Intrusion PreventionMS.Windows.Arbitrary.Pointer.Dereference.Memory.Corruption
Description
This indicates an attack attempt to exploit an Memory Corruption vulnerability in the Microsoft Windows RPC Interface component.
The vulnerability is due to an error when the vulnerable software attempts to handle maliciously crafted RPC request. A remote attacker can exploit this to execute arbitrary code within the context of the application.
Affected Products
Windows 7
Windows 8.1
Windows 10
Windows 10 Version 1511
Windows 10 Version 1607
Windows 10 Version 1703
Windows 10 version 1709
Windows Server 2008 R2
Windows Server 2008 Service Pack 2
Windows Server 2008 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-06-06 | 14.627 | Severity:critical:medium |
References
2017-11885| ID | 45124 |
| Created | Dec 12, 2017 |
| Updated | Jun 05, 2019 |
| Risk |
|
| CVE ID | CVE-2017-11885 |
| Exploit Prediction Score | 38.66% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |