The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

cybersecurity note CVE-2017-0176 CVE-2017-8461 CVE-2017-8487

Microsoft Windows XP, 2003: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Windows XP, 2003.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/06/2017.
Références of this threat: 4022747, 4024323, 4025218, CERTFR-2017-ALE-008, CERTFR-2017-AVI-181, CVE-2017-0176, CVE-2017-8461, CVE-2017-8487, ESTEEMAUDIT, VIGILANCE-VUL-22983.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Windows XP, 2003.

An attacker can use a vulnerability in the proxy for smart card access included in the RDP implementation from Microsoft Windows XP, 2003, in order to run code (VIGILANCE-VUL-22478). [severity:3/4; 4022747, CERTFR-2017-ALE-008, CVE-2017-0176, ESTEEMAUDIT]

An attacker can use a vulnerability via RPC, in order to run code. [severity:2/4; 4024323, CVE-2017-8461]

An attacker can bypass security features via olecnv32.dll, in order to escalate his privileges. [severity:2/4; 4025218, CVE-2017-8487]
Full Vigil@nce bulletin... (Free trial)

This computer weakness announce impacts software or systems such as Windows 2003, Windows XP.

Our Vigil@nce team determined that the severity of this security alert is important.

The trust level is of type confirmed by the editor, with an origin of intranet server.

This bulletin is about 3 vulnerabilities.

An attacker with a expert ability can exploit this vulnerability.

Solutions for this threat

Microsoft Windows XP, 2003: patch.
A patch is indicated in information sources for each plateform (x86 and amd64).
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an applications vulnerabilities patch. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.