SECUI Corporation


	Korean

<< Back

VID	26803
Severity	40
Port	139,445
Protocol	TCP
Class	SMB
Detailed Description	Microsoft Security Bulletin Summary for March 2017 MS17-006 Cumulative Security Update for Internet Explorer (4013073) These Vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. MS17-007 Cumulative Security Update for Microsoft Edge (4013071) These Vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. MS17-008 Security Update for Windows Hyper-V (4013082) These Vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. MS17-009 Security Update for Microsoft Windows PDF Library (4010319) The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. MS17-010 Security Update for Microsoft Windows SMB Server (4013389) These Vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. MS17-011 Security Update for Microsoft Uniscribe (4013076) These Vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. MS17-012 Security Update for Microsoft Windows (4013078) These Vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server. MS17-013 Security Update for Microsoft Graphics Component (4013075) These Vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. MS17-014 Cumulative Security Update for Microsoft Edge (4013071) These Vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. MS17-015 Security Update for Microsoft Exchange Server (4013242) The vulnerability could allow remote code execution in Exchange Server. MS17-016 Cumulative Security Update for Microsoft Edge (4013071) These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. MS17-017 Security Update for Windows Kernel (4013081) The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. MS17-018 Security Update for Windows Kernel-Mode Drivers (4013083) The vulnerabilities could allow elevation of privilege. MS17-019 Security Update for Active Directory Federation Services (4010320) The vulnerability could allow information disclosure. MS17-020 Security Update for Windows DVD Maker (3208223) The vulnerability could allow an attacker to obtain information to further compromise a target system. MS17-021 Security Update for Windows DirectShow (4010318) The vulnerability could allow an information disclosure. MS17-022 Cumulative Security Update for Microsoft Edge (4013071) The vulnerability could allow information disclosure if a user visits a malicious website. MS17-023 Security Update for Adobe Flash Player (4014329) This security update resolves vulnerabilities in Adobe Flash Player. * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx * Platforms Affected: Windows Vista SP2 Windows Vista x64 SP2 Windows Server 2008 SP2 Windows Server 2008 x64 SP2 Windows 7 SP1 Windows 7 x64 SP1 Windows Server 2008 R2 SP1 Windows Server 2008 R2 x64 SP1 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 Windows 10 Windows Server 2016
Recommendation	Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin March 2017 Microsoft security update at https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx -- OR -- Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch.
Related URL	CVE-2017-0001,CVE-2017-0006,CVE-2017-0007,CVE-2017-0008,CVE-2017-0009,CVE-2017-0021,CVE-2017-0023,CVE-2017-0055,CVE-2017-0143,CVE-2017-0072 (CVE)
Related URL	26803 (SecurityFocus)
Related URL	(ISS)