ID CVE-2018-0846 Type cve Reporter secure@microsoft.com Modified 2019-10-03T00:03:00
Description
The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0844.
{"mskb": [{"lastseen": "2021-12-31T14:59:58", "description": "None\n## Summary\n\nAn elevation of privilege vulnerability exist when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE) pages:\n\n * [CVE-2018-0844](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0844>)\n * [CVE-2018-0846](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0846>)\n\n## More Information\n\nImportant \n\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## How to obtain and install the update \n\n### Method 1: Windows Update\n\nThis update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see [Windows Update: FAQ](<https://www.microsoft.com/en-us/safety/pc-security/updates.aspx>). \n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=4073079>) website. \n\n\n## Deployment information\n\nFor deployment details for this security update, go to the following article in the Microsoft Knowledge Base: \n[Security update deployment information: February 13, 2018](<http://support.microsoft.com/en-us/help/20180213>)\n\n## More Information\n\n \n**File information** \n \nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. \n \n**Windows Server 2008 file information**\n\n**Note: **The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n## How to obtain help and support for this security update\n\nHelp for installing updates: [Windows Update: FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>) \n\n\n## File Information\n\n## File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows6.0-KB4073079-x64.msu| C4E35830D1CC37D2BC911096F2492489F119A3E6| A5AC5B95B05BF0418303307BE3ED91ABA6D5C61FD1720E38E695036E433E53D0 \nWindows6.0-KB4073079-ia64.msu| 169A1C560096858055EE3983AB907F4CBFEA2DE6| 834855706CBA3982C6C16499C4AC6599CA74BE7575D1844F3790F6B4494831FD \nWindows6.0-KB4073079-x86.msu| 011E55568DC7D102E05B72EEABD4A3D1B8453803| 87A6CD26190191EBE583B632C7D56628880687992AF296631F04D527B4E009AB \n \n## For all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nClfs.mof| Not applicable| 3,472| 16-Nov-2017| 03:47| Not applicable \nClfs.sys| 6.0.6002.24282| 365,288| 12-Jan-2018| 15:41| x64 \nClfsuninstall.mof| Not applicable| 123| 16-Nov-2017| 03:47| Not applicable \n \n## For all supported ia64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nClfs.mof| Not applicable| 3,472| 16-Nov-2017| 03:19| Not applicable \nClfs.sys| 6.0.6002.24282| 841,448| 12-Jan-2018| 15:28| IA-64 \nClfsuninstall.mof| Not applicable| 123| 16-Nov-2017| 03:19| Not applicable \n \n## For all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nClfs.mof| Not applicable| 3,472| 16-Nov-2017| 04:49| Not applicable \nClfs.sys| 6.0.6002.24282| 244,968| 12-Jan-2018| 15:56| x86 \nClfsuninstall.mof| Not applicable| 123| 16-Nov-2017| 04:49| Not applicable\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-13T08:00:00", "type": "mskb", "title": "Description of the security update for the Windows Common Log file system driver elevation of privilege vulnerability in Windows Server 2008: February 13, 2018", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0846", "CVE-2018-0844"], "modified": "2018-02-13T08:00:00", "id": "KB4073079", "href": "https://support.microsoft.com/en-us/help/4073079", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:43:42", "description": "The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0846.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-15T02:29:00", "type": "cve", "title": "CVE-2018-0844", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0844", "CVE-2018-0846"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_server_1709:*", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2018-0844", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0844", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_1709:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2021-06-08T19:05:34", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts may result in a denial of service condition.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2018-02-13T00:00:00", "type": "symantec", "title": "Microsoft Windows CLFS CVE-2018-0846 Local Privilege Escalation Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-0846"], "modified": "2018-02-13T00:00:00", "id": "SMNTC-102931", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102931", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T19:05:34", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete control of the affected system.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2018-02-13T00:00:00", "type": "symantec", "title": "Microsoft Windows CLFS CVE-2018-0844 Local Privilege Escalation Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-0844"], "modified": "2018-02-13T00:00:00", "id": "SMNTC-102929", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102929", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:30:48", "description": "A vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to damage users system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation Of Privilege (CVE-2018-0846)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0846"], "modified": "2018-02-13T00:00:00", "id": "CPAI-2018-0077", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:30:52", "description": "A vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to damage users system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation Of Privilege (CVE-2018-0844)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0844"], "modified": "2018-02-13T00:00:00", "id": "CPAI-2018-0076", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2021-12-06T18:25:20", "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-13T08:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0846"], "modified": "2018-02-14T08:00:00", "id": "MS:CVE-2018-0846", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-0846", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-06T18:25:20", "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-13T08:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0844"], "modified": "2018-02-14T08:00:00", "id": "MS:CVE-2018-0844", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-0844", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-05-25T17:14:27", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0820)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0810)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-14T00:00:00", "type": "nessus", "title": "Security Updates for Windows Server 2008 (February 2018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0742", "CVE-2018-0757", "CVE-2018-0810", "CVE-2018-0820", "CVE-2018-0825", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847"], "modified": "2020-09-04T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_FEB_WIN2008.NASL", "href": "https://www.tenable.com/plugins/nessus/106818", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106818);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/04\");\n\n script_cve_id(\n \"CVE-2018-0742\",\n \"CVE-2018-0757\",\n \"CVE-2018-0810\",\n \"CVE-2018-0820\",\n \"CVE-2018-0825\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0842\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\"\n );\n script_bugtraq_id(\n 102861,\n 102920,\n 102929,\n 102931,\n 102937,\n 102938,\n 102945,\n 102946,\n 102947,\n 102948,\n 102949\n );\n script_xref(name:\"MSKB\", value:\"4058165\");\n script_xref(name:\"MSKB\", value:\"4073080\");\n script_xref(name:\"MSKB\", value:\"4034044\");\n script_xref(name:\"MSKB\", value:\"4073079\");\n script_xref(name:\"MSKB\", value:\"4074851\");\n script_xref(name:\"MSKB\", value:\"4074836\");\n script_xref(name:\"MSKB\", value:\"4074603\");\n script_xref(name:\"MSFT\", value:\"MS18-4058165\");\n script_xref(name:\"MSFT\", value:\"MS18-4073080\");\n script_xref(name:\"MSFT\", value:\"MS18-4034044\");\n script_xref(name:\"MSFT\", value:\"MS18-4073079\");\n script_xref(name:\"MSFT\", value:\"MS18-4074851\");\n script_xref(name:\"MSFT\", value:\"MS18-4074836\");\n script_xref(name:\"MSFT\", value:\"MS18-4074603\");\n\n script_name(english:\"Security Updates for Windows Server 2008 (February 2018)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0820)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0810)\");\n # https://support.microsoft.com/en-us/help/4058165/security-update-for-vulnerabilities-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b4502bd9\");\n # https://support.microsoft.com/en-us/help/4073080/security-update-for-vulnerabilities-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1605c63\");\n # https://support.microsoft.com/en-us/help/4034044/security-update-for-the-scripting-engine-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?859aacbd\");\n # https://support.microsoft.com/en-us/help/4073079/security-update-for-vulnerabilities-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bcb52b2e\");\n # https://support.microsoft.com/en-us/help/4074851/security-update-for-vulnerability-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?90a704be\");\n # https://support.microsoft.com/en-us/help/4074836/security-update-for-vulnerabilities-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ef076d3\");\n # https://support.microsoft.com/en-us/help/4074603/security-update-for-vulnerabilities-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0bb99366\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4058165\n -KB4073080\n -KB4034044\n -KB4073079\n -KB4074851\n -KB4074836\n -KB4074603\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0825\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS18-02';\n\nkbs = make_list(\n \"4058165\",\n \"4073080\",\n \"4034044\",\n \"4073079\",\n \"4074851\",\n \"4074836\",\n \"4074603\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KBs only apply to Windows 2008\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nthe_session = make_array(\n 'login', login,\n 'password', pass,\n 'domain', domain,\n 'share', winsxs_share\n);\n\nvuln = 0;\n\n# KB4034044\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"cdosys_31bf3856ad364e35\", file_pat:\"^cdosys\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.6.6002.24282'),\n max_versions:make_list('6.6.6002.99999'),\n bulletin:bulletin,\n kb:\"4034044\", session:the_session);\n\n# KB4058165\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"tcpip-binaries_31bf3856ad364e35\", file_pat:\"^tcpip\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.24296'),\n max_versions:make_list('6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4058165\", session:the_session);\n\n# KB4073079\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"commonlog_31bf3856ad364e35\", file_pat:\"^clfs\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.24282'),\n max_versions:make_list('6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4073079\", session:the_session);\n\n# KB4073080\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"csrsrv_31bf3856ad364e35\", file_pat:\"^csrsrv\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.24282'),\n max_versions:make_list('6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4073080\", session:the_session);\n\n# KB4074603\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"win32k_31bf3856ad364e35\", file_pat:\"^win32k\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.24281'),\n max_versions:make_list('6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4074603\", session:the_session);\n\n# KB4074836\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"input.inf_31bf3856ad364e35\", file_pat:\"^hidir\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.24282'),\n max_versions:make_list('6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4074836\", session:the_session);\n# KB4074851\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"-structuredquery_31bf3856ad364e35\", file_pat:\"^msshsq\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('7.0.6002.24282'),\n max_versions:make_list('7.0.6002.99999'),\n bulletin:bulletin,\n kb:\"4074851\", session:the_session);\n\nif (vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T17:14:30", "description": "The remote Windows host is missing security update 4074597 or cumulative update 4074594. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0820)\n\n - A denial of service vulnerability exists in implementations of the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client. The vulnerability is due to improper handling of certain requests sent by a malicious SMB server to the client. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. (CVE-2018-0833)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0840)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "KB4074597: Windows 8.1 and Windows Server 2012 R2 February 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0742", "CVE-2018-0757", "CVE-2018-0820", "CVE-2018-0825", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0832", "CVE-2018-0833", "CVE-2018-0840", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0866"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_FEB_4074594.NASL", "href": "https://www.tenable.com/plugins/nessus/106800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106800);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-0742\",\n \"CVE-2018-0757\",\n \"CVE-2018-0820\",\n \"CVE-2018-0825\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0832\",\n \"CVE-2018-0833\",\n \"CVE-2018-0840\",\n \"CVE-2018-0842\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\",\n \"CVE-2018-0866\"\n );\n script_xref(name:\"MSKB\", value:\"4074594\");\n script_xref(name:\"MSKB\", value:\"4074597\");\n script_xref(name:\"MSFT\", value:\"MS18-4074594\");\n script_xref(name:\"MSFT\", value:\"MS18-4074597\");\n\n script_name(english:\"KB4074597: Windows 8.1 and Windows Server 2012 R2 February 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4074597\nor cumulative update 4074594. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0820)\n\n - A denial of service vulnerability exists in\n implementations of the Microsoft Server Message Block\n 2.0 and 3.0 (SMBv2/SMBv3) client. The vulnerability is\n due to improper handling of certain requests sent by a\n malicious SMB server to the client. An attacker who\n successfully exploited this vulnerability could cause\n the affected system to stop responding until it is\n manually restarted. (CVE-2018-0833)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0832)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0840)\");\n # https://support.microsoft.com/en-us/help/4074594/windows-81-update-kb4074594\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81ed62f4\");\n # https://support.microsoft.com/en-us/help/4074597/windows-81-update-kb-4074597\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c03fa8a5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4074597 or Cumulative Update KB4074594.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074594', '4074597');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"02_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4074594, 4074597])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T17:16:00", "description": "The remote Windows host is missing security update 4074589 or cumulative update 4074593. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0820)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that while this vulnerability would not allow an attacker to either execute code or to elevate user rights directly, it could be used to obtain information in an attempt to further compromise the affected system. (CVE-2018-0760)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0810)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "KB4074589: Windows Server 2012 February 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0742", "CVE-2018-0757", "CVE-2018-0760", "CVE-2018-0810", "CVE-2018-0820", "CVE-2018-0825", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0840", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0866"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_FEB_4074593.NASL", "href": "https://www.tenable.com/plugins/nessus/106799", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106799);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-0742\",\n \"CVE-2018-0757\",\n \"CVE-2018-0760\",\n \"CVE-2018-0810\",\n \"CVE-2018-0820\",\n \"CVE-2018-0825\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0840\",\n \"CVE-2018-0842\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\",\n \"CVE-2018-0866\"\n );\n script_xref(name:\"MSKB\", value:\"4074593\");\n script_xref(name:\"MSKB\", value:\"4074589\");\n script_xref(name:\"MSFT\", value:\"MS18-4074593\");\n script_xref(name:\"MSFT\", value:\"MS18-4074589\");\n\n script_name(english:\"KB4074589: Windows Server 2012 February 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4074589\nor cumulative update 4074593. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0820)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An information disclosure vulnerability exists in the\n way that the Microsoft Windows Embedded OpenType (EOT)\n font engine parses specially crafted embedded fonts. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that while this vulnerability would not\n allow an attacker to either execute code or to elevate\n user rights directly, it could be used to obtain\n information in an attempt to further compromise the\n affected system. (CVE-2018-0760)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0810)\");\n # https://support.microsoft.com/en-us/help/4074593/windows-server-2012-update-kb4074593\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c58b06f4\");\n # https://support.microsoft.com/en-us/help/4074589/windows-server-2012-update-kb-4074589\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7394ef71\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4074589 or Cumulative Update KB4074593.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074593', '4074589');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"02_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4074593, 4074589])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T17:14:55", "description": "The remote Windows host is missing security update 4074587 or cumulative update 4074598. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0820)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that while this vulnerability would not allow an attacker to either execute code or to elevate user rights directly, it could be used to obtain information in an attempt to further compromise the affected system. (CVE-2018-0755, CVE-2018-0760, CVE-2018-0761, CVE-2018-0855)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "KB4074587: Windows 7 and Windows Server 2008 R2 February 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0742", "CVE-2018-0755", "CVE-2018-0757", "CVE-2018-0760", "CVE-2018-0761", "CVE-2018-0820", "CVE-2018-0825", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0840", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0855", "CVE-2018-0866"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_FEB_4074598.NASL", "href": "https://www.tenable.com/plugins/nessus/106802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106802);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-0742\",\n \"CVE-2018-0755\",\n \"CVE-2018-0757\",\n \"CVE-2018-0760\",\n \"CVE-2018-0761\",\n \"CVE-2018-0820\",\n \"CVE-2018-0825\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0840\",\n \"CVE-2018-0842\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\",\n \"CVE-2018-0855\",\n \"CVE-2018-0866\"\n );\n script_xref(name:\"MSKB\", value:\"4074598\");\n script_xref(name:\"MSKB\", value:\"4074587\");\n script_xref(name:\"MSFT\", value:\"MS18-4074598\");\n script_xref(name:\"MSFT\", value:\"MS18-4074587\");\n\n script_name(english:\"KB4074587: Windows 7 and Windows Server 2008 R2 February 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4074587\nor cumulative update 4074598. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0820)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists in the\n way that the Microsoft Windows Embedded OpenType (EOT)\n font engine parses specially crafted embedded fonts. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that while this vulnerability would not\n allow an attacker to either execute code or to elevate\n user rights directly, it could be used to obtain\n information in an attempt to further compromise the\n affected system. (CVE-2018-0755, CVE-2018-0760,\n CVE-2018-0761, CVE-2018-0855)\");\n # https://support.microsoft.com/en-us/help/4074598/windows-7-update-kb4074598\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef621048\");\n # https://support.microsoft.com/en-us/help/4074587/windows-7-update-kb4074587\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1b6209b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4074587 or Cumulative Update KB4074598.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074598', '4074587');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"02_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4074598, 4074587])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T17:16:24", "description": "The remote Windows host is missing security update 4074596.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860)\n\n - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "KB4074596: Windows 10 February 2018 Security Update (Meltdown)(Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0757", "CVE-2018-0820", "CVE-2018-0821", "CVE-2018-0822", "CVE-2018-0825", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0832", "CVE-2018-0834", "CVE-2018-0835", "CVE-2018-0837", "CVE-2018-0838", "CVE-2018-0840", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0860", "CVE-2018-0866"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_FEB_4074596.NASL", "href": "https://www.tenable.com/plugins/nessus/106801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106801);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\",\n \"CVE-2018-0742\",\n \"CVE-2018-0756\",\n \"CVE-2018-0757\",\n \"CVE-2018-0820\",\n \"CVE-2018-0821\",\n \"CVE-2018-0822\",\n \"CVE-2018-0825\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0832\",\n \"CVE-2018-0834\",\n \"CVE-2018-0835\",\n \"CVE-2018-0837\",\n \"CVE-2018-0838\",\n \"CVE-2018-0840\",\n \"CVE-2018-0842\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\",\n \"CVE-2018-0857\",\n \"CVE-2018-0859\",\n \"CVE-2018-0860\",\n \"CVE-2018-0866\"\n );\n script_xref(name:\"MSKB\", value:\"4074596\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"MSFT\", value:\"MS18-4074596\");\n\n script_name(english:\"KB4074596: Windows 10 February 2018 Security Update (Meltdown)(Spectre)\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4074596.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing\n speculative execution and indirect branch prediction,\n which may allow an attacker with local user access to\n disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly handles objects. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0822)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0834,\n CVE-2018-0835, CVE-2018-0837, CVE-2018-0838,\n CVE-2018-0857, CVE-2018-0859, CVE-2018-0860)\n\n - An elevation of privilege vulnerability exists when\n AppContainer improperly implements constrained\n impersonation. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. (CVE-2018-0821)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0832)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\");\n # https://support.microsoft.com/en-us/help/4074596/windows-10-update-kb4074596\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1963073c\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?573cb1ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4074596.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074596');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"02_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4074596])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T16:45:17", "description": "The remote Windows host is missing security update 4074591.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826)\n\n - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860)\n\n - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "KB4074591: Windows 10 Version 1511 February 2018 Security Update (Meltdown)(Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0757", "CVE-2018-0820", "CVE-2018-0821", "CVE-2018-0822", "CVE-2018-0825", "CVE-2018-0826", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0832", "CVE-2018-0834", "CVE-2018-0835", "CVE-2018-0837", "CVE-2018-0838", "CVE-2018-0840", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0860", "CVE-2018-0866"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_FEB_4074591.NASL", "href": "https://www.tenable.com/plugins/nessus/106797", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106797);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\",\n \"CVE-2018-0742\",\n \"CVE-2018-0756\",\n \"CVE-2018-0757\",\n \"CVE-2018-0820\",\n \"CVE-2018-0821\",\n \"CVE-2018-0822\",\n \"CVE-2018-0825\",\n \"CVE-2018-0826\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0832\",\n \"CVE-2018-0834\",\n \"CVE-2018-0835\",\n \"CVE-2018-0837\",\n \"CVE-2018-0838\",\n \"CVE-2018-0840\",\n \"CVE-2018-0842\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\",\n \"CVE-2018-0857\",\n \"CVE-2018-0859\",\n \"CVE-2018-0860\",\n \"CVE-2018-0866\"\n );\n script_xref(name:\"MSKB\", value:\"4074591\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"MSFT\", value:\"MS18-4074591\");\n\n script_name(english:\"KB4074591: Windows 10 Version 1511 February 2018 Security Update (Meltdown)(Spectre)\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4074591.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing\n speculative execution and indirect branch prediction,\n which may allow an attacker with local user access to\n disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0826)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly handles objects. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0822)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0834,\n CVE-2018-0835, CVE-2018-0837, CVE-2018-0838,\n CVE-2018-0857, CVE-2018-0859, CVE-2018-0860)\n\n - An elevation of privilege vulnerability exists when\n AppContainer improperly implements constrained\n impersonation. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. (CVE-2018-0821)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0832)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\");\n # https://support.microsoft.com/en-us/help/4074591/windows-10-update-kb4074591\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?045c2f89\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?573cb1ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4074591.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074591');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"02_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4074591])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T16:43:56", "description": "The remote Windows host is missing security update 4074590. It is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826)\n\n - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861)\n\n - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when the MultiPoint management account password is improperly secured. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges.\n (CVE-2018-0828)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2018-0771)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820, CVE-2018-0831)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "KB4074590: Windows 10 Version 1607 and Windows Server 2016 February 2018 Security Update (Meltdown)(Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0757", "CVE-2018-0771", "CVE-2018-0820", "CVE-2018-0821", "CVE-2018-0822", "CVE-2018-0825", "CVE-2018-0826", "CVE-2018-0828", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0831", "CVE-2018-0832", "CVE-2018-0834", "CVE-2018-0835", "CVE-2018-0837", "CVE-2018-0838", "CVE-2018-0840", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0860", "CVE-2018-0861", "CVE-2018-0866"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_FEB_4074590.NASL", "href": "https://www.tenable.com/plugins/nessus/106796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106796);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\",\n \"CVE-2018-0742\",\n \"CVE-2018-0756\",\n \"CVE-2018-0757\",\n \"CVE-2018-0771\",\n \"CVE-2018-0820\",\n \"CVE-2018-0821\",\n \"CVE-2018-0822\",\n \"CVE-2018-0825\",\n \"CVE-2018-0826\",\n \"CVE-2018-0828\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0831\",\n \"CVE-2018-0832\",\n \"CVE-2018-0834\",\n \"CVE-2018-0835\",\n \"CVE-2018-0837\",\n \"CVE-2018-0838\",\n \"CVE-2018-0840\",\n \"CVE-2018-0842\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\",\n \"CVE-2018-0857\",\n \"CVE-2018-0859\",\n \"CVE-2018-0860\",\n \"CVE-2018-0861\",\n \"CVE-2018-0866\"\n );\n script_xref(name:\"MSKB\", value:\"4074590\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"MSFT\", value:\"MS18-4074590\");\n\n script_name(english:\"KB4074590: Windows 10 Version 1607 and Windows Server 2016 February 2018 Security Update (Meltdown)(Spectre)\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4074590. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing\n speculative execution and indirect branch prediction,\n which may allow an attacker with local user access to\n disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0826)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly handles objects. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0822)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0834,\n CVE-2018-0835, CVE-2018-0837, CVE-2018-0838,\n CVE-2018-0857, CVE-2018-0859, CVE-2018-0860,\n CVE-2018-0861)\n\n - An elevation of privilege vulnerability exists when\n AppContainer improperly implements constrained\n impersonation. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. (CVE-2018-0821)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when the MultiPoint management account\n password is improperly secured. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated privileges.\n (CVE-2018-0828)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0832)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-0771)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820,\n CVE-2018-0831)\");\n # https://support.microsoft.com/en-us/help/4074590/windows-10-update-kb4074590\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2535711\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?573cb1ef\");\n # https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8902cebb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4074590 as well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_enum_services.nasl\", \"microsoft_windows_env_vars.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_reg_query.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074590');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nos_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nif (os_build != \"14393\") audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"02_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4074590])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T16:44:21", "description": "The remote Windows host is missing security update 4074588. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0827)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0763)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0843)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826)\n\n - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822)\n\n - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An elevation of privilege vulnerability exist when Named Pipe File System improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0823)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0809)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820, CVE-2018-0831)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0840)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "KB4074588: Windows 10 Version 1709 and Windows Server Version 1709 February 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0757", "CVE-2018-0763", "CVE-2018-0809", "CVE-2018-0820", "CVE-2018-0821", "CVE-2018-0822", "CVE-2018-0823", "CVE-2018-0825", "CVE-2018-0826", "CVE-2018-0827", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0831", "CVE-2018-0832", "CVE-2018-0834", "CVE-2018-0835", "CVE-2018-0836", "CVE-2018-0837", "CVE-2018-0838", "CVE-2018-0840", "CVE-2018-0842", "CVE-2018-0843", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0856", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0860", "CVE-2018-0866"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_FEB_4074588.NASL", "href": "https://www.tenable.com/plugins/nessus/106795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106795);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0742\",\n \"CVE-2018-0756\",\n \"CVE-2018-0757\",\n \"CVE-2018-0763\",\n \"CVE-2018-0809\",\n \"CVE-2018-0820\",\n \"CVE-2018-0821\",\n \"CVE-2018-0822\",\n \"CVE-2018-0823\",\n \"CVE-2018-0825\",\n \"CVE-2018-0826\",\n \"CVE-2018-0827\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0831\",\n \"CVE-2018-0832\",\n \"CVE-2018-0834\",\n \"CVE-2018-0835\",\n \"CVE-2018-0836\",\n \"CVE-2018-0837\",\n \"CVE-2018-0838\",\n \"CVE-2018-0840\",\n \"CVE-2018-0842\",\n \"CVE-2018-0843\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\",\n \"CVE-2018-0856\",\n \"CVE-2018-0857\",\n \"CVE-2018-0859\",\n \"CVE-2018-0860\",\n \"CVE-2018-0866\"\n );\n script_xref(name:\"MSKB\", value:\"4074588\");\n script_xref(name:\"MSFT\", value:\"MS18-4074588\");\n\n script_name(english:\"KB4074588: Windows 10 Version 1709 and Windows Server Version 1709 February 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4074588. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0827)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0834,\n CVE-2018-0835, CVE-2018-0836, CVE-2018-0837,\n CVE-2018-0838, CVE-2018-0856, CVE-2018-0857,\n CVE-2018-0859, CVE-2018-0860)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0763)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0843)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0832)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0826)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly handles objects. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0822)\n\n - An elevation of privilege vulnerability exists when\n AppContainer improperly implements constrained\n impersonation. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. (CVE-2018-0821)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An elevation of privilege vulnerability exist when Named\n Pipe File System improperly handles objects. An attacker\n who successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-0823)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-0809)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820,\n CVE-2018-0831)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0840)\");\n # https://support.microsoft.com/en-us/help/4074588/windows-10-update-kb4074588\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?13cfb4a5\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4074588.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074588');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"02_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4074588])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T16:45:15", "description": "The remote Windows host is missing security update 4074592.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0827)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0763, CVE-2018-0839)\n\n - An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861)\n\n - An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0822)\n\n - An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0821)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0832)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0809)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820, CVE-2018-0831)\n\n - A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2018-0771)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0826)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "KB4074592: Windows 10 Version 1703 February 2018 Security Update (Meltdown)(Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0757", "CVE-2018-0763", "CVE-2018-0771", "CVE-2018-0809", "CVE-2018-0820", "CVE-2018-0821", "CVE-2018-0822", "CVE-2018-0825", "CVE-2018-0826", "CVE-2018-0827", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0831", "CVE-2018-0832", "CVE-2018-0834", "CVE-2018-0835", "CVE-2018-0836", "CVE-2018-0837", "CVE-2018-0838", "CVE-2018-0839", "CVE-2018-0840", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0856", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0860", "CVE-2018-0861", "CVE-2018-0866"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_FEB_4074592.NASL", "href": "https://www.tenable.com/plugins/nessus/106798", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106798);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\",\n \"CVE-2018-0742\",\n \"CVE-2018-0756\",\n \"CVE-2018-0757\",\n \"CVE-2018-0763\",\n \"CVE-2018-0771\",\n \"CVE-2018-0809\",\n \"CVE-2018-0820\",\n \"CVE-2018-0821\",\n \"CVE-2018-0822\",\n \"CVE-2018-0825\",\n \"CVE-2018-0826\",\n \"CVE-2018-0827\",\n \"CVE-2018-0829\",\n \"CVE-2018-0830\",\n \"CVE-2018-0831\",\n \"CVE-2018-0832\",\n \"CVE-2018-0834\",\n \"CVE-2018-0835\",\n \"CVE-2018-0836\",\n \"CVE-2018-0837\",\n \"CVE-2018-0838\",\n \"CVE-2018-0839\",\n \"CVE-2018-0840\",\n \"CVE-2018-0842\",\n \"CVE-2018-0844\",\n \"CVE-2018-0846\",\n \"CVE-2018-0847\",\n \"CVE-2018-0856\",\n \"CVE-2018-0857\",\n \"CVE-2018-0859\",\n \"CVE-2018-0860\",\n \"CVE-2018-0861\",\n \"CVE-2018-0866\"\n );\n script_xref(name:\"MSKB\", value:\"4074592\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"MSFT\", value:\"MS18-4074592\");\n\n script_name(english:\"KB4074592: Windows 10 Version 1703 February 2018 Security Update (Meltdown)(Spectre)\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4074592.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing\n speculative execution and indirect branch prediction,\n which may allow an attacker with local user access to\n disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0866)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0827)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0763, CVE-2018-0839)\n\n - An information disclosure vulnerability exists when\n VBScript improperly discloses the contents of its\n memory, which could provide an attacker with information\n to further compromise the users computer or data.\n (CVE-2018-0847)\n\n - A remote code execution vulnerability exists in\n StructuredQuery when the software fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0825)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0834,\n CVE-2018-0835, CVE-2018-0836, CVE-2018-0837,\n CVE-2018-0838, CVE-2018-0856, CVE-2018-0857,\n CVE-2018-0859, CVE-2018-0860, CVE-2018-0861)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly handles objects. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0822)\n\n - An elevation of privilege vulnerability exists when\n AppContainer improperly implements constrained\n impersonation. An attacker who successfully exploited\n this vulnerability could run processes in an elevated\n context. (CVE-2018-0821)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-0842)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-0844, CVE-2018-0846)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0832)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-0809)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820,\n CVE-2018-0831)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-0771)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0840)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0826)\");\n # https://support.microsoft.com/en-us/help/4074592/windows-10-update-kb4074592\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?66620b53\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?573cb1ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4074592.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074592');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"02_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4074592])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-08T13:28:51", "description": "This host is missing a critical security\n update according to Microsoft KB4074594", "cvss3": {}, "published": "2018-02-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4074594)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0846", "CVE-2018-0830", "CVE-2018-0833", "CVE-2018-0832", "CVE-2018-0847", "CVE-2018-0829", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0757", "CVE-2018-0742", "CVE-2018-0866", "CVE-2018-0825", "CVE-2018-0820", "CVE-2018-0840"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310812768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4074594)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812768\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-0742\", \"CVE-2018-0757\", \"CVE-2018-0820\", \"CVE-2018-0825\",\n \"CVE-2018-0829\", \"CVE-2018-0830\", \"CVE-2018-0832\", \"CVE-2018-0833\",\n \"CVE-2018-0840\", \"CVE-2018-0842\", \"CVE-2018-0844\", \"CVE-2018-0846\",\n \"CVE-2018-0847\", \"CVE-2018-0866\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-14 11:19:08 +0530 (Wed, 14 Feb 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4074594)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4074594\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The scripting engine fails to properly handles objects in memory in\n microsoft browsers.\n\n - The windows kernel fails to properly handle objects in memory.\n\n - The Windows Common Log File System (CLFS) driver improperly handles\n objects in memory.\n\n - The VBScript improperly discloses the contents of its memory, which could\n provide an attacker with information to further compromise the user's\n computer or data.\n\n - An improper implementation of the Microsoft Server Message Block 2.\n\n - Microsoft has deprecated the Document Signing functionality in XPS Viewer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker who successfully exploited the vulnerability gain the same\n user rights as the current user, run arbitrary code in kernel mode, obtain\n information to further compromise the user's system, cause the affected system\n to stop responding until it is manually restarted, spoof content, perform\n phishing attacks, or otherwise manipulate content of a document.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4074594\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"urlmon.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"11.0.9600.18921\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\urlmon.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 11.0.9600.18921\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:05:57", "description": "This host is missing a critical security\n update according to Microsoft KB4074598", "cvss3": {}, "published": "2018-02-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4074598)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0761", "CVE-2018-0846", "CVE-2018-0830", "CVE-2018-0847", "CVE-2018-0829", "CVE-2018-0855", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0810", "CVE-2018-0757", "CVE-2018-0742", "CVE-2018-0866", "CVE-2018-0760", "CVE-2018-0825", "CVE-2018-0820", "CVE-2018-0755", "CVE-2018-0840"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812767", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812767", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4074598)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812767\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0742\", \"CVE-2018-0755\", \"CVE-2018-0757\", \"CVE-2018-0760\",\n \"CVE-2018-0761\", \"CVE-2018-0810\", \"CVE-2018-0820\", \"CVE-2018-0825\",\n \"CVE-2018-0829\", \"CVE-2018-0830\", \"CVE-2018-0840\", \"CVE-2018-0842\",\n \"CVE-2018-0844\", \"CVE-2018-0846\", \"CVE-2018-0847\", \"CVE-2018-0855\",\n \"CVE-2018-0866\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-14 10:52:39 +0530 (Wed, 14 Feb 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4074598)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4074598\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The software fails to properly handle objects in memory.\n\n - The Microsoft Windows Embedded OpenType (EOT) font engine fails to properly\n parse specially crafted embedded fonts.\n\n - The scripting engine improperly handles objects in memory.\n\n - The Windows Common Log File System (CLFS) driver improperly handles objects\n in memory.\n\n - The VBScript improperly discloses the contents of its memory.\n\n - The Windows Kernel handles objects in memory.\n\n - The Windows kernel fails to properly initialize a memory address.\n\n - Microsoft has deprecated the Document Signing functionality in XPS Viewer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to run arbitrary code in the\n context of the current user, read data that was not intended to be disclosed,\n gain the same user rights as the current user, obtain information to further\n compromise the user's system, spoof content, perform phishing attacks, or\n otherwise manipulate content of a document.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4074598\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24023\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24023\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:10", "description": "This host is missing a critical security\n update according to Microsoft KB4074596", "cvss3": {}, "published": "2018-02-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4074596)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0846", "CVE-2018-0821", "CVE-2018-0830", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0838", "CVE-2018-0837", "CVE-2018-0832", "CVE-2018-0847", "CVE-2018-0829", "CVE-2018-0860", "CVE-2018-0822", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0835", "CVE-2018-0757", "CVE-2018-0834", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0866", "CVE-2018-0825", "CVE-2018-0820", "CVE-2018-0840"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812769", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812769", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4074596)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812769\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0742\", \"CVE-2018-0756\", \"CVE-2018-0757\", \"CVE-2018-0820\",\n \"CVE-2018-0821\", \"CVE-2018-0822\", \"CVE-2018-0825\", \"CVE-2018-0829\",\n \"CVE-2018-0830\", \"CVE-2018-0832\", \"CVE-2018-0834\", \"CVE-2018-0835\",\n \"CVE-2018-0837\", \"CVE-2018-0838\", \"CVE-2018-0840\", \"CVE-2018-0842\",\n \"CVE-2018-0844\", \"CVE-2018-0846\", \"CVE-2018-0847\", \"CVE-2018-0857\",\n \"CVE-2018-0859\", \"CVE-2018-0860\", \"CVE-2018-0866\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-14 11:46:45 +0530 (Wed, 14 Feb 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4074596)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4074596\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft\n browsers.\n\n - The Windows kernel fails to properly handle objects in memory.\n\n - The Windows Common Log File System (CLFS) driver improperly handles\n objects in memory.\n\n - The VBScript improperly discloses the contents of its memory.\n\n - The NTFS improperly handles objects.\n\n - Microsoft has deprecated the Document Signing functionality in XPS Viewer.\n\n - The AppContainer improperly implements constrained impersonation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker who successfully exploited the vulnerability gain the same user\n rights as the current user, run arbitrary code in kernel mode, obtain\n information to further compromise the user's system, cause the affected system\n to stop responding until it is manually restarted, spoof content, perform\n phishing attacks, or otherwise manipulate content of a document.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4074596\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17769\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.17769\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:17", "description": "This host is missing a critical security\n update according to Microsoft KB4074591", "cvss3": {}, "published": "2018-02-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4074591)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0846", "CVE-2018-0821", "CVE-2018-0830", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0838", "CVE-2018-0837", "CVE-2018-0832", "CVE-2018-0847", "CVE-2018-0829", "CVE-2018-0860", "CVE-2018-0822", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0835", "CVE-2018-0757", "CVE-2018-0834", "CVE-2018-0826", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0866", "CVE-2018-0825", "CVE-2018-0820", "CVE-2018-0840"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812770", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4074591)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812770\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0742\", \"CVE-2018-0756\", \"CVE-2018-0757\", \"CVE-2018-0820\",\n \"CVE-2018-0821\", \"CVE-2018-0822\", \"CVE-2018-0825\", \"CVE-2018-0826\",\n \"CVE-2018-0829\", \"CVE-2018-0830\", \"CVE-2018-0832\", \"CVE-2018-0834\",\n \"CVE-2018-0835\", \"CVE-2018-0837\", \"CVE-2018-0838\", \"CVE-2018-0840\",\n \"CVE-2018-0842\", \"CVE-2018-0844\", \"CVE-2018-0846\", \"CVE-2018-0847\",\n \"CVE-2018-0857\", \"CVE-2018-0859\", \"CVE-2018-0860\", \"CVE-2018-0866\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-14 11:57:41 +0530 (Wed, 14 Feb 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4074591)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4074591\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft\n browsers.\n\n - The windows kernel fails to properly handle objects in memory.\n\n - The windows Common Log File System (CLFS) driver improperly handles\n objects in memory.\n\n - The VBScript improperly discloses the contents of its memory.\n\n - The Storage Services improperly handles objects in memory.\n\n - The NTFS improperly handles objects.\n\n - Microsoft has deprecated the Document Signing functionality in XPS Viewer.\n\n - The AppContainer improperly implements constrained impersonation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker who successfully exploited the vulnerability gain the same user\n rights as the current user, run arbitrary code in kernel mode, obtain\n information to further compromise the user's system, cause the affected system\n to stop responding until it is manually restarted, spoof content, perform\n phishing attacks, or otherwise manipulate content of a document.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4074591\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.1416\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10586.0 - 11.0.10586.1416\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:29:01", "description": "This host is missing a critical security\n update according to Microsoft KB4074590", "cvss3": {}, "published": "2018-02-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4074590)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0846", "CVE-2018-0828", "CVE-2018-0821", "CVE-2018-0830", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0838", "CVE-2018-0837", "CVE-2018-0771", "CVE-2018-0832", "CVE-2018-0847", "CVE-2018-0829", "CVE-2018-0860", "CVE-2018-0822", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0835", "CVE-2018-0757", "CVE-2018-0834", "CVE-2018-0826", "CVE-2018-0831", "CVE-2018-0861", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0866", "CVE-2018-0825", "CVE-2018-0820", "CVE-2018-0840"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310812771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4074590)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812771\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-0742\", \"CVE-2018-0756\", \"CVE-2018-0757\", \"CVE-2018-0771\",\n \"CVE-2018-0820\", \"CVE-2018-0821\", \"CVE-2018-0822\", \"CVE-2018-0825\",\n \"CVE-2018-0826\", \"CVE-2018-0828\", \"CVE-2018-0829\", \"CVE-2018-0830\",\n \"CVE-2018-0831\", \"CVE-2018-0832\", \"CVE-2018-0834\", \"CVE-2018-0835\",\n \"CVE-2018-0837\", \"CVE-2018-0838\", \"CVE-2018-0840\", \"CVE-2018-0842\",\n \"CVE-2018-0844\", \"CVE-2018-0846\", \"CVE-2018-0847\", \"CVE-2018-0857\",\n \"CVE-2018-0859\", \"CVE-2018-0860\", \"CVE-2018-0861\", \"CVE-2018-0866\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-14 12:07:16 +0530 (Wed, 14 Feb 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4074590)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4074590\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft\n browsers.\n\n - The windows kernel fails to properly handle objects in memory.\n\n - The windows Common Log File System (CLFS) driver improperly handles\n objects in memory.\n\n - The VBScript improperly discloses the contents of its memory.\n\n - The Storage Services improperly handles objects in memory.\n\n - The NTFS improperly handles objects.\n\n - Microsoft has deprecated the Document Signing functionality in XPS Viewer.\n\n - The AppContainer improperly implements constrained impersonation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker who successfully exploited the vulnerability gain the same user\n rights as the current user, run arbitrary code in kernel mode, obtain\n information to further compromise the user's system, cause the affected system\n to stop responding until it is manually restarted, spoof content, perform\n phishing attacks, or otherwise manipulate content of a document.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4074590\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2067\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2067\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:05", "description": "This host is missing a critical security\n update according to Microsoft KB4074588", "cvss3": {}, "published": "2018-02-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4074588)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0846", "CVE-2018-0821", "CVE-2018-0830", "CVE-2018-0823", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0836", "CVE-2018-0838", "CVE-2018-0837", "CVE-2018-0832", "CVE-2018-0847", "CVE-2018-0829", "CVE-2018-0763", "CVE-2018-0809", "CVE-2018-0860", "CVE-2018-0843", "CVE-2018-0822", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0835", "CVE-2018-0757", "CVE-2018-0834", "CVE-2018-0826", "CVE-2018-0831", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0866", "CVE-2018-0825", "CVE-2018-0820", "CVE-2018-0827", "CVE-2018-0856", "CVE-2018-0840"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812915", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4074588)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812915\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0742\", \"CVE-2018-0756\", \"CVE-2018-0757\", \"CVE-2018-0763\",\n \"CVE-2018-0809\", \"CVE-2018-0820\", \"CVE-2018-0821\", \"CVE-2018-0822\",\n \"CVE-2018-0823\", \"CVE-2018-0825\", \"CVE-2018-0826\", \"CVE-2018-0827\",\n \"CVE-2018-0829\", \"CVE-2018-0830\", \"CVE-2018-0831\", \"CVE-2018-0832\",\n \"CVE-2018-0834\", \"CVE-2018-0835\", \"CVE-2018-0836\", \"CVE-2018-0837\",\n \"CVE-2018-0838\", \"CVE-2018-0840\", \"CVE-2018-0842\", \"CVE-2018-0843\",\n \"CVE-2018-0844\", \"CVE-2018-0846\", \"CVE-2018-0847\", \"CVE-2018-0856\",\n \"CVE-2018-0857\", \"CVE-2018-0859\", \"CVE-2018-0860\", \"CVE-2018-0866\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-14 13:19:41 +0530 (Wed, 14 Feb 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4074588)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4074588\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Multiple errors error in the way the scripting engine handles objects in\n memory in Microsoft browsers.\n\n - An error when the Windows kernel fails to properly handle objects in memory.\n\n - An error when the Windows kernel fails to properly initialize a memory address.\n\n - An error when the Windows Common Log File System (CLFS) driver improperly\n handles objects in memory.\n\n - An error when VBScript improperly discloses the contents of its memory, which\n could provide an attacker with information to further compromise the user\n computer or data.\n\n - An error when Storage Services improperly handles objects in memory.\n\n - An error in Windows Scripting Host which could allow an attacker to bypass\n Device Guard.\n\n - An error in StructuredQuery when the software fails to properly handle objects\n in memory.\n\n - An error when NTFS improperly handles objects.\n\n - An error when Named Pipe File System improperly handles objects.\n\n - An error when AppContainer improperly implements constrained impersonation.\n\n - An error as Microsoft has deprecated the Document Signing functionality in XPS\n Viewer.\n\n - An error in the Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space Layout Randomization\n (ASLR) bypass.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain the same user rights as the current user, run arbitrary code in kernel\n mode, obtain information to further compromise the user, run processes in an\n elevated context, circumvent a User Mode Code Integrity (UMCI) policy on the\n machine, spoof content, perform phishing attacks, or otherwise manipulate\n content of a document.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4074588\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.247\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.247\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:05:59", "description": "This host is missing a critical security\n update according to Microsoft KB4074592", "cvss3": {}, "published": "2018-02-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4074592)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0846", "CVE-2018-0821", "CVE-2018-0830", "CVE-2018-0857", "CVE-2018-0859", "CVE-2018-0836", "CVE-2018-0838", "CVE-2018-0837", "CVE-2018-0839", "CVE-2018-0771", "CVE-2018-0832", "CVE-2018-0847", "CVE-2018-0829", "CVE-2018-0763", "CVE-2018-0809", "CVE-2018-0860", "CVE-2018-0822", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0835", "CVE-2018-0757", "CVE-2018-0834", "CVE-2018-0826", "CVE-2018-0831", "CVE-2018-0861", "CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0866", "CVE-2018-0825", "CVE-2018-0820", "CVE-2018-0827", "CVE-2018-0856", "CVE-2018-0840"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812762", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812762", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4074592)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812762\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0742\", \"CVE-2018-0756\", \"CVE-2018-0757\", \"CVE-2018-0763\",\n \"CVE-2018-0771\", \"CVE-2018-0809\", \"CVE-2018-0820\", \"CVE-2018-0821\",\n \"CVE-2018-0822\", \"CVE-2018-0825\", \"CVE-2018-0826\", \"CVE-2018-0827\",\n \"CVE-2018-0829\", \"CVE-2018-0830\", \"CVE-2018-0831\", \"CVE-2018-0832\",\n \"CVE-2018-0834\", \"CVE-2018-0835\", \"CVE-2018-0836\", \"CVE-2018-0837\",\n \"CVE-2018-0838\", \"CVE-2018-0839\", \"CVE-2018-0840\", \"CVE-2018-0842\",\n \"CVE-2018-0844\", \"CVE-2018-0846\", \"CVE-2018-0847\", \"CVE-2018-0856\",\n \"CVE-2018-0857\", \"CVE-2018-0859\", \"CVE-2018-0860\", \"CVE-2018-0861\",\n \"CVE-2018-0866\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-14 09:33:29 +0530 (Wed, 14 Feb 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4074592)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4074592\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft\n browsers.\n\n - The windows kernel fails to properly handle objects in memory.\n\n - The windows Common Log File System (CLFS) driver improperly handles\n objects in memory.\n\n - The VBScript improperly discloses the contents of its memory.\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - The scripting engine improperly handles objects in memory in Internet Explorer.\n\n - The storage Services improperly handles objects in memory.\n\n - The NTFS improperly handles objects.\n\n - The AppContainer improperly implements constrained impersonation.\n\n - Microsoft has deprecated the Document Signing functionality in XPS Viewer.\n\n - Microsoft Edge improperly handles requests of different origins.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited the vulnerability to gain the same\n user rights as the current user, run arbitrary code in kernel mode, run\n processes in an elevated context, circumvent a User Mode Code Integrity\n (UMCI) policy on the machine, spoof content, perform phishing attacks, or\n otherwise manipulate content of a document, force the browser to send data\n that would otherwise be restricted and retrieve the memory address of a\n kernel object.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4074592\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.908\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.908\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2022-05-16T18:20:13", "description": "### *Detect date*:\n02/13/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.\n\n### *Affected products*:\nInternet Explorer 10 \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-0825](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0825>) \n[CVE-2018-0842](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0842>) \n[CVE-2018-0829](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0829>) \n[CVE-2018-0844](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0844>) \n[CVE-2018-0846](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0846>) \n[CVE-2018-0847](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0847>) \n[CVE-2018-0830](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0830>) \n[CVE-2018-0866](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0866>) \n[CVE-2018-0742](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0742>) \n[CVE-2018-0757](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0757>) \n[CVE-2018-0761](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0761>) \n[CVE-2018-0760](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0760>) \n[CVE-2018-0810](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0810>) \n[CVE-2018-0855](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0855>) \n[CVE-2018-0820](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0820>) \n[CVE-2018-0755](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0755>) \n[ADV180005](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/ADV180005>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2018-0742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0742>)4.6Warning \n[CVE-2018-0755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0755>)2.1Warning \n[CVE-2018-0757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0757>)1.9Warning \n[CVE-2018-0760](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0760>)2.1Warning \n[CVE-2018-0761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0761>)2.1Warning \n[CVE-2018-0810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0810>)1.9Warning \n[CVE-2018-0820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0820>)4.6Warning \n[CVE-2018-0825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0825>)7.6Critical \n[CVE-2018-0829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0829>)1.9Warning \n[CVE-2018-0830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0830>)1.9Warning \n[CVE-2018-0842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0842>)6.9High \n[CVE-2018-0844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0844>)4.6Warning \n[CVE-2018-0846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0846>)4.6Warning \n[CVE-2018-0847](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0847>)4.3Warning \n[CVE-2018-0855](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0855>)4.3Warning \n[CVE-2018-0866](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0866>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4074598](<http://support.microsoft.com/kb/4074598>) \n[4074587](<http://support.microsoft.com/kb/4074587>) \n[4074603](<http://support.microsoft.com/kb/4074603>) \n[4073080](<http://support.microsoft.com/kb/4073080>) \n[4074851](<http://support.microsoft.com/kb/4074851>) \n[4058165](<http://support.microsoft.com/kb/4058165>) \n[4074836](<http://support.microsoft.com/kb/4074836>) \n[4073079](<http://support.microsoft.com/kb/4073079>) \n[4034044](<http://support.microsoft.com/kb/4034044>) \n[4074736](<http://support.microsoft.com/kb/4074736>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-13T00:00:00", "type": "kaspersky", "title": "KLA11200 Multiple vulnerabilties in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0742", "CVE-2018-0755", "CVE-2018-0757", "CVE-2018-0760", "CVE-2018-0761", "CVE-2018-0810", "CVE-2018-0820", "CVE-2018-0825", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0842", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0855", "CVE-2018-0866"], "modified": "2022-05-05T00:00:00", "id": "KLA11200", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11200/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T11:14:58", "description": "### *Detect date*:\n02/13/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service.\n\n### *Affected products*:\nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows Server, version 1709 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-0742](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0742>) \n[CVE-2018-0756](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0756>) \n[CVE-2018-0757](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0757>) \n[CVE-2018-0760](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0760>) \n[CVE-2018-0809](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0809>) \n[CVE-2018-0810](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0810>) \n[CVE-2018-0820](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0820>) \n[CVE-2018-0821](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0821>) \n[CVE-2018-0822](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0822>) \n[CVE-2018-0823](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0823>) \n[CVE-2018-0825](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0825>) \n[CVE-2018-0826](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0826>) \n[CVE-2018-0827](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0827>) \n[CVE-2018-0828](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0828>) \n[CVE-2018-0829](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0829>) \n[CVE-2018-0830](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0830>) \n[CVE-2018-0831](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0831>) \n[CVE-2018-0832](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0832>) \n[CVE-2018-0833](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0833>) \n[CVE-2018-0842](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0842>) \n[CVE-2018-0843](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0843>) \n[CVE-2018-0844](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0844>) \n[CVE-2018-0846](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0846>) \n[CVE-2018-0847](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0847>) \n[ADV180005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180005>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2018-0742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0742>)4.6Warning \n[CVE-2018-0756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0756>)4.6Warning \n[CVE-2018-0757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0757>)1.9Warning \n[CVE-2018-0760](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0760>)2.1Warning \n[CVE-2018-0809](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0809>)6.9High \n[CVE-2018-0810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0810>)1.9Warning \n[CVE-2018-0820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0820>)4.6Warning \n[CVE-2018-0821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0821>)4.4Warning \n[CVE-2018-0822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0822>)4.4Warning \n[CVE-2018-0823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0823>)4.4Warning \n[CVE-2018-0825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0825>)7.6Critical \n[CVE-2018-0826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0826>)4.4Warning \n[CVE-2018-0827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0827>)4.6Warning \n[CVE-2018-0828](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0828>)4.6Warning \n[CVE-2018-0829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0829>)1.9Warning \n[CVE-2018-0830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0830>)1.9Warning \n[CVE-2018-0831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0831>)4.6Warning \n[CVE-2018-0832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0832>)1.9Warning \n[CVE-2018-0833](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0833>)6.3High \n[CVE-2018-0842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0842>)6.9High \n[CVE-2018-0843](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0843>)1.9Warning \n[CVE-2018-0844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0844>)4.6Warning \n[CVE-2018-0846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0846>)4.6Warning \n[CVE-2018-0847](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0847>)4.3Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4074591](<http://support.microsoft.com/kb/4074591>) \n[4074590](<http://support.microsoft.com/kb/4074590>) \n[4074594](<http://support.microsoft.com/kb/4074594>) \n[4074597](<http://support.microsoft.com/kb/4074597>) \n[4074593](<http://support.microsoft.com/kb/4074593>) \n[4074589](<http://support.microsoft.com/kb/4074589>) \n[4074596](<http://support.microsoft.com/kb/4074596>) \n[4074592](<http://support.microsoft.com/kb/4074592>) \n[4074588](<http://support.microsoft.com/kb/4074588>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-13T00:00:00", "type": "kaspersky", "title": "KLA11195 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0742", "CVE-2018-0756", "CVE-2018-0757", "CVE-2018-0760", "CVE-2018-0809", "CVE-2018-0810", "CVE-2018-0820", "CVE-2018-0821", "CVE-2018-0822", "CVE-2018-0823", "CVE-2018-0825", "CVE-2018-0826", "CVE-2018-0827", "CVE-2018-0828", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0831", "CVE-2018-0832", "CVE-2018-0833", "CVE-2018-0842", "CVE-2018-0843", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847"], "modified": "2020-08-14T00:00:00", "id": "KLA11195", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11195/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2018-02-16T14:10:04", "description": "\n\nValentine\u2019s Day was earlier this week, and there was so much love in the air. There was also a lot of love in the Trend Micro world as our teams worked diligently to make sure our customers were protected from this month\u2019s bevy of critical vulnerabilities across several vendors. This week, we focus on Microsoft, who issued a whopping 50 security patches covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows and Microsoft Office. Eight of the CVEs came through the Zero Day Initiative program!\n\n\n\nThere are some scary bugs out there! One of the interesting ones that Microsoft patched this month for Microsoft Outlook used the preview pane as an attack vector. That means an exploit of this vulnerability could allow code execution without even opening an email. You can get more information on this month\u2019s Microsoft updates from Dustin Childs\u2019 [February 2018 Security Update Review](<https://zerodayinitiative.com/blog/2018/2/13/the-february-2018-security-update-review>) from the Zero Day Initiative:\n\n**Microsoft Security Updates**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before February 13, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with * shipped prior to this week\u2019s DV package, providing preemptive protection for our customers.\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0742 | 30334 | \nCVE-2018-0755 | *30237 | \nCVE-2018-0756 | 30336 | \nCVE-2018-0757 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0760 | *30241 | \nCVE-2018-0761 | *30239 | \nCVE-2018-0763 | *30275 | \nCVE-2018-0771 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0809 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0810 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0820 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0821 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0822 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0823 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0825 | 30341 | \nCVE-2018-0826 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0827 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0828 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0829 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0830 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0831 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0832 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0833 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0834 | 30345 | \nCVE-2018-0835 | 30349 | \nCVE-2018-0836 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0837 | 30351 | \nCVE-2018-0838 | 30362 | \nCVE-2018-0839 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0840 | 30365 | \nCVE-2018-0841 | 30388 | \nCVE-2018-0842 | 30367 | \nCVE-2018-0843 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0844 | 30366 | \nCVE-2018-0846 | 30368 | \nCVE-2018-0847 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0850 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0851 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0852 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0853 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0855 | *30242 | \nCVE-2018-0856 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0857 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0858 | 30331 | \nCVE-2018-0859 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0860 | 30342 | \nCVE-2018-0861 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0864 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0866 | 30410 | \nCVE-2018-0869 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n**Offensivecon 2018**\n\nIf you happen to be reading this and you\u2019re in Berlin, Germany, three members of our Zero Day Initiative team (Brian Gorenc, Abdul-Aziz Hariri and Jasiel Spelman) will be speaking later today at Offensivecon 2018, an international security conference that brings the hacker community together for networking and sharing knowledge. Their session, **_\u201cL'art de l'\u00e9vasion: Modern VMWare Exploitation Techniques,\u201d_** will dive into modern exploitation techniques of VMware vulnerabilities and take an in-depth look at the available attack surfaces on a virtual machine. Learn more by clicking here: <https://www.offensivecon.org/speakers/2018/zdi-team.html>\n\n**Zero-Day Filters**\n\nThere are 13 new zero-day filters covering five vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (5)_**\n\n| \n\n * 30359: ZDI-CAN-5381: Zero Day Initiative Vulnerability (Adobe Flash Player)\n * 30370: ZDI-CAN-5237: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 30371: ZDI-CAN-5238: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 30372: ZDI-CAN-5241: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 30373: ZDI-CAN-5291: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) \n---|--- \n| \n \n**_Delta (1)_**\n\n| \n\n * 30391: ZDI-CAN-5389: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor) \n---|--- \n| \n \n**_Foxit (3)_**\n\n| \n\n * 30355: ZDI-CAN-5376,5377: Zero Day Initiative Vulnerability (Foxit Reader)\n * 30358: ZDI-CAN-5379: Zero Day Initiative Vulnerability (Foxit Reader)\n * 30360: ZDI-CAN-5382: Zero Day Initiative Vulnerability (Foxit Reader) \n---|--- \n| \n \n**_Microsoft (1)_**\n\n| \n\n * 30357: ZDI-CAN-5378: Zero Day Initiative Vulnerability (Microsoft Windows) \n---|--- \n| \n \n**_OMRON (3)_**\n\n| \n\n * 30392: ZDI-CAN-5402: Zero Day Initiative Vulnerability (OMRON CX-One)\n * 30393: ZDI-CAN-5403: Zero Day Initiative Vulnerability (OMRON CX-One)\n * 30394: ZDI-CAN-5404: Zero Day Initiative Vulnerability (OMRON CX-One) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-february-5-2018/>).", "cvss3": {}, "published": "2018-02-16T13:00:28", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of February 12, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-0742", "CVE-2018-0755", "CVE-2018-0756", "CVE-2018-0757", "CVE-2018-0760", "CVE-2018-0761", "CVE-2018-0763", "CVE-2018-0771", "CVE-2018-0809", "CVE-2018-0810", "CVE-2018-0820", "CVE-2018-0821", "CVE-2018-0822", "CVE-2018-0823", "CVE-2018-0825", "CVE-2018-0826", "CVE-2018-0827", "CVE-2018-0828", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0831", "CVE-2018-0832", "CVE-2018-0833", "CVE-2018-0834", "CVE-2018-0835", "CVE-2018-0836", "CVE-2018-0837", "CVE-2018-0838", "CVE-2018-0839", "CVE-2018-0840", "CVE-2018-0841", "CVE-2018-0842", "CVE-2018-0843", "CVE-2018-0844", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0850", "CVE-2018-0851", "CVE-2018-0852", "CVE-2018-0853", "CVE-2018-0855", "CVE-2018-0856", "CVE-2018-0857", "CVE-2018-0858", "CVE-2018-0859", "CVE-2018-0860", "CVE-2018-0861", "CVE-2018-0864", "CVE-2018-0866", "CVE-2018-0869"], "modified": "2018-02-16T13:00:28", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-february-12-2018/", "id": "TRENDMICROBLOG:21BA30CBDC926C9B95A04B76A54421A4", "cvss": {"score": 0.0, "vector": "NONE"}}], "talosblog": [{"lastseen": "2018-02-13T22:41:41", "description": "Microsoft Patch Tuesday - February 2018 \n \nToday Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 of them rated important, and 2 of them rated Moderate. These vulnerabilities impact Outlook, Edge, Scripting Engine, App Container, Windows, and more. \n \n \n\n\n## Critical Vulnerabilities\n\n \nThis month, Microsoft is addressing 14 vulnerabilities that are rated \"critical.\" Talos believes one of these are notable and require prompt attention, detailed below. \n \n[CVE-2018-0852 - Microsoft Outlook Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852>) \n \nA remote code execution vulnerability has been identified in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. \n \nOther vulnerabilities deemed Critical are listed below: \n \n\n\n * [CVE-2018-0763 - Microsoft Edge Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0763>)\n * [CVE-2018-0825 - StructuredQuery Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0825>)\n * [CVE-2018-0834 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834>)\n * [CVE-2018-0835 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0835>)\n * [CVE-2018-0837 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837>)\n * [CVE-2018-0838 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0838>)\n * [CVE-2018-0840 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0840>)\n * [CVE-2018-0856 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0856>)\n * [CVE-2018-0857 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0857>)\n * [CVE-2018-0858 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0858>)\n * [CVE-2018-0859 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0859>)\n * [CVE-2018-0860 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0860>)\n * [CVE-2018-0861 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0861>)\n \n \n\n\n## Important Vulnerabilities\n\n \nThis month, Microsoft is addressing 38 vulnerabilities that are rated \"important.\" Talos believes one of these vulnerabilities is notable and requires prompt attention. These are detailed below. \n \n[CVE-2018-0850 - Microsoft Outlook Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850>) \n \nA elevation of privilege vulnerability has been identified in Microsoft Outlook that manifest when it initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email. \n \nOther vulnerabilities deemed Important are listed below: \n \n\n\n * [CVE-2018-0742 - Windows Kernel Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0742>)\n * [CVE-2018-0755 - Windows EOT Font Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0755>)\n * [CVE-2018-0756 - Windows Kernel Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0756>)\n * [CVE-2018-0757 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0757>)\n * [CVE-2018-0760 - Windows EOT Font Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0760>)\n * [CVE-2018-0761 - Windows EOT Font Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0761>)\n * [CVE-2018-0809 - Windows Kernel Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0809>)\n * [CVE-2018-0810 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0810>)\n * [CVE-2018-0820 - Windows Kernel Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820>)\n * [CVE-2018-0821 - Windows AppContainer Elevation Of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0821>)\n * [CVE-2018-0822 - Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822>)\n * [CVE-2018-0823 - Named Pipe File System Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0823>)\n * [CVE-2018-0826 - Windows Storage Services Elevation of Privilege Vulnerabil](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0826>)ity\n * [CVE-2018-0827 - Windows Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0827>)\n * [CVE-2018-0828 - Windows Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0828>)\n * [CVE-2018-0829 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0829>)\n * [CVE-2018-0830 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0830>)\n * [CVE-2018-0831 - Windows Kernel Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0831>)\n * [CVE-2018-0832 - Windows Kernel Information Disclosure Vulnerabilit](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0832>)y\n * [CVE-2018-0836 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0836>)\n * [CVE-2018-0839 - Microsoft Edge Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0839>)\n * [CVE-2018-0841 - Microsoft Excel Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0841>)\n * [CVE-2018-0842 - Windows Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0842>)\n * [CVE-2018-0843 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0843>)\n * [CVE-2018-0844 - Windows Common Log File System Driver Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844>)\n * [CVE-2018-0845 - Microsoft Office Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845>)\n * [CVE-2018-0846 - Windows Common Log File System Driver Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846>)\n * [CVE-2018-0847 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0847>)\n * [CVE-2018-0848 - Microsoft Office Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0848>)\n * [CVE-2018-0849 - Microsoft Office Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0849>)\n * [CVE-2018-0851 - Microsoft Office Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851>)\n * [CVE-2018-0853 - Microsoft Office Information Disclosure Vulnerab](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853>)ility\n * [CVE-2018-0855 - Windows EOT Font Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0855>)\n * [CVE-2018-0862 - Microsoft Office Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862>)\n * [CVE-2018-0864 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0864>)\n * [CVE-2018-0866 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0866>)\n * [CVE-2018-0869 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0869>)\n\n## Coverage\n\n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort Rules: \n \n\n\n * 45624-45637\n * 45649-45650\n * 45654-45657\n * 45659-45660\n * 45673-45674\n * 40691-40692 \n \n \n\n\n[](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=Z6-ikSNdAT8:SG64K_b0iSk:yIl2AUoC8zA>)\n\n", "cvss3": {}, "published": "2018-02-13T13:26:00", "type": "talosblog", "title": "Microsoft Patch Tuesday - February 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-0742", "CVE-2018-0755", "CVE-2018-0756", "CVE-2018-0757", "CVE-2018-0760", "CVE-2018-0761", "CVE-2018-0763", "CVE-2018-0809", "CVE-2018-0810", "CVE-2018-0820", "CVE-2018-0821", "CVE-2018-0822", "CVE-2018-0823", "CVE-2018-0825", "CVE-2018-0826", "CVE-2018-0827", "CVE-2018-0828", "CVE-2018-0829", "CVE-2018-0830", "CVE-2018-0831", "CVE-2018-0832", "CVE-2018-0834", "CVE-2018-0835", "CVE-2018-0836", "CVE-2018-0837", "CVE-2018-0838", "CVE-2018-0839", "CVE-2018-0840", "CVE-2018-0841", "CVE-2018-0842", "CVE-2018-0843", "CVE-2018-0844", "CVE-2018-0845", "CVE-2018-0846", "CVE-2018-0847", "CVE-2018-0848", "CVE-2018-0849", "CVE-2018-0850", "CVE-2018-0851", "CVE-2018-0852", "CVE-2018-0853", "CVE-2018-0855", "CVE-2018-0856", "CVE-2018-0857", "CVE-2018-0858", "CVE-2018-0859", "CVE-2018-0860", "CVE-2018-0861", "CVE-2018-0862", "CVE-2018-0864", "CVE-2018-0866", "CVE-2018-0869"], "modified": "2018-02-13T21:26:06", "id": "TALOSBLOG:87FD21E52374BD7C5F7C108EBB2E50F5", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/Z6-ikSNdAT8/ms-tuesday.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
