CVE-2017-8702 — Corporation Windows Error Reporting vulnerability

7 documents5 sources

Severity

7.0HIGHNVD

EPSS

0.9%

top 24.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Error Reporting Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems +6 more

Timeline

PublishedSep 13

Latest updateMay 13

Description

Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5microsoft_corporation/windows_error_reportingMicrosoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5xrm-53vv-xv34: Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensi↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Windows Error Reporting Elevation of Privilege Vulnerability↗2017-09-12

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2017↗2017-09-12

▶

💬Community

Bugzilla

CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple ↗2016-10-17

▶