CVE-2017-8563

Опубликовано: 11 июл. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 5.1

EPSS Средний

Описание

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".

Ссылки

http://www.securityfocus.com/bid/99402
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8563
Patch
Vendor Advisory
http://www.securityfocus.com/bid/99402
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8563
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.17921

Средний

8.1 High

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-281

Связанные уязвимости

CVE-2017-8563

CVSS3: 7.5

msrc

почти 8 лет назад

Windows Elevation of Privilege Vulnerability

GHSA-79w4-pm9q-pr7v