cnvd - cnvd-2017-09497

CNVD-2017-09497

Vulnerability from cnvd - Published: 2017-06-14

Title

Microsoft Malware Protection引擎拒绝服务漏洞（CNVD-2017-09497）

Description

Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统，Microsoft Forefront是应用在其中的一套面向企业的服务器安全特性解决方案。Microsoft Defender是一款应用在其中的杀毒软件。多款Microsoft Windows中的Microsoft Forefront和Microsoft Forefront存在引擎拒绝服务漏洞，该漏洞源于程序未能正确的扫描特制的文件。攻击者可借助特制的文件利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Microsoft Malware Protection引擎拒绝服务漏洞（CNVD-2017-09497）的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542 https://nvd.nist.gov/vuln/detail/CVE-2017-8542

Impacted products

Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Malware Protection Engine', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows server 2012 Gold', 'Microsoft Exchange Server 2013 SP1，Update 8', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Exchange Server 2016', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016']

Name

['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Malware Protection Engine', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows server 2012 Gold', 'Microsoft Exchange Server 2013 SP1，Update 8', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Exchange Server 2016', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98707"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8542"
    }
  },
  "description": "Microsoft Windows\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\uff0cMicrosoft Forefront\u662f\u5e94\u7528\u5728\u5176\u4e2d\u7684\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u7684\u670d\u52a1\u5668\u5b89\u5168\u7279\u6027\u89e3\u51b3\u65b9\u6848\u3002Microsoft Defender\u662f\u4e00\u6b3e\u5e94\u7528\u5728\u5176\u4e2d\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eMicrosoft Windows\u4e2d\u7684Microsoft Forefront\u548cMicrosoft Forefront\u5b58\u5728\u5f15\u64ce\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u626b\u63cf\u7279\u5236\u7684\u6587\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Tavis Ormandy of Google Project Zero.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09497",
  "openTime": "2017-06-14",
  "patchDescription": "Microsoft Windows\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\uff0cMicrosoft Forefront\u662f\u5e94\u7528\u5728\u5176\u4e2d\u7684\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u7684\u670d\u52a1\u5668\u5b89\u5168\u7279\u6027\u89e3\u51b3\u65b9\u6848\u3002Microsoft Defender\u662f\u4e00\u6b3e\u5e94\u7528\u5728\u5176\u4e2d\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eMicrosoft Windows\u4e2d\u7684Microsoft Forefront\u548cMicrosoft Forefront\u5b58\u5728\u5f15\u64ce\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u626b\u63cf\u7279\u5236\u7684\u6587\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Malware Protection\u5f15\u64ce\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-09497\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows Server 2008 SP2",
      "Microsoft Windows 7 SP1",
      "Microsoft Malware Protection Engine",
      "Microsoft Windows 8.1",
      "Microsoft Windows RT 8.1 SP0",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows server 2012 Gold",
      "Microsoft Exchange Server 2013 SP1\uff0cUpdate 8",
      "Microsoft Windows 10 Gold",
      "Microsoft Windows 10  1511",
      "Microsoft Exchange Server 2016",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2016"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8542",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-31",
  "title": "Microsoft Malware Protection\u5f15\u64ce\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-09497\uff09"
}

CVE-2017-8542 (GCVE-0-2017-8542)

Vulnerability from cvelistv5 – Published: 2017-05-26 20:00 – Updated: 2024-08-05 16:41

Summary

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.

Severity ?

No CVSS data available.

CWE

Denial of Server

Assigner

microsoft

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/98707	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1038571	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	Malware Protection	Affected: Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:41:23.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542"
          },
          {
            "name": "98707",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98707"
          },
          {
            "name": "1038571",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038571"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Malware Protection",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
            }
          ]
        }
      ],
      "datePublic": "2017-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Server",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542"
        },
        {
          "name": "98707",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98707"
        },
        {
          "name": "1038571",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038571"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-8542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Malware Protection",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Server"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542"
            },
            {
              "name": "98707",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98707"
            },
            {
              "name": "1038571",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038571"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-8542",
    "datePublished": "2017-05-26T20:00:00",
    "dateReserved": "2017-05-03T00:00:00",
    "dateUpdated": "2024-08-05T16:41:23.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-09497

CVE-2017-8542 (GCVE-0-2017-8542)

Tags

Sightings

Nomenclature