Vulnerability & Exploit Database

Back to search

Microsoft CVE-2017-11927: Microsoft Windows Information Disclosure Vulnerability

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:P/I:N/A:N) December 12, 2017 December 12, 2017 January 02, 2018

Description

An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnerability an attacker would have to trick a user into browsing to a malicious website or to an SMB or UNC path destination. An attacker who successfully tricked a user into disclosing the user's NTLM hash could attempt a brute-force attack to disclose the corresponding hash password. The security update addresses the vulnerability by correcting how the Windows its:// protocol handler determines the zone of a request.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

msft-kb4053473-10f92069-f9c1-4b1c-83d5-21b6a0d6ff81