Windows Server 2016 vuln found in Security scans

FYI – came across this today with a customer where Security scans SCOM servers.

 

Please note this is NOT a SCOM issue or vulnerability, and SCOM uses TLS1.2 just fine.

 

Found CVE-2017-8529 vulnerability on a SCOM server, so though this a good idea to communicate to the larger audience, in case Security finds vulnerabilities, based on customer 2016 server hardening.

CVE-2017-8529 details:

The remote Windows host is missing security update KB4022715 or a Registry key to prevent the host against CVE-2017-8529. It is, therefore, affected by an information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user’s computer.

The easiest way I found to update the server was via these two registry keys (32 bit and 64bit keys below)

# KB4022715
# Add registry key
reg add “HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX” /v “iexplore.exe” /t REG_DWORD /d 0 /f
reg add “HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX” /v “iexplore.exe” /t REG_DWORD /d 0 /f

References

https://community.tenable.com/s/article/CVE-2017-8529-Plugins-returning-in-scan-results-Not-a-false-positive

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529

Leave a comment

Your email address will not be published. Required fields are marked *