CVE-2017-8464
published 2017-06-15CVE-2017-8464: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows…
PriorityP193high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-08-10
Exploited in the wild
EPSS
90.03%
99.8th percentile
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_shell | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2017-8464 exploitation involves dropping a crafted .LNK file on network or removable drives; monitor for .LNK files appearing on drive roots or network shares, especially when executed via Windows Explorer icon rendering. ↗
- →BlackSquid (Worm.Win32.BLASQUI.A) uses CVE-2017-8464 for lateral propagation via removable and network drives; hunt for the detection name BLASQUI in endpoint telemetry. ↗
- →BlackSquid aborts infection if sandbox-associated usernames, disk drive model strings (e.g., VBOX, vmware, Qemu, Sandbox), or debugger/sandbox processes (e.g., OllyDBG.EXE, Sandboxie.exe, vboxdrv.sys) are detected; use these as canary indicators in deception environments. ↗
- →Monitor SMB traffic on ports 445 and 139 for EternalBlue-DoublePulsar exploit patterns used alongside CVE-2017-8464 for network propagation. ↗
- ·The BlackSquid hardware breakpoint anti-analysis routine is hard-coded to 0 (disabled) at time of analysis, meaning the breakpoint-based evasion branch was not yet active in the observed sample. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
cisa·2022-02-10·CVSS 8.8
CVE-2017-8464 [HIGH] Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Vulnerability: Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Affected: Microsoft Windows
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-8464
Remediation Due Date: 2022-08-10
Microsoft
LNK Remote Code Execution Vulnerability
vendor_msrc·2017-06-13·CVSS 7.5
CVE-2017-8464 [HIGH] LNK Remote Code Execution Vulnerability
LNK Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target s
GHSA
GHSA-v5x6-r6hp-xgpc: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-13
CVE-2017-8464 [HIGH] GHSA-v5x6-r6hp-xgpc: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
VulnCheck
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
vulncheck·2017·CVSS 8.8
CVE-2017-8464 [HIGH] Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2017-Jun; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/; https://research.checkpoint.com/2020/rudeminer-blacksquid-and-lucifer-walk-into-a-bar/; https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf; https://www.cisa.gov/sites/default/files/feeds/known_exploited
No detection rules found.
Exploit-DB
Microsoft Windows - '.LNK' Shortcut File Code Execution
exploitdb·2017-08-06·CVSS 8.8
CVE-2017-8464 [HIGH] Microsoft Windows - '.LNK' Shortcut File Code Execution
Microsoft Windows - '.LNK' Shortcut File Code Execution
---
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability
# CVE : 2017-8464
# Authors : [ykoster, nixawk]
# Notice : Only for educational purposes.
# Support : python2
import struct
def generate_SHELL_LINK_HEADER():
# _________________________________________________________________
# | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
# |0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
# -----------------------------------------------------------------
# | HeaderSize |
# -----------------------------------------------------------------
# | LinkCLSID (16 bytes) |
# -----------------------------------------------------------------
# | ... |
# ----
Exploit-DB
Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)
exploitdb·2017-07-26·CVSS 9.3
CVE-2017-8464 [CRITICAL] Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)
Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'LNK Remote Code Execution Vulnerability',
'Description' => %q{
This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK)
that contain a dynamic icon, loaded from a malicious DLL.
This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is
similar except in an additional SpecialFolderDataBlock is included. The folder ID set
in this SpecialFolderDataBlock is set to the Control Panel. This is enought to bypass
the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary
DLL file.
},
Metasploit
LNK Code Execution Vulnerability
metasploit·CVSS 9.3
CVE-2015-0096 [CRITICAL] LNK Code Execution Vulnerability
LNK Code Execution Vulnerability
This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. If no PATH is specified, the module will use drive letters D through Z so the files may be placed in the root path of a drive such as a shared VM folder or USB drive.
Metasploit
LNK Code Execution Vulnerability
metasploit·CVSS 9.3
CVE-2015-0096 [CRITICAL] LNK Code Execution Vulnerability
LNK Code Execution Vulnerability
This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Talos
Lemon Duck brings cryptocurrency miners back into the spotlight
blogs_talos·2020-10-13
Lemon Duck brings cryptocurrency miners back into the spotlight
By Vanja Svajcer, with contributions from Caitlin Huey.
- We are used to ransomware attacks and big-game hunting making headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.
- Cisco Talos recently recorded increased activity of the Lemon Duck cryptocurrency-mining botnet using several techniques likely to be spotted by defenders, but are not immediately obvious to end-users.
- These threats demonstrate several techniques of the MITRE ATT&CK framework, most notably T1203 (Exploitation for Client Execution), T1089 (Disabling Security Tools), T1105 (Remote File Copy), T1027 (Obfuscated Files or Information), T1086 (PowerShell), T1035 (Service Execution), T1021.002 (Remote Services: SMB/Windows Admin Shares), T1053 (Scheduled Task), T1562.004
Checkpoint
Rudeminer, Blacksquid and Lucifer Walk Into A Bar
blogs_checkpoint·2020-09-15·CVSS 9.8
CVE-2018-10561 [CRITICAL] Rudeminer, Blacksquid and Lucifer Walk Into A Bar
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Rudeminer, Blacksquid and Lucifer Walk Into A Bar
Research by David Driker, Amir Landau
Background
Lucifer is a Windows crypto miner and DDOS hybrid malware. Three months ago, researcher
Unit42
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
blogs_unit42·2020-06-24·CVSS 9.8
[CRITICAL] Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
Threat Research Center
Threat Research
Vulnerabilities
## Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
Ken Hsu
Durgesh Sangvikar
Zhibin Zhang
Chris Navarrete
Published: June 24, 2020
Threat Research
Vulnerabilities
Cryptocurrency mining
Cryptojacking
DDoS
Lucifer
## Executive Summary
On May 29, 2020, Unit 42 researchers discovered a new variant of a hybrid cryptojacking malware from numerous incidents of CVE-2019-9081 exploitation in the wild. A closer look revealed the malware, which we’ve dubbed “Lucifer”, is capable of conducting DDoS attacks and well-equipped with all kinds of exploits against vulnerable Windows hosts. The first wave of the campaign stopped on June 10, 2020. The attacker th
Unit42
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
blogs_unit42·2020-06-24·CVSS 9.8
CVE-2019-9081 [CRITICAL] Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
## Executive Summary
On May 29, 2020, Unit 42 researchers discovered a new variant of a hybrid cryptojacking malware from numerous incidents of CVE-2019-9081 exploitation in the wild. A closer look revealed the malware, which we’ve dubbed “Lucifer”, is capable of conducting DDoS attacks and well-equipped with all kinds of exploits against vulnerable Windows hosts. The first wave of the campaign stopped on June 10, 2020. The attacker then resumed their campaign on June 11, 2020, spreading an upgraded version of the malware and wreaking havoc. The sample was compiled on Thursday, June 11, 2020 10:39:47 PM UTC and caught by Palo Alto Networks Next-Generation Firewall. At the time of writing, the campaign’s still ongoing.
Lucifer is quite powerful in its capabilities. Not only is it capable
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyber Threats
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw Jun 03, 2019 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, ne
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyber Threats
# BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw
2019/06/03
Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, netw
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyber Threats
# BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw
Jun 03, 2019
Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, ne
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyber Threats
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw 2019/06/03 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, netw
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Minacce cyber
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw Jun 03, 2019 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, ne
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Ciberamenazas
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw Jun 03, 2019 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, ne
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyberbedrohungen
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw Jun 03, 2019 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers,
Securelist
Threats to users of adult websites in 2018
blogs_securelist·2019-02-21
Threats to users of adult websites in 2018
Table of Contents
Introduction
Methodology and key findings
Part 1 – Malware
Porn tags = Malware tags
Mobile malware
Credential hunters
Part 2 – Phishing and spam
Spam-scam
Part 3 – Darknet insights
Conclusions and advice
Authors
Kaspersky
More graphs and statistics in full PDF version
## Introduction
2018 was a year that saw campaigns to decrease online pornographic content and traffic. For example, one of the most adult-content friendly platforms – Tumblr – announced it was banning erotic content (even though almost a quarter of its users consume adult content). In addition, the UK received the title of ‘ The Second Most Porn-Hungry Country in the World ‘ and is now implementing a law on age-verification for pornography lovers that will prohibit anyone below the age of 18
Securelist
Threats to users of adult websites in 2018
blogs_securelist·2019-02-21
Threats to users of adult websites in 2018
Table of Contents
- Introduction
- Methodology and key findings
- Part 1 – Malware
- Part 2 – Phishing and spam
- Part 3 – Darknet insights
- Conclusions and advice
Authors
- Kaspersky
More graphs and statistics in full PDF version
## Introduction
2018 was a year that saw campaigns to decrease online pornographic content and traffic. For example, one of the most adult-content friendly platforms – Tumblr – announced it was banning erotic content (even though almost a quarter of its users consume adult content). In addition, the UK received the title of ‘The Second Most Porn-Hungry Country in the World‘ and is now implementing a law on age-verification for pornography lovers that will prohibit anyone below the age of 18 to watch this sort of content. This is potentially opening a worl
Talos
Microsoft Patch Tuesday - June 2017
blogs_talos·2017-06-13·CVSS 8.8
CVE-2017-0283 [HIGH] Microsoft Patch Tuesday - June 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 92 vulnerabilities with 17 of them rated critical and 75 rated important. Impacted products include Edge, Internet Explorer, Office, Sharepoint, Skype for Business, Lync, and Windows.
### Vulnerabilities Rated Critical
#### CVE-2017-0283 This is a remote code execution vulnerability in Windows Uniscribe related to improper handling of objects in memory. The attack can result in the attacker gaining full control of the affected system. This can be exploited through multiple vectors including viewing a specially crafted website or a user opening a specially crafted document file.
#### CVE-2017-0291 / CVE-2017-0292 These are remote code execution vulnerabil
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update | Qualys
blogs_qualys·2017-06-13·CVSS 8.1
[HIGH] Microsoft Fixes 94 Security Issues in Massive June Update | Qualys
Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.
Microsoft also released Security Advisory 4025685 which includes patches for older platforms due to heightened risk of exploitation. In my opinion this should be treated as a blue-print for future attacks and updates for EOL operating systems should be applied as soon as possible. Older platforms include Windows XP, Windows Server 2003, Vista and Windows 8 and older issues like MS08-067, MS09-050, MS10-061, MS14-068, MS17-010, MS17-013 are patched. Newer issues affecting older platforms like CV
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update
blogs_qualys·2017-06-13·CVSS 8.1
[HIGH] Microsoft Fixes 94 Security Issues in Massive June Update
Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.
Microsoft also released Security Advisory 4025685 which includes patches for older platforms due to heightened risk of exploitation. In my opinion this should be treated as a blue-print for future attacks and updates for EOL operating systems should be applied as soon as possible. Older platforms include Windows XP, Windows Server 2003, Vista and Windows 8 and older issues like MS08-067, MS09-050, MS10-061, MS14-068, MS17-010, MS17-013 are patched. Newer issues affecting older platforms like CV
Zscaler
Zscaler found Multiple Security Vulnerabilities | 06-13-2017
blogs_zscaler·CVSS 8.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 06-13-2017
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/98818http://www.securitytracker.com/id/1038671https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464https://www.exploit-db.com/exploits/42382/https://www.exploit-db.com/exploits/42429/http://www.securityfocus.com/bid/98818http://www.securitytracker.com/id/1038671https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464https://www.exploit-db.com/exploits/42382/https://www.exploit-db.com/exploits/42429/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8464
2017-06-15
Published
2022-02-10
Added to CISA KEV
Exploited in the wild