CISecurity · wmunyan · Apr 4, 2017 · Apr 4, 2017
diff --git a/repository/definitions/vulnerability/oval_com.dtcc_def_630.xml b/repository/definitions/vulnerability/oval_com.dtcc_def_630.xml
@@ -0,0 +1,27 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.dtcc:def:630" version="0">
+  <oval-def:metadata>
+    <oval-def:title>Win32k Elevation of Privilege Vulnerability – CVE-2017-0024 (MS17-018)</oval-def:title>
+    <oval-def:affected family="windows">
+      <oval-def:platform>Microsoft Windows 10</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2016</oval-def:platform>
+    </oval-def:affected>
+    <oval-def:reference ref_id="CVE-2017-0024" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0024" source="CVE" />
+    <oval-def:description>The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-29T09:06:03+00:00">
+          <oval-def:contributor organization="DTCC">Alexander Chua</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria comment="Microsoft Windows 10 Version 1607/Windows Server 2016 is installed + file version" operator="AND">
+    <oval-def:criteria comment="Microsoft Windows 10 Version 1607/Windows Server 2016 is installed" operator="OR">
+      <oval-def:extend_definition comment="Microsoft Windows 10 Version 1607 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:1377" />
+      <oval-def:extend_definition comment="Microsoft Windows 10 Version 1607 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:1379" />
+      <oval-def:extend_definition comment="Microsoft Windows Server 2016 is installed" definition_ref="oval:org.cisecurity:def:1269" />
+    </oval-def:criteria>
+    <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.14393.594" test_ref="oval:com.dtcc:tst:933" />
+  </oval-def:criteria>
+</oval-def:definition>
diff --git a/repository/definitions/vulnerability/oval_com.dtcc_def_631.xml b/repository/definitions/vulnerability/oval_com.dtcc_def_631.xml
@@ -0,0 +1,43 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.dtcc:def:631" version="0">
+  <oval-def:metadata>
+    <oval-def:title>Win32k Elevation of Privilege Vulnerability – CVE-2017-0026 (MS17-018)</oval-def:title>
+    <oval-def:affected family="windows">
+      <oval-def:platform>Microsoft Windows 10</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2016</oval-def:platform>
+    </oval-def:affected>
+    <oval-def:reference ref_id="CVE-2017-0026" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0026" source="CVE" />
+    <oval-def:description>The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-29T09:06:03+00:00">
+          <oval-def:contributor organization="DTCC">Alexander Chua</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria comment="Check for installation vulnerable Windows OS + vulnerable file version" operator="OR">
+    <oval-def:criteria comment="Microsoft Windows 10 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:380" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:377" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.10240.16384" test_ref="oval:com.dtcc:tst:931" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 10 Version 1511 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 Version 1511 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1511 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:379" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1511 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:378" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.10586.20" test_ref="oval:com.dtcc:tst:932" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 10 Version 1607/Windows Server 2016 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 Version 1607/Windows Server 2016 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1607 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:1377" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1607 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:1379" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2016 is installed" definition_ref="oval:org.cisecurity:def:1269" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.14393.594" test_ref="oval:com.dtcc:tst:933" />
+    </oval-def:criteria>
+  </oval-def:criteria>
+</oval-def:definition>
diff --git a/repository/definitions/vulnerability/oval_com.dtcc_def_632.xml b/repository/definitions/vulnerability/oval_com.dtcc_def_632.xml
@@ -0,0 +1,87 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.dtcc:def:632" version="0">
+  <oval-def:metadata>
+    <oval-def:title>Win32k Elevation of Privilege Vulnerability – CVE-2017-0056 (MS17-018)</oval-def:title>
+    <oval-def:affected family="windows">
+      <oval-def:platform>Microsoft Windows Vista</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2008</oval-def:platform>
+      <oval-def:platform>Microsoft Windows 7</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2008 R2</oval-def:platform>
+      <oval-def:platform>Microsoft Windows 8.1</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2012</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2012 R2</oval-def:platform>
+      <oval-def:platform>Microsoft Windows 10</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2016</oval-def:platform>
+    </oval-def:affected>
+    <oval-def:reference ref_id="CVE-2017-0056" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0056" source="CVE" />
+    <oval-def:description>The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-29T09:06:03+00:00">
+          <oval-def:contributor organization="DTCC">Alexander Chua</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria comment="Check for installation vulnerable Windows OS + vulnerable file version" operator="OR">
+    <oval-def:criteria comment="Microsoft Windows Vista/Server 2008 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows Vista/Server 2008 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows Vista (32-bit) is installed" definition_ref="oval:org.mitre.oval:def:1282" />
+        <oval-def:extend_definition comment="Microsoft Windows Vista x64 Edition is installed" definition_ref="oval:org.mitre.oval:def:2041" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2008 (32-bit) is installed" definition_ref="oval:org.mitre.oval:def:4870" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2008 (64-bit) is installed" definition_ref="oval:org.mitre.oval:def:5356" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2008 (ia-64) is installed" definition_ref="oval:org.mitre.oval:def:5667" />
+      </oval-def:criteria>
+      <oval-def:criteria comment="Check for file version" operator="OR">
+        <oval-def:criterion comment="Check if Win32k.sys version is less than 6.0.6002.19741" test_ref="oval:com.dtcc:tst:921" />
+        <oval-def:criteria comment="Check for Limited Distribution Release (LDR) file version" operator="AND">
+          <oval-def:criterion comment="Check if Win32k.sys version is greater than or equal to 6.0.6002.24000" test_ref="oval:org.cisecurity:tst:2005" />
+          <oval-def:criterion comment="Check if Win32k.sys version is less than 6.0.6002.24065" test_ref="oval:com.dtcc:tst:922" />
+        </oval-def:criteria>
+      </oval-def:criteria>
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 7/Server 2008 R2 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 7/Server 2008 R2 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 7 (32-bit) is installed" definition_ref="oval:org.mitre.oval:def:6165" />
+        <oval-def:extend_definition comment="Microsoft Windows 7 x64 Edition is installed" definition_ref="oval:org.mitre.oval:def:5950" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2008 R2 x64 Edition is installed" definition_ref="oval:org.mitre.oval:def:6438" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed" definition_ref="oval:org.mitre.oval:def:5954" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 6.1.7601.23677" test_ref="oval:com.dtcc:tst:923" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 8.1/Server 2012 R2 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 8.1/Server 2012 R2 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 8.1 (x86) is installed" definition_ref="oval:org.mitre.oval:def:20924" />
+        <oval-def:extend_definition comment="Microsoft Windows 8.1 (x64) is installed" definition_ref="oval:org.mitre.oval:def:20956" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2012 R2 is installed" definition_ref="oval:org.mitre.oval:def:18858" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 6.3.9600.18603" test_ref="oval:com.dtcc:tst:929" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows Server 2012 is installed + file version" operator="AND">
+      <oval-def:extend_definition comment="Microsoft Windows Server 2012 (64-bit) is installed" definition_ref="oval:org.mitre.oval:def:15585" />
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 6.2.9200.22097" test_ref="oval:com.dtcc:tst:930" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 10 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:380" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:377" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.10240.16384" test_ref="oval:com.dtcc:tst:931" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 10 Version 1511 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 Version 1511 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1511 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:379" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1511 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:378" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.10586.20" test_ref="oval:com.dtcc:tst:932" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 10 Version 1607/Windows Server 2016 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 Version 1607/Windows Server 2016 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1607 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:1377" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1607 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:1379" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2016 is installed" definition_ref="oval:org.cisecurity:def:1269" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.14393.594" test_ref="oval:com.dtcc:tst:933" />
+    </oval-def:criteria>
+  </oval-def:criteria>
+</oval-def:definition>
diff --git a/repository/definitions/vulnerability/oval_com.dtcc_def_633.xml b/repository/definitions/vulnerability/oval_com.dtcc_def_633.xml
@@ -0,0 +1,56 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:com.dtcc:def:633" version="0">
+  <oval-def:metadata>
+    <oval-def:title>Win32k Elevation of Privilege Vulnerability – CVE-2017-0078 (MS17-018)</oval-def:title>
+    <oval-def:affected family="windows">
+      <oval-def:platform>Microsoft Windows 8.1</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2012</oval-def:platform>
+      <oval-def:platform>Microsoft Windows Server 2012 R2</oval-def:platform>
+      <oval-def:platform>Microsoft Windows 10</oval-def:platform>
+    </oval-def:affected>
+    <oval-def:reference ref_id="CVE-2017-0078" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0078" source="CVE" />
+    <oval-def:description>The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-29T09:06:03+00:00">
+          <oval-def:contributor organization="DTCC">Alexander Chua</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria comment="Check for installation vulnerable Windows OS + vulnerable file version" operator="OR">
+    <oval-def:criteria comment="Microsoft Windows 8.1/Server 2012 R2 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 8.1/Server 2012 R2 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 8.1 (x86) is installed" definition_ref="oval:org.mitre.oval:def:20924" />
+        <oval-def:extend_definition comment="Microsoft Windows 8.1 (x64) is installed" definition_ref="oval:org.mitre.oval:def:20956" />
+        <oval-def:extend_definition comment="Microsoft Windows Server 2012 R2 is installed" definition_ref="oval:org.mitre.oval:def:18858" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 6.3.9600.18603" test_ref="oval:com.dtcc:tst:929" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows Server 2012 is installed + file version" operator="AND">
+      <oval-def:extend_definition comment="Microsoft Windows Server 2012 (64-bit) is installed" definition_ref="oval:org.mitre.oval:def:15585" />
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 6.2.9200.22097" test_ref="oval:com.dtcc:tst:930" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 10 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:380" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:377" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.10240.16384" test_ref="oval:com.dtcc:tst:931" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 10 Version 1511 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 Version 1511 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1511 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:379" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1511 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:378" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.10586.20" test_ref="oval:com.dtcc:tst:932" />
+    </oval-def:criteria>
+    <oval-def:criteria comment="Microsoft Windows 10 Version 1607/Windows Server 2016 is installed + file version" operator="AND">
+      <oval-def:criteria comment="Microsoft Windows 10 Version 1607/Windows Server 2016 is installed" operator="OR">
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1607 (32-bit) is installed" definition_ref="oval:org.cisecurity:def:1377" />
+        <oval-def:extend_definition comment="Microsoft Windows 10 Version 1607 (64-bit) is installed" definition_ref="oval:org.cisecurity:def:1379" />
+      </oval-def:criteria>
+      <oval-def:criterion comment="Check if Win32k.sys version is less than 10.0.14393.594" test_ref="oval:com.dtcc:tst:933" />
+    </oval-def:criteria>
+  </oval-def:criteria>
+</oval-def:definition>