Security Advisory - Multiple Vulnerabilities Released on Microsoft Security Advisory 4025685
- SA No:huawei-sa-20170616-01-windows
- Initial Release Date: 2017.06.16
- Last Release Date: 2021.01.06
Microsoft had released a Security Advisory 4025685 on June 14 to fix multiple critical security vulnerabilities in such systems as Microsoft Windows XP, Windows Server 2003, Windows VISTA, and Windows 8. Attackers can exploit these vulnerabilities to implement remote code execution or privilege elevation. (Vulnerability ID: HWPSIRT-2017-06114,HWPSIRT-2017-06115,HWPSIRT-2017-06131,HWPSIRT-2017-06133,HWPSIRT-2017-06153 and HWPSIRT-2017-06154)
The six vulnerabilities have been assigned six Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-0176, CVE-2017-8461, CVE-2017-8464, CVE-2017-8487, CVE-2017-8543 and CVE-2017-8552.
Huawei has released solutions to fix all these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170616-01-windows-en
For the following products, follow the Microsoft Security Advisory 4025685 to install the patch.
The Microsoft Security Advisory 4025685 is available at: https://technet.microsoft.com/en-us/library/security/4025685.aspx
|
Product Name |
Affected Version |
Resolved Product and Version |
|
AnyOffice |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
N2000 Appliance |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
OceanStor 18500 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
OceanStor 18500 V3 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
OceanStor 18500F V3 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
OceanStor 18800 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
OceanStor 18800 V3 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
OceanStor 18800F V3 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
OceanStor Backup Software |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
SMC2.0 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
Secospace AntiDDoS8000 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
UC Audio Recorder |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
UMA |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
eDC610 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
eLog |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
eOMC910 |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
|
eSpace ECS |
Running Microsoft Windows OS |
Follow the Microsoft Security Advisory 4025685 to install Microsoft patch |
The severity of the vulnerability in this advisory has been assessed by the Common Vulnerability Scoring System Version 3.0 (CVSS v3 Specification Document).
HWPSIRT-2017-06114, HWPSIRT-2017-06153:
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 7.5 (E:F/RL:W/RC:C)
HWPSIRT-2017-06115:
Base Score: 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Temporal Score: 7.0 (E:F/RL:W/RC:C)
HWPSIRT-2017-06131, HWPSIRT-2017-06133:
Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 9.1 (E:F/RL:W/RC:C)
HWPSIRT-2017-06154:
An attacker can access the vulnerable devices by network.
Vulnerability details:
There are multiple critical security vulnerabilities in such systems as Microsoft Windows XP, Windows Server 2003, Windows VISTA, and Windows 8. Attackers can exploit these vulnerabilities to implement remote code execution or privilege elevation.
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
2021-01-06 V1.3 UPDATED Updated the "Software Versions and Fixes" section;
2020-07-01 V1.2 UPDATED Updated the "Software Versions and Fixes" section;
2017-09-09 V1.1 UPDATED Updated the "Software Versions and Fixes" section;
2017-06-16 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.