Microsoft CVE-2017-11927: Microsoft Windows Information Disclosure Vulnerability
|4||(AV:N/AC:M/Au:N/C:P/I:N/A:N)||December 11, 2017||December 11, 2017||January 01, 2018|
An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnerability an attacker would have to trick a user into browsing to a malicious website or to an SMB or UNC path destination. An attacker who successfully tricked a user into disclosing the user's NTLM hash could attempt a brute-force attack to disclose the corresponding hash password. The security update addresses the vulnerability by correcting how the Windows its:// protocol handler determines the zone of a request.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!