none
Does CVE-2017-13080 also include patches for the REST of the identified vulnerabilities? RRS feed

  • Question

  • I see that Microsoft has released CVE-2017-13080 to patch against the Group Key Re-installation Vulnerability but what about the other 9 issues that were identified?:

    CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
    CVE-2017-13078: reinstallation of the group key in the Four-way handshake
    CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
    CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
    CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
    CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
    CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
    CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
    CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

    I was unable to locate anything which has confirmed that ALL of these issues have been addressed in the released patch. Can someone point me to the documentation which can confirm or deny this so that I can be assured that our systems are in fact covered?

    Thanks!

    Tuesday, October 17, 2017 4:25 PM

All replies