability is present in some versions of Microsoft SharePoint. The flaw is due to improper handling of a specially crafted request. Successful exploitation could allow an authenticated attacker to obtain sensitive information, take actions on the SharePoint site on behalf of the victim. Exploitation requires a user to click a specially crafted URL.

21913 - (MSPT-May2017) Win32k Elevation of Privilege Vulnerability (CVE-2017-8552)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8552

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel- mode driver handles objects in memory. Successful exploitation could allow an attacker to execute arbitrary code with elevated privileges. Exploitation requires an attacker to gain access to the local system.

21914 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8488)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8488

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21934 - (MSPT-June2017) Microsoft Office Remote Code Execution (CVE-2017-0260)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0260

Description A remote code execution vulnerability is present in some versions of Microsoft Office.

Observation Office is a popular office suite of applications and platforms developed by Microsoft.

A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how Office validates input before loading DLL files. Successful exploitation could allow an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires an attacker to convince user to open a specially crafted office document.

21968 - (MSPT-June2017) Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8530)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8530 Description A security feature bypass vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

A security feature bypass vulnerability is present in some versions of Microsoft Edge. The flaw is due to improper enforcing of same- origin policies. Successful exploitation could allow an attacker to access information from origins outside the current one.

21987 - (MSPT-June2017) Hypervisor Code Integrity Elevation of Privilege Vulnerability (CVE-2017-0193)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0193

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in Windows Hyper-V. Successful exploitation could allow an authenticated attacker to obtain elevated privileges.

22006 - (MSPT-June2017) Microsoft Office Security Feature Bypass Vulnerability (CVE-2017-8508)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8508

Description A security bypass vulnerability is present in some versions of Microsoft Office.

Observation Microsoft Office is a popular office suite.

A security bypass vulnerability is present in some versions of Microsoft Office. The flaw lies in how this software parses file formats. Successful exploitation could allow an attacker to bypass security access restrictions.

145388 - SuSE SLES 11 SP4 SUSE-SU-2017:1557-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-9318, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050

Description The scan detected that the host is missing the following update: SUSE-SU-2017:1557-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-June/002940.html

SuSE SLES 11 SP4 i586 libxml2-python-2.7.6-0.69.3 libxml2-doc-2.7.6-0.69.1 libxml2-2.7.6-0.69.1 x86_64 libxml2-32bit-2.7.6-0.69.1 libxml2-python-2.7.6-0.69.3 libxml2-doc-2.7.6-0.69.1 libxml2-2.7.6-0.69.1

182371 - FreeBSD roundcube Arbitrary Password Resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8114

Description The scan detected that the host is missing the following update: roundcube -- arbitrary password resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/bce47c89-4d3f-11e7-8080-a4badb2f4699.html

Affected packages: roundcube < 1.2.5,1

192173 - Fedora Linux 24 FEDORA-2017-facd994774 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000367

Description The scan detected that the host is missing the following update: FEDORA-2017-facd994774

192180 - Fedora Linux 26 FEDORA-2017-9e83b902f9 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-2496, CVE-2017-2510, CVE-2017-2539

Description The scan detected that the host is missing the following update: FEDORA-2017-9e83b902f9

Fedora Core 26 webkitgtk4-2.16.3-1.fc26

192190 - Fedora Linux 26 FEDORA-2017-d5cf1a55ce Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6891

Description The scan detected that the host is missing the following update: FEDORA-2017-d5cf1a55ce

Fedora Core 26 mingw-libtasn1-4.12-1.fc26

192207 - Fedora Linux 26 FEDORA-2017-8b250ebe97 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000367

Description The scan detected that the host is missing the following update: FEDORA-2017-8b250ebe97 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3

Fedora Core 26 sudo-1.8.20p2-1.fc26

192208 - Fedora Linux 26 FEDORA-2017-1f3ee3bea6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6949

Description The scan detected that the host is missing the following update: FEDORA-2017-1f3ee3bea6

Fedora Core 26 chicken-4.12.0-2.fc26

192215 - Fedora Linux 26 FEDORA-2017-5115baf0e6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6891

Description The scan detected that the host is missing the following update: FEDORA-2017-5115baf0e6

Fedora Core 26 libtasn1-4.12-1.fc26

21906 - (MSPT-June2017) Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2017-8545)

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2017-8545

Description A spoofing vulnerability is present in some versions of Microsoft Outlook for Mac.

Observation Microsoft Office is a popular office suite.

A spoofing vulnerability is present in some versions of Microsoft Outlook for Mac. The flaw lies in how the product handles specific HTML tags. Successful exploitation could allow an attacker to gain access to the user's authentication information or login credentials. Exploitation requires a user to open a maliciously email.

21907 - (MSPT-June2017) Skype for Business Remote Code Execution Vulnerability (CVE-2017-8550)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8550

Description A remote code execution vulnerability is present in some versions of Microsoft Office products.

Observation Microsoft Office is a popular office suite and Skype for Business is an instant-messaging client.

A remote code execution vulnerability is present in some versions of Microsoft Office products. The flaw lies in how the product handles a message that contains specially crafted JavaScript content. Successful exploitation could allow an attacker to execute HTML and JavaScript content. Exploitation requires a user to open an instant message session.

21908 - (MSPT-June2017) Microsoft SharePoint XSS vulnerability (CVE-2017-8551)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8551

Description A cross-site scripting vulnerability is present in some versions of Microsoft SharePoint.

Observation Microsoft SharePoint is a web-based, collaborative platform that integrates with Microsoft Office products.

21916 - (MSPT-June2017) Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0285 Description An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe.

Observation Uniscribe is a set of services for rendering Unicode-encoded text in Microsoft Windows.

An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.

21917 - (MSPT-June2017) Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0284)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0284

Description An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe.

Observation Uniscribe is a set of services for rendering Unicode-encoded text in Microsoft Windows.

21919 - (MSPT-June2017) Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0282)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0282

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Microsoft Windows is a popular operating system.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in Windows Uniscribe component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.

21920 - (MSPT-June2017) Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-8534)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8534

Description An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe.

Observation Uniscribe is a set of services for rendering Unicode-encoded text in Microsoft Windows. An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.

21921 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-0287)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0287

Description An information disclosure vulnerability is present in some versions of Microsoft Windows Graphics.

Observation Microsoft Windows is a popular operating system.

An information disclosure vulnerability is present in some versions of Microsoft Windows Graphics. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.

21922 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-0288)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0288

Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.

Observation Microsoft Windows is a popular operating system.

An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products. The flaw lies in Windows Graphics component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.

21923 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-0289)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0289

Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.

Observation Microsoft Windows is a popular operating system.

21925 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-8531) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8531

Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.

Observation Microsoft Windows is a popular operating system.

21926 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-8532)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8532

Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.

Observation Microsoft Windows is a popular operating system.

21927 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-8533)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8533

Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.

Observation Microsoft Windows is a popular operating system.

21930 - (MSPT-June2017) Microsoft Browser Information Disclosure Vulnerability (CVE-2017-8529)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8529 Description An information disclosure vulnerability is present in some versions of Microsoft Browser.

Observation Microsoft Browser are Internet browser developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Browser. The flaw is due to improper handling of objects in memory. Successful exploitation could allow a remote attacker to retrieve sensitive data from the target system.

21957 - (MSPT-June2017) Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8498)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8498

Description An information disclosure vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

An information disclosure vulnerability is present in some versions of Microsoft Edge. The flaw is in the JavaScript XML DOM objects. Successful exploitation could allow an attacker to detect installed browser extensions.

21959 - (MSPT-June2017) Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8504)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8504

Description An information disclosure vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

An information disclosure vulnerability is present in some versions of Microsoft Edge. The flaw is due to incorrect handling of filtered response type in the Microsoft Edge Fetch API. Successful exploitation could allow an attacker to read the URL of a cross-origin request.

21961 - (MSPT-June2017) Win32k Elevation of Privilege Vulnerability (CVE-2017-8468)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8468

Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21967 - (MSPT-June2017) Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8523)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8523

Description A security feature bypass vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

A security feature bypass vulnerability is present in some versions of Microsoft Edge. The flaw is due to a failure in correctly applying Same Origin Policy for HTML elements present in other browser windows. Successful exploitation could allow an attacker to trick a user into loading a page with malicious content.

21969 - (MSPT-June2017) Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8555)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8555

Description A security feature bypass vulnerability is present in some versions of Microsoft Edge.

Observation Microsoft Edge is the new default web browser in Windows 10.

A security feature bypass vulnerability is present in some versions of Microsoft Edge. The flaw lies in Content Security Policy (CSP) due to a failure in properly validating certain specially crafted documents. Successful exploitation could allow an attacker to trick a user into loading a web page with malicious content.

21991 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0173)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0173

Description A security bypass vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

A security feature bypass vulnerability is present in some versions of Microsoft Windows. The flaw lies in Device Guard. Successful exploitation could allow an attacker to execute remote code into a powershell process to bypass the Device Guard Code Integrity policy. Exploitation requires an attacker to gain access to the local system.

21992 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0215)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0215

Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21993 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0216)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0216

Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21994 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0218)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0218 Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21995 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0219)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0219

Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21997 - (MSPT-June2017) Windows Default Folder Tampering Vulnerability (CVE-2017-0295)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0295

Description A vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

A vulnerability is present in some versions of Microsoft Windows. The flaw is due to incorrect permission settings on folders inside the DEFAULT folder structure. Successful exploitation could allow an authenticated attacker to modify files and folders of a user who logs in locally to the computer.

21999 - (MSPT-June2017) Windows PDF Information Disclosure Vulnerability (CVE-2017-8460)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8460

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how Windows parses PDF files. Successful exploitation could allow an attacker to read memory in the context of the current user.

22001 - (MSPT-June2017) Windows GDI Information Disclosure Vulnerability (CVE-2017-0286)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0286

Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Microsoft Word.

Observation Windows is a popular operation system developed by Microsoft and Microsoft Word is a popular document and word processing software.

An information disclosure vulnerability is present in some versions of Microsoft Windows and Microsoft Word. The flaw lies in Windows GDI component. Successful exploitation could allow an attacker to obtain sensitive information on the target system.

88869 - Slackware Linux 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 SSA:2017-158-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9468, CVE-2017-9469

Description The scan detected that the host is missing the following update: SSA:2017-158-01

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.541305

Slackware 14.0 x86_64 irssi-1.0.3-x86_64-1

Slackware 13.37 x86_64 irssi-0.8.21-x86_64-2

Slackware 14.1 x86_64 irssi-1.0.3-x86_64-1

Slackware 13.1 x86_64 irssi-0.8.21-x86_64-2

Slackware 14.2 x86_64 irssi-1.0.3-x86_64-1 i586 irssi-1.0.3-i586-1

Slackware 13.0 x86_64 irssi-0.8.21-x86_64-2

130791 - Debian Linux 8.0 DSA-3877-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-0376

Description The scan detected that the host is missing the following update: DSA-3877-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3877

Debian 8.0 all tor_0.2.5.14-1

145387 - SuSE SLES 12 SP2, SLED 12 SP2 SUSE-SU-2017:1538-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050

Description The scan detected that the host is missing the following update: SUSE-SU-2017:1538-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-June/002939.html

SuSE SLED 12 SP2 x86_64 python-libxml2-2.9.4-39.2 libxml2-2-32bit-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 libxml2-2-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 libxml2-tools-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-2-debuginfo-32bit-2.9.4-39.2

SuSE SLES 12 SP2 noarch libxml2-doc-2.9.4-39.2 x86_64 python-libxml2-2.9.4-39.2 libxml2-tools-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 libxml2-2-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 libxml2-2-32bit-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-2-debuginfo-32bit-2.9.4-39.2

182372 - FreeBSD irssi Remote DoS (165e8951-4be0-11e7-a539-0050569f7e80)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9468, CVE-2017-9469

Description The scan detected that the host is missing the following update: irssi -- remote DoS (165e8951-4be0-11e7-a539-0050569f7e80)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/165e8951-4be0-11e7-a539-0050569f7e80.html

Affected packages: irssi < 1.0.3

185730 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3317-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9468, CVE-2017-9469

Description The scan detected that the host is missing the following update: USN-3317-1

Ubuntu 16.04 irssi_0.8.19-1ubuntu1.4

Ubuntu 14.04 irssi_0.8.15-5ubuntu3.2

Ubuntu 16.10 irssi_0.8.19-1ubuntu2.2

Ubuntu 17.04 irssi_0.8.20-2ubuntu2.1

185734 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3318-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7507, CVE-2017-7869

Description The scan detected that the host is missing the following update: USN-3318-1

Ubuntu 16.04 libgnutls30_3.4.10-4ubuntu1.3

Ubuntu 14.04 libgnutls26_2.12.23-12ubuntu2.8

Ubuntu 16.10 libgnutls30_3.5.3-5ubuntu1.2

Ubuntu 17.04 libgnutls30_3.5.6-4ubuntu4.1

192202 - Fedora Linux 24 FEDORA-2017-0a1b2d495a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9217

Description The scan detected that the host is missing the following update: FEDORA-2017-0a1b2d495a

Fedora Core 24 systemd-229-20.fc24

192212 - Fedora Linux 26 FEDORA-2017-0d5817efc0 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7484, CVE-2017-7485, CVE-2017-7486

Description The scan detected that the host is missing the following update: FEDORA-2017-0d5817efc0

Fedora Core 26 mingw-postgresql-9.6.3-1.fc26

192214 - Fedora Linux 26 FEDORA-2017-60775d65bb Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8921

Description The scan detected that the host is missing the following update: FEDORA-2017-60775d65bb

Fedora Core 26

FlightGear-2017.1.3-2.fc26

21909 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8483) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8483

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw is due to improper object initialization in memory. Successful exploitation could allow an authenticated attacker to obtain sensitive information.

21935 - (MSPT-June2017) GDI Information Disclosure Vulnerablity (CVE-2017-8553)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8553

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21936 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8470)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8470

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21937 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8471)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8471

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21938 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8472)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8472

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21939 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8473)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8473

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21940 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8475)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8475 Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21941 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8477)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8477

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21942 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8484)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8484

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21948 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8490)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8490

Description An information disclosure vulnerability is present in some versions of Microsoft Windows. Observation Windows is a popular operation system developed by Microsoft.

21954 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8474)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8474

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21978 - (MSPT-June2017) Microsoft Windows Search Information Disclosure Vulnerability (CVE-2017-8544)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8544

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in Windows Search due to improper handling of objects in memory. Successful exploitation could allow an attacker to obtain information to further compromise the target system.

130789 - Debian Linux 8.0 DSA-3878-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981

Description The scan detected that the host is missing the following update: DSA-3878-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3878

Debian 8.0 all libzzip-0-13_0.13.62-3+deb8u1 libzzip-dev_0.13.62-3+deb8u1 zziplib-bin_0.13.62-3+deb8u1

192179 - Fedora Linux 26 FEDORA-2017-b6959bc910 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365

Description The scan detected that the host is missing the following update: FEDORA-2017-b6959bc910

Fedora Core 26 libsndfile-1.0.28-2.fc26

192189 - Fedora Linux 26 FEDORA-2017-086d989cce Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7511

Description The scan detected that the host is missing the following update: FEDORA-2017-086d989cce

Fedora Core 26 poppler-0.52.0-2.fc26

192197 - Fedora Linux 25 FEDORA-2017-0ee7b8dd2a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7511, CVE-2017-9083

Description The scan detected that the host is missing the following update: FEDORA-2017-0ee7b8dd2a

Fedora Core 25 mingw-poppler-0.45.0-2.fc25

192199 - Fedora Linux 24 FEDORA-2017-ed1c665a3f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6508

Description The scan detected that the host is missing the following update: FEDORA-2017-ed1c665a3f

Fedora Core 24 wget-1.18-2.fc24

192203 - Fedora Linux 26 FEDORA-2017-e8586a44c9 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7511, CVE-2017-9083

Description The scan detected that the host is missing the following update: FEDORA-2017-e8586a44c9

Fedora Core 26 mingw-poppler-0.52.0-2.fc26 192206 - Fedora Linux 26 FEDORA-2017-38c3781b89 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6508

Description The scan detected that the host is missing the following update: FEDORA-2017-38c3781b89

Fedora Core 26 wget-1.19.1-3.fc26

192209 - Fedora Linux 26 FEDORA-2017-e9936d561b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-10369, CVE-2017-8933, CVE-2017-8934

Description The scan detected that the host is missing the following update: FEDORA-2017-e9936d561b

Fedora Core 26 pcmanfm-1.2.5-2.fc26 lxterminal-0.3.0-3.fc26 menu-cache-1.0.2-4.D20170514git56f6668459.fc26

192210 - Fedora Linux 25 FEDORA-2017-abbac6c64b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365

Description The scan detected that the host is missing the following update: FEDORA-2017-abbac6c64b

Fedora Core 25 libsndfile-1.0.28-2.fc25

192216 - Fedora Linux 26 FEDORA-2017-4e981a51e6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6512

Description The scan detected that the host is missing the following update: FEDORA-2017-4e981a51e6

Fedora Core 26 perl-File-Path-2.12-367.fc26

192217 - Fedora Linux 24 FEDORA-2017-eadc5f410e Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7511, CVE-2017-9083

Description The scan detected that the host is missing the following update: FEDORA-2017-eadc5f410e

Fedora Core 24 mingw-poppler-0.41.0-2.fc24

192225 - Fedora Linux 26 FEDORA-2017-03c5f27205 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9403, CVE-2017-9404 Description The scan detected that the host is missing the following update: FEDORA-2017-03c5f27205

Fedora Core 26 mingw-libtiff-4.0.8-1.fc26

192229 - Fedora Linux 26 FEDORA-2017-1fe6f25af9 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7488

Description The scan detected that the host is missing the following update: FEDORA-2017-1fe6f25af9

Fedora Core 26 authconfig-7.0.1-1.fc26

21996 - (MSPT-June2017) Windows Security Feature Bypass Vulnerability (CVE-2017-8493)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8493

Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

A security feature bypass vulnerability is present in some versions of Microsoft Windows. The flaw lies in enforcing case sensitivity for certain variable checks. Successful exploitation could allow an attacker to set variables that requires authentication.

130790 - Debian Linux 8.0 DSA-3876-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2017-9324

Description The scan detected that the host is missing the following update: DSA-3876-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3876

Debian 8.0 all otrs2_3.3.9-3+deb8u1

182369 - FreeBSD GnuTLS Denial Of Service Vulnerability (b33fb1e0-4c37-11e7-afeb-0011d823eebd)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GnuTLS -- Denial of service vulnerability (b33fb1e0-4c37-11e7-afeb-0011d823eebd)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/b33fb1e0-4c37-11e7-afeb-0011d823eebd.html

Affected packages: gnutls < 3.5.13

182370 - FreeBSD mozilla Multiple Vulnerabilities (6cec1b0a-da15-467d-8691-1dea392d4c8d)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE- 2017-7754, CVE-2017-7755, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7759, CVE-2017-7760, CVE-2017-7761, CVE-2017-7762, CVE-2017-7763, CVE-2017-7764, CVE-2017-7765, CVE-2017-7766, CVE-2017-7767, CVE-2017-7768, CVE-2017- 7778

Description The scan detected that the host is missing the following update: mozilla -- multiple vulnerabilities (6cec1b0a-da15-467d-8691-1dea392d4c8d)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/6cec1b0a-da15-467d-8691-1dea392d4c8d.html Affected packages: firefox < 54.0,1 seamonkey < 2.51 linux-seamonkey < 2.51 firefox-esr < 52.2.0,1 linux-firefox < 52.2.0,2 libxul < 52.2.0 thunderbird < 52.2.0 linux-thunderbird < 52.2.0

192176 - Fedora Linux 26 FEDORA-2017-f0d48eabe6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7507

Description The scan detected that the host is missing the following update: FEDORA-2017-f0d48eabe6

Fedora Core 26 gnutls-3.5.13-1.fc26

192178 - Fedora Linux 24 FEDORA-2017-6aff7475b7 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-6aff7475b7

Fedora Core 24 ansible-2.3.1.0-1.fc24

192181 - Fedora Linux 26 FEDORA-2017-59f85fef2c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7650 Description The scan detected that the host is missing the following update: FEDORA-2017-59f85fef2c

Fedora Core 26 mosquitto-1.4.12-1.fc26

192185 - Fedora Linux 24 FEDORA-2017-486a536b62 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7650

Description The scan detected that the host is missing the following update: FEDORA-2017-486a536b62

Fedora Core 24 mosquitto-1.4.12-1.fc24

192186 - Fedora Linux 26 FEDORA-2017-d51eedb333 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-d51eedb333

Fedora Core 26 smb4k-1.2.3-1.fc26 192191 - Fedora Linux 26 FEDORA-2017-b9b66117bb Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-2295

Description The scan detected that the host is missing the following update: FEDORA-2017-b9b66117bb

Fedora Core 26 puppet-4.6.2-4.fc26

192192 - Fedora Linux 25 FEDORA-2017-f646217583 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7507

Description The scan detected that the host is missing the following update: FEDORA-2017-f646217583

Fedora Core 25 gnutls-3.5.13-1.fc25

192193 - Fedora Linux 25 FEDORA-2017-87a64155eb Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7481

Description The scan detected that the host is missing the following update: FEDORA-2017-87a64155eb

Fedora Core 25 ansible-2.3.1.0-1.fc25

192194 - Fedora Linux 26 FEDORA-2017-50b9370529 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-50b9370529

Fedora Core 26 lynis-2.5.0-1.fc26

192195 - Fedora Linux 26 FEDORA-2017-fe7c3c9c30 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-fe7c3c9c30

Fedora Core 26 wordpress-4.7.5-1.fc26

192196 - Fedora Linux 26 FEDORA-2017-e6deec5bd0 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10376

Description The scan detected that the host is missing the following update: FEDORA-2017-e6deec5bd0

Fedora Core 26 gajim-0.16.8-1.fc26

192200 - Fedora Linux 26 FEDORA-2017-38212d42d8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-38212d42d8

Fedora Core 26 dolphin-emu-5.0-14.fc26

192201 - Fedora Linux 26 FEDORA-2017-7936341c80 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7507

Description The scan detected that the host is missing the following update: FEDORA-2017-7936341c80

Fedora Core 26 mingw-gnutls-3.5.13-1.fc26

192204 - Fedora Linux 26 FEDORA-2017-0343b2d324 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-0343b2d324

Fedora Core 26 libgcrypt-1.7.7-1.fc26

192218 - Fedora Linux 26 FEDORA-2017-811133dc2c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE- 2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, CVE-2017-5069

Description The scan detected that the host is missing the following update: FEDORA-2017-811133dc2c

Fedora Core 26 chromium-58.0.3029.110-2.fc26 chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc26

192219 - Fedora Linux 24 FEDORA-2017-4de07172f4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-4de07172f4

192221 - Fedora Linux 26 FEDORA-2017-edecdcb23e Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-edecdcb23e

Fedora Core 26 deluge-1.3.15-1.fc26

192222 - Fedora Linux 25 FEDORA-2017-c2113aacd2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7650

Description The scan detected that the host is missing the following update: FEDORA-2017-c2113aacd2

Fedora Core 25 mosquitto-1.4.12-1.fc25

192226 - Fedora Linux 26 FEDORA-2017-49c0ac5ce7 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7481

Description The scan detected that the host is missing the following update: FEDORA-2017-49c0ac5ce7 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2

Fedora Core 26 ansible-2.3.1.0-1.fc26

192232 - Fedora Linux 26 FEDORA-2017-283a7d7b7f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-283a7d7b7f

Fedora Core 26 rpcbind-0.2.4-7.rc1.fc26

192234 - Fedora Linux 26 FEDORA-2017-1f533a944e Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-1f533a944e

Fedora Core 26

FlightCrew-0.9.1-7.fc26

21945 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-0299)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-0299

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles memory addresses. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21947 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-0300)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-0300

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21951 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8462)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8462

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

21953 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8469)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8469 Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21970 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8476)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8476

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21971 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8478)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8478

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21972 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8479)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8479

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21973 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8480)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8480

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21974 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8481)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8481

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21976 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8482)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8482

Description An information disclosure vulnerability is present in some versions of Microsoft Windows. Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21977 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8485)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8485

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21980 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8489)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8489

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21981 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8491)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8491

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft. An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

21982 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8492)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8492

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

160267 - CentOS 7 CESA-2017-1430 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7718, CVE-2017-7980

Description The scan detected that the host is missing the following update: CESA-2017-1430

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2017-June/022458.html

CentOS 7 x86_64 qemu-kvm-tools-1.5.3-126.el7_3.9 qemu-img-1.5.3-126.el7_3.9 qemu-kvm-1.5.3-126.el7_3.9 qemu-kvm-common-1.5.3-126.el7_3.9

163372 - Oracle Enterprise Linux ELSA-2017-1430 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7718, CVE-2017-7980

Description The scan detected that the host is missing the following update: ELSA-2017-1430 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2017-June/006980.html

OEL7 x86_64 qemu-kvm-tools-1.5.3-126.el7_3.9 qemu-img-1.5.3-126.el7_3.9 qemu-kvm-1.5.3-126.el7_3.9 qemu-kvm-common-1.5.3-126.el7_3.9

175187 - Scientific Linux Security ERRATA Important: qemu-kvm on SL7.x x86_64 (1706-1955)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Low CVE: CVE-2017-7718, CVE-2017-7980

Description The scan detected that the host is missing the following update: Security ERRATA Important: qemu-kvm on SL7.x x86_64 (1706-1955)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://listserv.fnal.gov/scripts/wa.exe?A2=ind1706&L=scientific-linux-errata&F=&S=&P=1955

SL7 x86_64 qemu-kvm-tools-1.5.3-126.el7_3.9 qemu-img-1.5.3-126.el7_3.9 qemu-kvm-debuginfo-1.5.3-126.el7_3.9 qemu-kvm-1.5.3-126.el7_3.9 qemu-kvm-common-1.5.3-126.el7_3.9

192175 - Fedora Linux 25 FEDORA-2017-a3c7d077c7 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10374

Description The scan detected that the host is missing the following update: FEDORA-2017-a3c7d077c7

Fedora Core 25 perltidy-20170521-1.fc25

192198 - Fedora Linux 24 FEDORA-2017-1f11501a9f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10374

Description The scan detected that the host is missing the following update: FEDORA-2017-1f11501a9f

Fedora Core 24 perltidy-20170521-1.fc24

192205 - Fedora Linux 26 FEDORA-2017-c76259ddea Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10374

Description The scan detected that the host is missing the following update: FEDORA-2017-c76259ddea

Fedora Core 26 perltidy-20170521-1.fc26

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 21632 - (VMSA-2017-0006) VMware Workstation Player Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905 Update Details Risk is updated

21644 - (VMSA-2017-0006) VMware Fusion Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905

Update Details Risk is updated

21686 - (VMSA-2017-0008) VMware Workstation Player Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913

Update Details Risk is updated

21711 - (VMSA-2017-0008) VMware Horizon View Client Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913

Update Details Risk is updated

21713 - (VMSA-2017-0008) VMware Workstation Pro Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913

Update Details Risk is updated

21828 - Schneider Electric SoMachine HVAC Multiple Vulnerabilities

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-7965, CVE-2017-7966

Update Details Risk is updated 130766 - Debian Linux 8.0 DSA-3848-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386

Update Details Risk is updated

130784 - Debian Linux 8.0 DSA-3870-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8295, CVE-2017-9061, CVE-2017-9062, CVE-2017-9063, CVE-2017-9064, CVE-2017-9065

Update Details FASLScript is updated

145367 - SuSE SLES 12 SP1, 12 SP2 SUSE-SU-2017:1357-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386

Update Details Risk is updated

170811 - Amazon Linux AMI ALAS-2017-842 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386

Update Details Risk is updated

178444 - Gentoo Linux GLSA-201706-04 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2017-8386

Update Details Risk is updated

185698 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3287-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386 Update Details Risk is updated

192096 - Fedora Linux 25 FEDORA-2017-f4319b6dfc Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386

Update Details Risk is updated

192114 - Fedora Linux 26 FEDORA-2017-7ea0e02914 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386

Update Details Risk is updated

192159 - Fedora Linux 24 FEDORA-2017-01a7989fc0 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386

Update Details Risk is updated

141345 - Red Hat Enterprise Linux RHSA-2016-2602 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099

Update Details Risk is updated

163220 - Oracle Enterprise Linux ELSA-2016-2602 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099

Update Details Risk is updated

170690 - Amazon Linux AMI ALAS-2016-714 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099

Update Details Risk is updated

175055 - Scientific Linux Security ERRATA Low: mod_nss on SL7.x x86_64 (1612-4625)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2016-3099

Update Details Risk is updated

190558 - Fedora Linux 22 FEDORA-2016-85e9f2e3cd Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099

Update Details Risk is updated

190569 - Fedora Linux 23 FEDORA-2016-8b28358b72 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099

Update Details Risk is updated

190619 - Fedora Linux 24 FEDORA-2016-1eaaf1ed0f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099

Update Details Risk is updated

191083 - Fedora Linux 23 FEDORA-2016-b1a36cccc8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-4992

Update Details Risk is updated 191334 - Fedora Linux 24 FEDORA-2016-8660c7656f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-5416

Update Details Risk is updated

191368 - Fedora Linux 25 FEDORA-2016-8f9d466bcc Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-5416

Update Details Risk is updated

190508 - Fedora Linux 24 FEDORA-2016-f75bd73891 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-3095

Update Details Risk is updated

190770 - Fedora Linux 24 FEDORA-2016-f9db2293a8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-3111

Update Details Risk is updated

70014 - netbios-helpers.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH

Update Details FASLScript is updated

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing. FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.