Rapid7 VulnDB

Microsoft CVE-2017-5753: Guidance to mitigate speculative execution side-channel vulnerabilities

Back to Search

Microsoft CVE-2017-5753: Guidance to mitigate speculative execution side-channel vulnerabilities

Severity
5
CVSS
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
Published
01/03/2018
Created
07/25/2018
Added
02/01/2018
Modified
04/09/2019

Description

NOTE This advisory was revised on July 10, 2018. Some content has been removed for simplicity and because it is no longer relevant. You can view the archived content for ADV180002 in the FAQ section following the Affected Products table. Executive Summary Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors. An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run code on the system to leverage these vulnerabilities. Microsoft has released updates to help mitigate these vulnerabilities. To get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs and in some cases updates to AV software as well. In some cases, installing these updates will have a performance impact. We have also taken action to secure our cloud services. Microsoft has no information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. This advisory addresses the following vulnerabilities: CVE-2017-5753 - Bounds check bypass CVE-2017-5715 - Branch target injection CVE-2017-5754 - Rogue data cache load Recommended Actions The best protection is to keep computers up to date. Please see Knowledge Base Article 4073757 for guidance on protecting Windows devices. Customers using Surface products should see Microsoft Knowledge Base Article 4073065. Enterprise customers are recommended to review this advisory in detail and register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. Software developers should review the C++ developer guidance for speculative execution side channels at https://aka.ms/sescdevguide. Verify the status of protections for CVE-2017-5715 and CVE-2017-5754 using the PowerShell script Get-SpeculationControlSettings. For more information and to obtain the PowerShell script see: Understanding Get-SpeculationControlSettings PowerShell script output. Potential performance impacts In testing Microsoft has seen some performance impact with these mitigations. For most consumer devices, the impact may not be noticeable; however, the specific impact varies by hardware generation and implementation by the chip manufacturer. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. In some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations. We continue to work with hardware vendors to improve performance while maintaining a high level of security. Advisory Details Vulnerabilities Description Speculative execution side-channel vulnerabilities can be used to read the content of memory across a trusted boundary and can therefore lead to information disclosure. There are multiple vectors by which an attacker could trigger the vulnerabilities depending on the configured environment. For a detailed view of affected scenarios and Microsoft’s approach to mitigating this new class of vulnerabilities, please see our Security Research Blog. The following table summarizes the CVEs, names, and affected processors for each of these vulnerabilities: CVE Public Vulnerability Name Other Names Processors Affected CVE-2017-5753 Bounds check bypass Spectre, Variant 1 AMD, ARM, Intel CVE-2017-5715 Branch target injection Spectre, Variant 2 AMD, ARM, Intel CVE-2017-5754 Rogue data cache load Meltdown, Variant 3 ARM, Intel The first two variants, Bounds check bypass (CVE-2017-5753) and Branch target injection (CVE-2017-5715) are collectively known as Spectre. An attacker who has successfully exploited these vulnerabilities may be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run untrusted code on the system to leverage these vulnerabilities. In browsing scenarios, an attacker could convince a user to visit a malicious site to leverage these vulnerabilities to privileged information from the browser process such as sensitive data from other opened tabs. An attacker could also inject malicious code into advertising networks used by trusted sites or embed malicious code on a compromised, but trusted, site. Bounds check bypass store is an extension of Bounds check bypass. The third variant, Rogue data cache load (CVE-2017-5754) is known as Meltdown. An attacker who has successfully exploited this vulnerability may be able to read privileged memory from an unprivileged context. The following table summarizes the relevance of these variants to the attack scenarios and trust boundaries. Each attack scenario is described in terms of the direction that information flows when performing a speculative execution side channel attack. The entries for each CVE indicate whether the speculation primitive is applicable to the corresponding attack scenario. Attack Category Attack Scenario CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Inter-VM Hypervisor-to-guest Applicable Applicable Not applicable Host-to-guest Applicable Applicable Not applicable Guest-to-guest Applicable Applicable Not applicable Intra-OS Kernel-to-user Applicable Applicable Applicable Process-to-process Applicable Applicable Not applicable Intra-process Applicable Applicable Not applicable Enclave Enclave-to-any Applicable Applicable Not applicable For a detailed view of these scenarios and our approach to mitigating this new class of vulnerabilities, please see our Security Research Blog. Microsoft Windows client customers Customers using Windows client operating systems need to apply both firmware (microcode) and software updates. See Microsoft Knowledge Base Article 4073119 for additional information. Customers using AMD processors should review FAQ #15 in this advisory for additional action you need to take. Microsoft is making available Intel-validated microcode updates for Windows 10 operating systems. Please see Microsoft Knowledge Base Article 4093836 for the current Intel microcode updates. Microsoft Windows Server customers Customers using Windows server operating systems listed in the Affected Products table need to apply firmware (microcode) and software updates as well as to configure protections. See Microsoft Knowledge Base Article 4072698 for additional information, including workarounds. Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure. More information can be found here. Microsoft Surface customers Customers using Microsoft Surface and Surface Book products need to apply both firmware (microcode) and software updates. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. See Microsoft Knowledge Base Article 4073065 for more information. Microsoft cloud customers Microsoft has already deployed mitigations across our cloud services. More information is available here. Microsoft SQL Server customers In scenarios running Microsoft SQL Server, customers should follow the guidance outlined in Microsoft Knowledge Base Article 4073225. Microsoft HoloLens customers Updates to Windows 10 for HoloLens are available to HoloLens customers through Windows Update. After applying the February 2018 Windows Security Update HoloLens customers do not need to take any additional action to update their device firmware. These mitigations will also be included in all future releases of Windows 10 for HoloLens. Updated FAQ Several of these FAQs have been updated or archived for simplicity. Please refer to the FAQ section following the Affected Products table for the archived FAQ content. 1. What systems are at risk from these vulnerabilities? These vulnerabilities affect both client and server operating systems. Systems and services configured to allow execution of untrusted code are primarily at risk from these vulnerabilities. Additionally, client systems used in browser scenarios such as workstations or terminal servers are at increased risk of these vulnerabilities. 2. What are the associated CVEs for these vulnerabilities? See CVE-2017-5715 See CVE-2017-5753 See CVE-2017-5754 3. Have there been any active attacks detected? No. At the time of publication, Microsoft has no information to indicate that these vulnerabilities have been used to attack customers. 4. Removed for simplicity (previously the FAQ addressed the date of disclosure). 5. I have not been offered the Windows security updates released on January 3, 2018. What should I do? To help avoid adversely affecting customer devices, the Windows security updates released on January 3rd, 2018 were only offered to devices running compatible antivirus software. Please see Microsoft Knowledge Base Article 4072699 for more information about how to get the updates. 6. Removed for simplicity (previously the FAQ addressed availability of updates for Windows Server 2008 and Windows Server 2012 – see the Affected Products table for the updates) 7. Removed for simplicity (previously the FAQ addressed availability of updates for 32-bit versions of Windows (x86) – see the Affected Products table for the updates) 8. Removed for simplicity (previously the FAQ addressed the scope of the vulnerabilities – see the Vulnerabilities Description section of this advisory for this information) 9. Is my device protected after I’ve applied the Windows security updates? No. Additional action may be required. Please refer to the following table: CVE Windows Changes Requires microcode? Requires additional action? CVE-2017-5753 Compiler change; recompiled binaries now part of Windows Updates, and Edge & IE11 hardened to prevent exploit from JavaScript No No CVE-2017-5715 Calling new CPU instructions to eliminate branch speculation in risky situations Yes 1. Requires update to microcode 2. On Windows Server, the mitigation must be enabled. See KB 4072698 for more information. 3. If you are using an AMD processor, please see FAQ #15 for additional action. CVE-2017-5754 Isolate kernel and user mode page tables No 1. On Windows Server 2019 the mitigation is enabled by default. 2. On Windows Server 2016 and earlier, the mitigation must be enabled. See KB 4072698 for more information. 10. Removed for simplicity (previous FAQ addressed availability of updates for some systems using older AMD processors – see The Affected Products table for the updates) 11. Removed for simplicity (previous FAQ addressed reboot issues with Intel microcode on some older processors. See KB 4093836 for available microcode updates. 12. If I am on the Security Only branch, what Security Only updates do I need to install to be protected from the vulnerabilities described in this advisory? Security Only updates are not cumulative. Depending on the operating system version you are using and the processor on the computer, you may need to install several security updates for full protection. In general, customers will need to install the January, February, March, and April updates. Systems based on AMD processors need an additional update as shown in the following table: Operating System version Security Update Windows 8.1, Windows Server 2012 R2 4338815 - Monthly Rollup 4338824 - Security Only Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 R2 SP1 (Server Core installation) 4284826 - Monthly Roll-up 4284867 - Security Only Windows Server 2008 SP2 4340583 - Security Update Microsoft recommends installing these Security Only updates in the order of release. 13. If I apply any of the applicable February security updates, will they disable the protections for CVE-2017-5715 like security update 4078130 did? No. Security update 4078130 was a specific fix to prevent unpredictable system behaviors, performance issues, and/or unexpected reboots after installation of microcode. Applying the February security updates on Windows client operating systems enables all three mitigations. On Windows server operating systems, you still need to enable the mitigations after proper testing is performed. See Microsoft Knowledge Base Article 4072698 for more information. 14. I understand that Intel has released microcode updates. Where can I find and install these updates for my system? Microsoft is providing Intel microcode updates for Windows operating systems as they become available. Please see Microsoft Knowledge Base Article 4093836 for the current Intel microcode updates. 15. What are the mitigations for AMD processors for CVE 2017-5715, Branch Target Injection? The following table summarizes the attack scenarios that are protected against when the Windows Branch Target Injection mitigation is enabled and required hardware support is present on AMD CPUs: Scenario Mitigation Process-to-process scenarios where a malicious user-mode application could use CVE-2017-5715 to disclose the contents of memory used by other applications. Enabled by default User-to-kernel scenarios where a malicious user-mode application could use CVE-2017-5715 to disclose the contents of kernel memory. Disabled by default Virtualization scenarios where a compromised virtual machine could use CVE-2017-5715 to read the contents of privileged memory allocated to the host, hypervisor, or other guest virtual machine. Enabled by default By default, user-to-kernel protection for CVE-2017-5715 is disabled for AMD CPUs. Customers must enable the mitigation to receive additional protections for CVE-2017-5715. Enabling this mitigation may affect performance. The actual performance impact will depend on multiple factors, such as the specific chipset in your physical host and the workloads that are running. For details on how to enable this protection, see Microsoft Knowledge Base Article 4073119 for Windows Client operating systems. For AMD CPUs that support SMT, further protection against attacks from sibling hardware threads is provided by STIBP enablement or turning off SMT. For additional details and AMD recommended mitigations please see AMD Security Updates and AMD Architecture Guidelines around Indirect Branch Control 16. I understand that AMD has released microcode updates. Where can I find and install these updates for my system? AMD recently announced they have started to release microcode for newer CPU platforms around Spectre variant 2 (CVE 2017-5715 Branch Target Injection). For more information refer to the AMD Security Updates and AMD White Paper: Architecture Guidelines around Indirect Branch Control. Microsoft will inform customers of AMD microcode updates for Windows operating systems as they become available. Please check back to this FAQ for updates. 17. I heard that CVE-2018-3693 (Bounds Check Bypass Store) is related to Spectre. Will Microsoft release mitigations for it? Bounds Check Bypass Store (BCBS) was disclosed on July 10, 2018 and assigned CVE-2018-3693. We consider BCBS to belong to the same class of vulnerabilities as Bounds Check Bypass (Variant 1). We are not currently aware of any instances of BCBS in our software, but we are continuing to research this vulnerability class and will work with industry partners to release mitigations as required. We continue to encourage researchers to submit any relevant findings to Microsoft’s Speculative Execution Side Channel bounty program, including any exploitable instances of BCBS. Software developers should review the developer guidance that has been updated for BCBS at https://aka.ms/sescdevguide. 18. I have an AMD-based device and I am experiencing high CPU utilization after installing the June or July Windows security updates or after installing a BIOS update for my device. Is this expected? There have been reports of high CPU utilization resulting in performance degradation on some systems with Family 15h & 16h AMD processors after installing June 2018 or July 2018 Windows updates from Microsoft and updated AMD microcode that addresses Spectre Variant 2 (CVE-2017-5715 - Branch Target Injection). AMD and Microsoft have investigated this issue, and Microsoft has released a solution in the August 18, 2018 Windows security updates for the following operating systems: Windows 10 version 1607 Windows 10 version 1709 Windows 10 version 1803 Windows 7 Service Pack 1 Windows Server 2016 Windows Server, version 1709 (Server Core Installation) Windows Server, version 1803 (Server Core Installation) Windows Server 2008 R2 Service Pack 1 AMD and Microsoft have investigated this issue, and Microsoft has released a solution in the November 13, 2018 Windows security updates for the following operating systems: Windows 8.1 Windows Server 2008 Windows Server 2012 Windows Server 2012 R2 Remediation Guidance Customers who wish to remediate the performance impact caused by this issue may wish to consider temporarily disable Spectre Variant 2 mitigations via registry settings for Windows until a solution for this issue is released. When a solution is released for this issue, customers will need to re-enable the registry settings. Customers who disabled Spectre Variant 2 mitigations via registry settings for Windows will need to re-enable the registry settings. Note: We do not recommend that customers uninstall the June or July security updates for Windows because the June and July updates provide numerous other critical security fixes. Changing Registry Settings Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, see [Microsoft Knowledge Base article 322756[(https://support.microsoft.com/en-us/help/322756). Note Enabling or disabling the Spectre Variant 2 mitigation through registry setting changes requires administrative rights and a restart. To disable Spectre Variant 2 mitigations: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f Restart the computer for the changes to take effect. When the solution is available for your operating system, the registry keys will need to be re-enabled. To enable Spectre Variant 2 mitigations: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f Restart the computer for the changes to take effect. 19. Where can I find and install ARM64 firmware that mitigate CVE-2017-5715 - Branch target injection (Spectre, Variant 2)? Customers using 64-bit ARM processors should check with the device OEM for firmware support because ARM64 operating system protections that mitigate CVE-2017-5715 - Branch target injection (Spectre, Variant 2) require the latest firmware update from device OEMs to take effect. 20. What are the mitigations for ARM CPUs for CVE 2017-5715, Branch Target Injection? The following table summarizes the attack scenarios that are protected against when the Windows Branch Target Injection mitigation is enabled and required hardware support is present on ARM CPUs: Scenario Mitigation Process-to-process scenarios where a malicious user-mode application could use CVE-2017-5715 to disclose the contents of memory used by other applications. Enabled by default User-to-kernel scenarios where a malicious user-mode application could use CVE-2017-5715 to disclose the contents of kernel memory. Disabled by default Virtualization scenarios where a compromised virtual machine could use CVE-2017-5715 to read the contents of privileged memory allocated to the host, hypervisor, or other guest virtual machine. Enabled by default By default, user-to-kernel protection for CVE-2017-5715 is disabled for ARM CPUs. Customers must enable the mitigation to receive additional protections for CVE-2017-5715. Enabling this mitigation may affect performance. The actual performance impact will depend on multiple factors, such as the specific chipset in your physical host and the workloads that are running. For details on how to enable this protection, see Microsoft Knowledge Base Article 4073119 for Windows Client operating systems. Additional suggested actions Protect your PC We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates, and installing antivirus software. For more information, see Microsoft Safety & Security Center. Keep Microsoft software updated Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Solution(s)

  • msft-kb4056888-c0708f93-30a8-47ad-9892-f807c6f83014
  • msft-kb4057113-aabc5156-cae2-44bf-aa69-a904626118fa-x64-adv180002-cve-2017-5753
  • msft-kb4057113-aabc5156-cae2-44bf-aa69-a904626118fa-x86-adv180002-cve-2017-5753
  • msft-kb4057114-0aa653a1-1459-44cd-be0b-0fcb77e4ef85-x64-adv180002-cve-2017-5753
  • msft-kb4057114-0aa653a1-1459-44cd-be0b-0fcb77e4ef85-x86-adv180002-cve-2017-5753
  • msft-kb4057115-ffc4140f-5e49-4bf1-810c-0a5ee4de8952-x64-adv180002-cve-2017-5753
  • msft-kb4057115-ffc4140f-5e49-4bf1-810c-0a5ee4de8952-x86-adv180002-cve-2017-5753
  • msft-kb4057116-c50042e5-81bf-449e-9623-a15b4bb82a6b-x64-adv180002-cve-2017-5753
  • msft-kb4057116-c50042e5-81bf-449e-9623-a15b4bb82a6b-x86-adv180002-cve-2017-5753
  • msft-kb4057117-2b3b7670-ca19-4d85-8e63-ba3c020706f7-x64-adv180002-cve-2017-5753
  • msft-kb4057117-2b3b7670-ca19-4d85-8e63-ba3c020706f7-x86-adv180002-cve-2017-5753
  • msft-kb4057118-31aaf88a-a261-4c62-9d76-590998a4e1fb-x64-adv180002-cve-2017-5753
  • msft-kb4057120-40e14331-2f87-4618-b57c-c29895b3cd23-x64-adv180002-cve-2017-5753
  • msft-kb4057120-40e14331-2f87-4618-b57c-c29895b3cd23-x86-adv180002-cve-2017-5753
  • msft-kb4057121-70870a56-6634-4591-bd88-1f359c15573f-x64-adv180002-cve-2017-5753
  • msft-kb4057121-70870a56-6634-4591-bd88-1f359c15573f-x86-adv180002-cve-2017-5753
  • msft-kb4057122-ab85e1ed-57da-4f4c-a32d-2f009b8ed13a-x64-adv180002-cve-2017-5753
  • msft-kb4058559-2d53d730-21e6-49d9-9cf3-99233642e3a2-x64-adv180002-cve-2017-5753
  • msft-kb4058560-f62990a4-1dbf-4f29-babd-180695f39730-x64-adv180002-cve-2017-5753
  • msft-kb4058561-23eeaa61-3918-4fad-b602-1363cbcf3474-x64-adv180002-cve-2017-5753
  • msft-kb4058562-d103b35a-545c-4789-a435-9edd27704648-x64-adv180002-cve-2017-5753
  • msft-kb4074591-fa465771-aa6c-4594-9759-1bfb7eeab6b3
  • msft-kb4089187-13297a5b-e08e-452b-ad5e-0dd1554336e5
  • msft-kb4089187-33d88d8b-59f7-4b0a-a17c-cb19048fe543
  • msft-kb4089187-3983c774-8f83-4c5f-ac83-d9adef0e4689
  • msft-kb4089187-4280269c-cbc0-49df-ad87-7afefe312b0c
  • msft-kb4089187-59bedce4-62a3-4efb-abe1-6da5b2b66231
  • msft-kb4089187-5f5d114c-aff6-48ed-b895-b84bbf4232a0
  • msft-kb4089187-5fe1b7c5-8bd5-41d1-82df-3d678a3becee
  • msft-kb4089187-689f6db0-db61-4489-8b23-26cd86faf5f5
  • msft-kb4089187-819dd834-ee9f-41a2-91c2-cacdb300b795
  • msft-kb4089187-8f61da4b-31a0-4145-b0f5-6802ce44f96a
  • msft-kb4089187-a94c4afc-e4c6-4ed2-ba67-52dc1a5ea64d
  • msft-kb4089187-d26eb37f-c1b7-433d-91ee-afe62721a33d
  • msft-kb4089187-f131e5c8-396c-4fe8-b896-fbdf4d36735b
  • msft-kb4089187-fd82da1e-c832-4539-be1f-7ee3c383f244
  • msft-kb4093112-7a639cb5-17a8-47d3-8879-3a2827b51b56
  • msft-kb4093112-7dd55f48-a1f3-4945-80c1-5ce237a6a28d
  • msft-kb4093112-936c76bd-d063-4f5c-82d9-7fb5dcbf720d
  • msft-kb4103723-54f93c06-1d96-40f5-bdc8-f9924dbcd522
  • msft-kb4103723-99a0b90d-2519-4700-be0c-e6c7b5bd04ec
  • msft-kb4103723-a74a9c4e-0823-4afc-8b58-cf1785a2e2b4
  • msft-kb4284860-1a3a39c1-fdd4-4e6f-b16b-9593c41df042
  • msft-kb4284860-1b92ed90-ad9d-40f4-8c2c-decd1abd27ea
  • msft-kb4284867-44e75293-87aa-4492-bc0c-1c7a8cabd0f1
  • msft-kb4284867-886f5701-c858-4b84-9222-1de1455020c6
  • msft-kb4284867-a31ec407-3bf3-4abb-9d95-a20580c3ada2
  • msft-kb4284867-ba4e3571-fa24-464e-85dc-3a90994d972d
  • msft-kb4284867-c34dd24f-8ba7-48de-891a-72e59d5b49c2
  • msft-kb4284867-e3aeb85f-2c58-4883-97ca-e342d7ab1c0c
  • msft-kb4284874-2fa57ef7-3e13-4d7c-bada-7bf6aaed68da
  • msft-kb4284874-98cccae8-c311-4721-9a26-28ed48572cfc
  • msft-kb4338820-42ded291-a440-4b4d-9efd-877384896802
  • msft-kb4338820-756f2788-66ec-4732-ab6d-10a889a37d64
  • msft-kb4338820-e053fade-ae8f-4e1b-a113-c319625bc13c
  • msft-kb4338824-007ce1f3-3a12-40ef-8389-322068b780a7
  • msft-kb4338824-4f051f3f-abd6-4d6d-8fbe-c78051dfe500
  • msft-kb4338824-5d49efb1-0497-4625-9504-474fceca16d8
  • msft-kb4340583-2398d31f-4713-44ad-a1e7-8d4a7418e402
  • msft-kb4340583-b35c825a-5b5e-4167-ac18-e451fcd493ee
  • msft-kb4340583-bdde9703-df49-4f45-bd68-cf6b09f855fa

References

  • msft-kb4056888-c0708f93-30a8-47ad-9892-f807c6f83014
  • msft-kb4057113-aabc5156-cae2-44bf-aa69-a904626118fa-x64-adv180002-cve-2017-5753
  • msft-kb4057113-aabc5156-cae2-44bf-aa69-a904626118fa-x86-adv180002-cve-2017-5753
  • msft-kb4057114-0aa653a1-1459-44cd-be0b-0fcb77e4ef85-x64-adv180002-cve-2017-5753
  • msft-kb4057114-0aa653a1-1459-44cd-be0b-0fcb77e4ef85-x86-adv180002-cve-2017-5753
  • msft-kb4057115-ffc4140f-5e49-4bf1-810c-0a5ee4de8952-x64-adv180002-cve-2017-5753
  • msft-kb4057115-ffc4140f-5e49-4bf1-810c-0a5ee4de8952-x86-adv180002-cve-2017-5753
  • msft-kb4057116-c50042e5-81bf-449e-9623-a15b4bb82a6b-x64-adv180002-cve-2017-5753
  • msft-kb4057116-c50042e5-81bf-449e-9623-a15b4bb82a6b-x86-adv180002-cve-2017-5753
  • msft-kb4057117-2b3b7670-ca19-4d85-8e63-ba3c020706f7-x64-adv180002-cve-2017-5753
  • msft-kb4057117-2b3b7670-ca19-4d85-8e63-ba3c020706f7-x86-adv180002-cve-2017-5753
  • msft-kb4057118-31aaf88a-a261-4c62-9d76-590998a4e1fb-x64-adv180002-cve-2017-5753
  • msft-kb4057120-40e14331-2f87-4618-b57c-c29895b3cd23-x64-adv180002-cve-2017-5753
  • msft-kb4057120-40e14331-2f87-4618-b57c-c29895b3cd23-x86-adv180002-cve-2017-5753
  • msft-kb4057121-70870a56-6634-4591-bd88-1f359c15573f-x64-adv180002-cve-2017-5753
  • msft-kb4057121-70870a56-6634-4591-bd88-1f359c15573f-x86-adv180002-cve-2017-5753
  • msft-kb4057122-ab85e1ed-57da-4f4c-a32d-2f009b8ed13a-x64-adv180002-cve-2017-5753
  • msft-kb4058559-2d53d730-21e6-49d9-9cf3-99233642e3a2-x64-adv180002-cve-2017-5753
  • msft-kb4058560-f62990a4-1dbf-4f29-babd-180695f39730-x64-adv180002-cve-2017-5753
  • msft-kb4058561-23eeaa61-3918-4fad-b602-1363cbcf3474-x64-adv180002-cve-2017-5753
  • msft-kb4058562-d103b35a-545c-4789-a435-9edd27704648-x64-adv180002-cve-2017-5753
  • msft-kb4074591-fa465771-aa6c-4594-9759-1bfb7eeab6b3
  • msft-kb4089187-13297a5b-e08e-452b-ad5e-0dd1554336e5
  • msft-kb4089187-33d88d8b-59f7-4b0a-a17c-cb19048fe543
  • msft-kb4089187-3983c774-8f83-4c5f-ac83-d9adef0e4689
  • msft-kb4089187-4280269c-cbc0-49df-ad87-7afefe312b0c
  • msft-kb4089187-59bedce4-62a3-4efb-abe1-6da5b2b66231
  • msft-kb4089187-5f5d114c-aff6-48ed-b895-b84bbf4232a0
  • msft-kb4089187-5fe1b7c5-8bd5-41d1-82df-3d678a3becee
  • msft-kb4089187-689f6db0-db61-4489-8b23-26cd86faf5f5
  • msft-kb4089187-819dd834-ee9f-41a2-91c2-cacdb300b795
  • msft-kb4089187-8f61da4b-31a0-4145-b0f5-6802ce44f96a
  • msft-kb4089187-a94c4afc-e4c6-4ed2-ba67-52dc1a5ea64d
  • msft-kb4089187-d26eb37f-c1b7-433d-91ee-afe62721a33d
  • msft-kb4089187-f131e5c8-396c-4fe8-b896-fbdf4d36735b
  • msft-kb4089187-fd82da1e-c832-4539-be1f-7ee3c383f244
  • msft-kb4093112-7a639cb5-17a8-47d3-8879-3a2827b51b56
  • msft-kb4093112-7dd55f48-a1f3-4945-80c1-5ce237a6a28d
  • msft-kb4093112-936c76bd-d063-4f5c-82d9-7fb5dcbf720d
  • msft-kb4103723-54f93c06-1d96-40f5-bdc8-f9924dbcd522
  • msft-kb4103723-99a0b90d-2519-4700-be0c-e6c7b5bd04ec
  • msft-kb4103723-a74a9c4e-0823-4afc-8b58-cf1785a2e2b4
  • msft-kb4284860-1a3a39c1-fdd4-4e6f-b16b-9593c41df042
  • msft-kb4284860-1b92ed90-ad9d-40f4-8c2c-decd1abd27ea
  • msft-kb4284867-44e75293-87aa-4492-bc0c-1c7a8cabd0f1
  • msft-kb4284867-886f5701-c858-4b84-9222-1de1455020c6
  • msft-kb4284867-a31ec407-3bf3-4abb-9d95-a20580c3ada2
  • msft-kb4284867-ba4e3571-fa24-464e-85dc-3a90994d972d
  • msft-kb4284867-c34dd24f-8ba7-48de-891a-72e59d5b49c2
  • msft-kb4284867-e3aeb85f-2c58-4883-97ca-e342d7ab1c0c
  • msft-kb4284874-2fa57ef7-3e13-4d7c-bada-7bf6aaed68da
  • msft-kb4284874-98cccae8-c311-4721-9a26-28ed48572cfc
  • msft-kb4338820-42ded291-a440-4b4d-9efd-877384896802
  • msft-kb4338820-756f2788-66ec-4732-ab6d-10a889a37d64
  • msft-kb4338820-e053fade-ae8f-4e1b-a113-c319625bc13c
  • msft-kb4338824-007ce1f3-3a12-40ef-8389-322068b780a7
  • msft-kb4338824-4f051f3f-abd6-4d6d-8fbe-c78051dfe500
  • msft-kb4338824-5d49efb1-0497-4625-9504-474fceca16d8
  • msft-kb4340583-2398d31f-4713-44ad-a1e7-8d4a7418e402
  • msft-kb4340583-b35c825a-5b5e-4167-ac18-e451fcd493ee
  • msft-kb4340583-bdde9703-df49-4f45-bd68-cf6b09f855fa

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;