Intrusion Prevention

MS.Windows.Arbitrary.Pointer.Dereference.Memory.Corruption

Description

This indicates an attack attempt to exploit an Memory Corruption vulnerability in the Microsoft Windows RPC Interface component.
The vulnerability is due to an error when the vulnerable software attempts to handle maliciously crafted RPC request. A remote attacker can exploit this to execute arbitrary code within the context of the application.

Affected Products

Windows 7
Windows 8.1
Windows 10
Windows 10 Version 1511
Windows 10 Version 1607
Windows 10 Version 1703
Windows 10 version 1709
Windows Server 2008 R2
Windows Server 2008 Service Pack 2
Windows Server 2008 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885

CVE References

CVE-2017-11885

Other References

2017-11885