Published threat advisories for March 17, 2017

A vulnerability in Cisco IOS and IOS XE Software's Cluster Management Protocol could allow an unauthenticated, remote attacker to execute code with elevated privileges or cause a device reload. This impacts various Cisco Catalyst and industrial Ethernet switches. The business risk involves potential device compromise,

NVD published: March 17, 2017 • CISA KEV

Microsoft Internet Explorer contains a memory corruption vulnerability that permits remote attackers to execute arbitrary code or cause a denial of service via a crafted website. The realistic business risk involves unauthorized code execution and system instability impacting affected organizations and their data.

NVD published: March 17, 2017 • CISA KEV

Affected Microsoft systems using SMBv1 can allow attackers to execute arbitrary code via crafted packets. This poses a business risk by enabling unauthorized access, data compromise, and service disruption. Prompt remediation is advised.

NVD published: March 17, 2017 • CISA KEV

A vulnerability in the Windows SMBv1 server allows remote attackers to obtain sensitive information from system memory, posing a risk of confidential data disclosure. Organizations should identify affected systems and apply necessary updates to mitigate potential business risk.

NVD published: March 17, 2017 • CISA KEV

A vulnerability in Microsoft's Server Message Block version 1 (SMBv1) allows remote attackers to execute arbitrary code. This could lead to unauthorized control of affected systems, posing a risk to organizational data and operations. Organizations should identify and mitigate exposure to SMBv1.

NVD published: March 17, 2017 • CISA KEV

A vulnerability in the Microsoft SMBv1 server allows remote attackers to execute arbitrary code. This could compromise affected systems and data, posing a significant business risk. Organizations should address this to protect operations.

NVD published: March 17, 2017 • CISA KEV

Attackers can execute arbitrary code on affected Microsoft systems via crafted packets. This can lead to unauthorized system access and potential data breaches, posing a significant business risk.

NVD published: March 17, 2017 • CISA KEV

A vulnerability in Microsoft's Server Message Block protocol allows remote attackers to execute arbitrary code. This could lead to unauthorized access and control over affected systems, posing a significant business risk. Organizations should prioritize addressing this vulnerability to mitigate potential data loss and

NVD published: March 17, 2017 • CISA KEV

A vulnerability in Windows Transaction Manager allows local users to gain elevated privileges via a crafted application. This impacts affected Windows systems, potentially leading to unauthorized access and control, affecting data integrity and system availability. The realistic business risk involves unauthorized syst

NVD published: March 17, 2017 • CISA KEV

Microsoft Internet Explorer versions 9 through 11 have a vulnerability allowing remote attackers to access sensitive information from process memory via a crafted website. This exposes organizations to business risk if confidential data is disclosed. This vulnerability is listed on the CISA Known Exploited Vulnerabilit

NVD published: March 17, 2017 • CISA KEV

A vulnerability in Microsoft XML Core Services could allow attackers to discover files on a system. This matters because it could enable attackers to test for files on disk via a crafted website, posing a risk of information disclosure. Organizations should apply vendor updates to mitigate this risk.

NVD published: March 17, 2017 • CISA KEV

Local users can gain elevated privileges on affected Windows systems by running a malicious application. This can lead to unauthorized access and control over the system, impacting data and operations. The risk is to systems with potential for unauthorized local access.

NVD published: March 17, 2017 • CISA KEV

A vulnerability in Microsoft Windows' Graphics Device Interface allows local users to gain elevated privileges through a crafted application. This could impact systems and data by enabling unauthorized control. Affected organizations should apply vendor security updates to mitigate this risk.

NVD published: March 17, 2017 • CISA KEV