Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0170: Windows Performance Monitor Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-0170: Windows Performance Monitor Information Disclosure Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

07/11/2017

Created

07/25/2018

Added

07/11/2017

Modified

07/14/2023

Description

An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create specially crafted XML data and convince an authenticated user to create a Data Collector Set and import the file. To create a Data Collector Set, the user must be a member of the Performance Log Users or Local Administrators group. The update addresses the vulnerability by modifying the way that the Windows Performance Monitor Console parses XML input.

Solution(s)

msft-kb4025333-2884a1b4-f534-42b7-b4e9-6b07e48912f2
msft-kb4025333-9787a4fc-d69c-4bf5-92bf-7ee510368696
msft-kb4025333-a8091733-a526-4480-afe7-72a1b3385439
msft-kb4025337-27fce932-7817-4fdb-965f-19eb36d78839
msft-kb4025337-6c36dd1f-0240-48fa-9696-3fcf17a57a62
msft-kb4025337-794feee1-ea78-4c11-a683-a91335abb0e3
msft-kb4025337-856a0bc5-b356-4282-a54e-9cf87b548303
msft-kb4025337-85fadee5-ed6f-4a22-964a-9b2991c4cff1
msft-kb4025337-c15b95d8-875f-4922-9460-08ece3c9b584
msft-kb4025338-56ce2a02-e893-484d-8005-0fc74468cc84
msft-kb4025338-db3c2241-b6c1-4a6d-83b4-93b1ce46434b
msft-kb4025339-84c1a786-79d4-4d94-9a75-fc900083816f
msft-kb4025339-a44d500f-fc5d-4fe4-90cb-991568e9cb58
msft-kb4025339-d6677d54-ce7a-4774-a696-84de34eff033
msft-kb4025342-25acae93-40d4-4e62-814c-efb2f29f1bca
msft-kb4025342-682dbdab-6814-494b-84d5-8fb43c070c35
msft-kb4025343-3a348a0c-2982-4ee6-b51b-6e4644a6c888
msft-kb4025343-733ef1e8-2bb5-4f7e-ae77-70a3fd4f05c6
msft-kb4025343-878d370a-a48a-4f91-b0fc-a0dfd69e30ab
msft-kb4025344-747ff6a4-ff7b-4405-af04-2a85d1a6f6ad
msft-kb4025344-b43ab510-8532-4035-a512-0bdf731245e9
msft-kb4025397-4930e85a-3915-4a27-b19e-f3b7af8a400b
msft-kb4025397-aaed1c08-41ce-4577-81fc-41c5aaa44d2e
msft-kb4025397-e4d1f31e-6542-473c-a276-b598a1618b9d

References

https://attackerkb.com/topics/cve-2017-0170
CVE - 2017-0170
4025331
4025333
4025336
4025337
4025338
4025339
4025341
4025342
4025343
4025344
4025397

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0170: Windows Performance Monitor Information Disclosure Vulnerability

Microsoft CVE-2017-0170: Windows Performance Monitor Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.