CVE-2017-2290 Microsoft CVE debrief

Who should care

Windows administrators and operators using mcollective-puppet-agent 1.12.0, especially environments that run "mco puppet" with elevated privileges. Teams responsible for Puppet-managed Windows endpoints should verify they are not on the vulnerable plugin version.

Technical summary

The NVD record classifies this as CWE-732 and gives it CVSS 3.1 8.8 HIGH (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerable condition is limited to mcollective-puppet-agent 1.12.0 on Windows: a non-admin user can create an executable that is executed with administrator privileges on the next "mco puppet" run. The vendor advisory says the issue is resolved in 1.12.1 and that Puppet Enterprise users are not affected.

Defensive priority

High. This is an administrator-privilege execution issue on a specific Windows plugin version and should be patched promptly wherever the vulnerable component is present.

Recommended defensive actions

• Upgrade mcollective-puppet-agent to version 1.12.1 or later.
• Inventory Windows systems for mcollective-puppet-agent 1.12.0 and prioritize those hosts for remediation.
• Confirm whether any deployments are Puppet Enterprise; the vendor states those users are not affected by this CVE.
• Use the official vendor advisory and NVD entry to validate the affected scope before closure.

Evidence notes

The CVE description, NVD record, and Puppet advisory all align on the affected component and scope: Windows installations of mcollective-puppet-agent 1.12.0, non-administrator-created executable execution with administrator privileges on the next "mco puppet" run, and remediation in 1.12.1. NVD lists the vulnerable CPE for puppet:mcollective-puppet-agent:1.12.0 and CWE-732, and cites the Puppet vendor advisory plus a SecurityFocus BID entry.

Official resources