CVE-2017-0043

Description

Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka Microsoft Active Directory Federation Services Information Disclosure Vulnerability.

Risk Information

Base Score

4.8

MODERATE

Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

Exploitation Probability

5.993

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Browser Spoofing Vulnerability for Windows Server 2016 for x64-based Systems (KB4013429) - Cumulative	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4013429) - Cumulative	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1607 (KB4013429) - Cumulative	Windows
Internet Explorer Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems -WannaCrypt Ransomware Worm (KB4012215)	Windows
Internet Explorer Information Disclosure Vulnerability for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012215)	Windows
Internet Explorer Information Disclosure Vulnerability for Windows 7 - WannaCrypt Ransomware Worm(KB4012215)	Windows
Internet Explorer Information Disclosure Vulnerability for Windows Server 2012 R2- WannaCrypt Ransomware Worm(KB4012216)	Windows
Internet Explorer Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012216)	Windows
Internet Explorer Information Disclosure Vulnerability for Windows 8.1 - WannaCrypt Ransomware Worm(KB4012216)	Windows
Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012217)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 7 - WannaCrypt Ransomware Worm(KB4012212)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012213)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 8.1 - WannaCrypt Ransomware Worm(KB4012213)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Server 2012 R2 - WannaCrypt Ransomware Worm (KB4012213)	Windows
Microsoft Active Directory Federation Services Information Disclosure for Windows Server 2008 for x64-based Systems (KB3217882)	Windows
Microsoft Active Directory Federation Services Information Disclosure for Windows Server 2008 (KB3217882)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012214)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Embedded 8 Standard for x64-based Systems (KB4012214)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Embedded 8 Standard (KB4012214)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-22054	Cumulative Update for Windows Server 2016 for x64-based Systems (KB4013429)
PATCH-22053	Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4013429)
PATCH-22052	Cumulative Update for Windows 10 Version 1607 (KB4013429)
PATCH-22046	March, 2017 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems -WannaCrypt Ransomware Worm (KB4012215)
PATCH-22045	March, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012215)
PATCH-22044	March, 2017 Security Monthly Quality Rollup for Windows 7 - WannaCrypt Ransomware Worm(KB4012215)
PATCH-22149	March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2- WannaCrypt Ransomware Worm(KB4012216)
PATCH-22148	March, 2017 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012216)
PATCH-22047	March, 2017 Security Monthly Quality Rollup for Windows 8.1 - WannaCrypt Ransomware Worm(KB4012216)
PATCH-22150	March, 2017 Security Monthly Quality Rollup for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012217)
PATCH-22063	March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22062	March, 2017 Security Only Quality Update for Windows 7 - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22064	March, 2017 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22066	March, 2017 Security Only Quality Update for Windows 8.1 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012213)
PATCH-22065	March, 2017 Security Only Quality Update for Windows 8.1 - WannaCrypt Ransomware Worm(KB4012213)
PATCH-22067	March, 2017 Security Only Quality Update for Windows Server 2012 R2 - WannaCrypt Ransomware Worm (KB4012213)
PATCH-22110	Security Update for Windows Server 2008 for x64-based Systems (KB3217882)
PATCH-22109	Security Update for Windows Server 2008 (KB3217882)
PATCH-22070	March, 2017 Security Only Quality Update for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012214)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234