ID CVE-2018-8205 Type cve Reporter cve@mitre.org Modified 2020-08-24T17:37:00
Description
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
{"symantec": [{"lastseen": "2018-06-13T00:08:37", "bulletinFamily": "software", "cvelist": ["CVE-2018-8205"], "description": "### Description\n\nMicrosoft Windows is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause the target service to stop responding, denying service to legitimate users.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't required. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the potential impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for anomalous or suspicious activity. Monitor logs generated by NIDS and by the server itself for evidence of attacks against the server. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-06-12T00:00:00", "published": "2018-06-12T00:00:00", "id": "SMNTC-104391", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/104391", "type": "symantec", "title": "Microsoft Windows CVE-2018-8205 Local Denial of Service Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2020-09-02T11:52:41", "bulletinFamily": "info", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8224", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8207", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8225"], "description": "### *Detect date*:\n06/12/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges.\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2012 \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nInternet Explorer 10 \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2012 R2 \nWindows 10 Version 1803 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-0978](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0978>) \n[CVE-2018-8207](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8207>) \n[CVE-2018-8205](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8205>) \n[CVE-2018-8169](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8169>) \n[CVE-2018-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-1036>) \n[CVE-2018-8251](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8251>) \n[CVE-2018-8267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8267>) \n[CVE-2018-8224](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8224>) \n[CVE-2018-8225](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8225>) \n[CVE-2018-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-1040>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2018-8267](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8267>)0.0Unknown \n[CVE-2018-0978](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0978>)0.0Unknown \n[CVE-2018-1040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1040>)0.0Unknown \n[CVE-2018-8205](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8205>)0.0Unknown \n[CVE-2018-8169](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8169>)0.0Unknown \n[CVE-2018-8224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8224>)0.0Unknown \n[CVE-2018-1036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1036>)0.0Unknown \n[CVE-2018-8207](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8207>)0.0Unknown \n[CVE-2018-8251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8251>)0.0Unknown \n[CVE-2018-8225](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8225>)0.0Unknown\n\n### *KB list*:\n[4284867](<http://support.microsoft.com/kb/4284867>) \n[4284826](<http://support.microsoft.com/kb/4284826>) \n[4230450](<http://support.microsoft.com/kb/4230450>) \n[4230467](<http://support.microsoft.com/kb/4230467>) \n[4234459](<http://support.microsoft.com/kb/4234459>) \n[4294413](<http://support.microsoft.com/kb/4294413>)", "edition": 1, "modified": "2020-07-21T00:00:00", "published": "2018-06-12T00:00:00", "id": "KLA11892", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11892", "title": "\r KLA11892Multiple vulnerabilties in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:47:01", "bulletinFamily": "info", "cvelist": ["CVE-2018-8216", "CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8211", "CVE-2018-8215", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-8233", "CVE-2018-8208", "CVE-2018-8217", "CVE-2018-8226", "CVE-2018-8218", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8121", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8251", "CVE-2018-8140", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8214", "CVE-2018-8225", "CVE-2018-8175"], "description": "### *Detect date*:\n06/12/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information.\n\n### *Affected products*:\nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 \nWindows Server 2012 (Server Core installation) \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2016 \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows Server, version 1709 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-8140](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8140>) \n[CVE-2018-8226](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8226>) \n[CVE-2018-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-1040>) \n[CVE-2018-8212](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8212>) \n[CVE-2018-8201](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8201>) \n[CVE-2018-8205](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8205>) \n[CVE-2018-8221](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8221>) \n[CVE-2018-8213](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8213>) \n[CVE-2018-8219](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8219>) \n[CVE-2018-8217](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8217>) \n[CVE-2018-8210](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8210>) \n[CVE-2018-8233](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8233>) \n[CVE-2018-8169](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8169>) \n[CVE-2018-8239](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8239>) \n[CVE-2018-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-1036>) \n[CVE-2018-8121](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8121>) \n[CVE-2018-8231](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8231>) \n[CVE-2018-8207](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8207>) \n[CVE-2018-8251](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8251>) \n[CVE-2018-0982](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0982>) \n[CVE-2018-8215](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8215>) \n[CVE-2018-8211](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8211>) \n[CVE-2018-8214](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8214>) \n[CVE-2018-8218](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8218>) \n[CVE-2018-8225](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8225>) \n[CVE-2018-8209](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8209>) \n[CVE-2018-8208](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8208>) \n[CVE-2018-8175](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8175>) \n[CVE-2018-8216](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8216>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2018-8140](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8140>)0.0Unknown \n[CVE-2018-8226](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8226>)0.0Unknown \n[CVE-2018-1040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1040>)0.0Unknown \n[CVE-2018-8212](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8212>)0.0Unknown \n[CVE-2018-8201](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8201>)0.0Unknown \n[CVE-2018-8205](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8205>)0.0Unknown \n[CVE-2018-8221](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8221>)0.0Unknown \n[CVE-2018-8213](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8213>)0.0Unknown \n[CVE-2018-8219](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8219>)0.0Unknown \n[CVE-2018-8217](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8217>)0.0Unknown \n[CVE-2018-8210](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8210>)0.0Unknown \n[CVE-2018-8233](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8233>)0.0Unknown \n[CVE-2018-8169](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8169>)0.0Unknown \n[CVE-2018-8239](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8239>)0.0Unknown \n[CVE-2018-1036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1036>)0.0Unknown \n[CVE-2018-8121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8121>)0.0Unknown \n[CVE-2018-8231](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8231>)0.0Unknown \n[CVE-2018-8207](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8207>)0.0Unknown \n[CVE-2018-8251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8251>)0.0Unknown \n[CVE-2018-0982](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0982>)0.0Unknown \n[CVE-2018-8215](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8215>)0.0Unknown \n[CVE-2018-8211](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8211>)0.0Unknown \n[CVE-2018-8214](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8214>)0.0Unknown \n[CVE-2018-8218](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8218>)0.0Unknown \n[CVE-2018-8225](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8225>)0.0Unknown \n[CVE-2018-8209](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8209>)0.0Unknown \n[CVE-2018-8208](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8208>)0.0Unknown \n[CVE-2018-8175](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8175>)0.0Unknown \n[CVE-2018-8216](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8216>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4284860](<http://support.microsoft.com/kb/4284860>) \n[4284874](<http://support.microsoft.com/kb/4284874>) \n[4284835](<http://support.microsoft.com/kb/4284835>) \n[4284880](<http://support.microsoft.com/kb/4284880>) \n[4284819](<http://support.microsoft.com/kb/4284819>) \n[4284855](<http://support.microsoft.com/kb/4284855>) \n[4284815](<http://support.microsoft.com/kb/4284815>) \n[4284878](<http://support.microsoft.com/kb/4284878>) \n[4284846](<http://support.microsoft.com/kb/4284846>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 34, "modified": "2020-07-22T00:00:00", "published": "2018-06-12T00:00:00", "id": "KLA11266", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11266", "title": "\r KLA11266Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:45:10", "description": "The remote Windows host is missing security update 4284846\nor cumulative update 4284855. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)", "edition": 25, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "KB4284846: Windows Server 2012 June 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8225"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_JUN_4284855.NASL", "href": "https://www.tenable.com/plugins/nessus/110488", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110488);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0978\",\n \"CVE-2018-1036\",\n \"CVE-2018-1040\",\n \"CVE-2018-8169\",\n \"CVE-2018-8205\",\n \"CVE-2018-8207\",\n \"CVE-2018-8210\",\n \"CVE-2018-8225\",\n \"CVE-2018-8251\",\n \"CVE-2018-8267\"\n );\n script_bugtraq_id(\n 104356,\n 104360,\n 104364,\n 104379,\n 104389,\n 104391,\n 104395,\n 104398,\n 104404,\n 104407\n );\n script_xref(name:\"MSKB\", value:\"4284846\");\n script_xref(name:\"MSKB\", value:\"4284855\");\n script_xref(name:\"MSFT\", value:\"MS18-4284846\");\n script_xref(name:\"MSFT\", value:\"MS18-4284855\");\n\n script_name(english:\"KB4284846: Windows Server 2012 June 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4284846\nor cumulative update 4284855. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\");\n # https://support.microsoft.com/en-us/help/4284846/windows-server-2012-update-kb4284846\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eceb7954\");\n # https://support.microsoft.com/en-us/help/4284855/windows-server-2012-update-kb4284855\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2bb9819\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4284846 or Cumulative Update KB4284855.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8225\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4284846', '4284855');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"06_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4284846, 4284855])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:45:10", "description": "The remote Windows host is missing security update 4284878\nor cumulative update 4284815. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978,\n CVE-2018-8249)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)", "edition": 25, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "KB4284878: Windows 8.1 and Windows Server 2012 R2 June 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8169", "CVE-2018-8249", "CVE-2018-0978", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8225"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_JUN_4284815.NASL", "href": "https://www.tenable.com/plugins/nessus/110484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110484);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0978\",\n \"CVE-2018-1036\",\n \"CVE-2018-1040\",\n \"CVE-2018-8169\",\n \"CVE-2018-8205\",\n \"CVE-2018-8207\",\n \"CVE-2018-8210\",\n \"CVE-2018-8225\",\n \"CVE-2018-8249\",\n \"CVE-2018-8251\",\n \"CVE-2018-8267\"\n );\n script_bugtraq_id(\n 104356,\n 104360,\n 104363,\n 104364,\n 104379,\n 104389,\n 104391,\n 104395,\n 104398,\n 104404,\n 104407\n );\n script_xref(name:\"MSKB\", value:\"4284878\");\n script_xref(name:\"MSKB\", value:\"4284815\");\n script_xref(name:\"MSFT\", value:\"MS18-4284878\");\n script_xref(name:\"MSFT\", value:\"MS18-4284815\");\n\n script_name(english:\"KB4284878: Windows 8.1 and Windows Server 2012 R2 June 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4284878\nor cumulative update 4284815. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978,\n CVE-2018-8249)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\");\n # https://support.microsoft.com/en-us/help/4284878/windows-81-update-kb4284878\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?224e0ffb\");\n # https://support.microsoft.com/en-us/help/4284815/windows-81-update-kb4284815\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43458adc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4284878 or Cumulative Update KB4284815.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8225\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4284878', '4284815');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"06_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4284878, 4284815])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:45:10", "description": "The remote Windows host is missing security update 4284867\nor cumulative update 4284826. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8224)\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978,\n CVE-2018-8249)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)", "edition": 25, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "KB4284867: Windows 7 and Windows Server 2008 R2 June 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8224", "CVE-2018-8169", "CVE-2018-8249", "CVE-2018-0978", "CVE-2018-8207", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8225"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_JUN_4284826.NASL", "href": "https://www.tenable.com/plugins/nessus/110486", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110486);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0978\",\n \"CVE-2018-1036\",\n \"CVE-2018-1040\",\n \"CVE-2018-8169\",\n \"CVE-2018-8205\",\n \"CVE-2018-8207\",\n \"CVE-2018-8224\",\n \"CVE-2018-8225\",\n \"CVE-2018-8249\",\n \"CVE-2018-8251\",\n \"CVE-2018-8267\"\n );\n script_bugtraq_id(\n 104356,\n 104360,\n 104363,\n 104364,\n 104379,\n 104381,\n 104389,\n 104391,\n 104395,\n 104398,\n 104404\n );\n script_xref(name:\"MSKB\", value:\"4284826\");\n script_xref(name:\"MSKB\", value:\"4284867\");\n script_xref(name:\"MSFT\", value:\"MS18-4284826\");\n script_xref(name:\"MSFT\", value:\"MS18-4284867\");\n\n script_name(english:\"KB4284867: Windows 7 and Windows Server 2008 R2 June 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4284867\nor cumulative update 4284826. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8224)\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978,\n CVE-2018-8249)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\");\n # https://support.microsoft.com/en-us/help/4284826/windows-7-update-kb4284826\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1742ea55\");\n # https://support.microsoft.com/en-us/help/4284867/windows-7-update-kb4284867\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?835e04b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4284867 or Cumulative Update KB4284826.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8225\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4284826', '4284867');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"06_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4284826, 4284867])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:14", "description": "The remote Windows host is missing security update 4284860.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8236)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8229)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - An information disclosure vulnerability exists when\n Windows allows a normal user to access the Wireless LAN\n profile of an administrative user. An authenticated\n attacker who successfully exploited the vulnerability\n could access the Wireless LAN profile of an\n administrative user, including passwords for wireless\n networks. An attacker would need to log on to the\n affected system and run a specific command. The security\n update addresses the vulnerability by changing the way\n that Windows enforces access permissions to Wireless LAN\n profiles. (CVE-2018-8209)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8212, CVE-2018-8215,\n CVE-2018-8216, CVE-2018-8217, CVE-2018-8221)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)", "edition": 21, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "KB4284860: Windows 10 June 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8216", "CVE-2018-8205", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8217", "CVE-2018-8226", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8225"], "modified": "2018-06-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_JUN_4284860.NASL", "href": "https://www.tenable.com/plugins/nessus/110489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110489);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0978\",\n \"CVE-2018-1036\",\n \"CVE-2018-1040\",\n \"CVE-2018-8169\",\n \"CVE-2018-8201\",\n \"CVE-2018-8205\",\n \"CVE-2018-8207\",\n \"CVE-2018-8209\",\n \"CVE-2018-8210\",\n \"CVE-2018-8212\",\n \"CVE-2018-8213\",\n \"CVE-2018-8215\",\n \"CVE-2018-8216\",\n \"CVE-2018-8217\",\n \"CVE-2018-8221\",\n \"CVE-2018-8225\",\n \"CVE-2018-8226\",\n \"CVE-2018-8229\",\n \"CVE-2018-8231\",\n \"CVE-2018-8234\",\n \"CVE-2018-8235\",\n \"CVE-2018-8236\",\n \"CVE-2018-8251\",\n \"CVE-2018-8267\"\n );\n script_bugtraq_id(\n 104328,\n 104331,\n 104333,\n 104334,\n 104336,\n 104337,\n 104338,\n 104340,\n 104343,\n 104356,\n 104360,\n 104361,\n 104364,\n 104369,\n 104373,\n 104379,\n 104389,\n 104391,\n 104393,\n 104395,\n 104398,\n 104404,\n 104406,\n 104407\n );\n script_xref(name:\"MSKB\", value:\"4284860\");\n script_xref(name:\"MSFT\", value:\"MS18-4284860\");\n\n script_name(english:\"KB4284860: Windows 10 June 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4284860.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8236)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8229)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - An information disclosure vulnerability exists when\n Windows allows a normal user to access the Wireless LAN\n profile of an administrative user. An authenticated\n attacker who successfully exploited the vulnerability\n could access the Wireless LAN profile of an\n administrative user, including passwords for wireless\n networks. An attacker would need to log on to the\n affected system and run a specific command. The security\n update addresses the vulnerability by changing the way\n that Windows enforces access permissions to Wireless LAN\n profiles. (CVE-2018-8209)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8212, CVE-2018-8215,\n CVE-2018-8216, CVE-2018-8217, CVE-2018-8221)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\");\n # https://support.microsoft.com/en-us/help/4284860/windows-10-update-kb4284860\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?686a6741\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4284860.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8231\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4284860');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"06_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4284860])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:14", "description": "The remote Windows host is missing security update 4284880.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2018-8239)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8229)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - An information disclosure vulnerability exists when\n Windows allows a normal user to access the Wireless LAN\n profile of an administrative user. An authenticated\n attacker who successfully exploited the vulnerability\n could access the Wireless LAN profile of an\n administrative user, including passwords for wireless\n networks. An attacker would need to log on to the\n affected system and run a specific command. The security\n update addresses the vulnerability by changing the way\n that Windows enforces access permissions to Wireless LAN\n profiles. (CVE-2018-8209)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V instruction emulation fails to properly\n enforce privilege levels. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges on a target guest operating system. The host\n operating system is not vulnerable to this attack. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, the vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerability by correcting how privileges are\n enforced by Windows Hyper-V instruction emulation.\n (CVE-2018-8219)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8212, CVE-2018-8215,\n CVE-2018-8216, CVE-2018-8217, CVE-2018-8221)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8236)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0982)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-8208, CVE-2018-8214)", "edition": 21, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "KB4284880: Windows 10 Version 1607 and Windows Server 2016 June 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8216", "CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8208", "CVE-2018-8217", "CVE-2018-8226", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8214", "CVE-2018-8225"], "modified": "2018-06-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_JUN_4284880.NASL", "href": "https://www.tenable.com/plugins/nessus/110491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110491);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0978\",\n \"CVE-2018-0982\",\n \"CVE-2018-1036\",\n \"CVE-2018-1040\",\n \"CVE-2018-8169\",\n \"CVE-2018-8201\",\n \"CVE-2018-8205\",\n \"CVE-2018-8207\",\n \"CVE-2018-8208\",\n \"CVE-2018-8209\",\n \"CVE-2018-8210\",\n \"CVE-2018-8212\",\n \"CVE-2018-8213\",\n \"CVE-2018-8214\",\n \"CVE-2018-8215\",\n \"CVE-2018-8216\",\n \"CVE-2018-8217\",\n \"CVE-2018-8219\",\n \"CVE-2018-8221\",\n \"CVE-2018-8225\",\n \"CVE-2018-8226\",\n \"CVE-2018-8229\",\n \"CVE-2018-8231\",\n \"CVE-2018-8234\",\n \"CVE-2018-8235\",\n \"CVE-2018-8236\",\n \"CVE-2018-8239\",\n \"CVE-2018-8251\",\n \"CVE-2018-8267\"\n );\n script_bugtraq_id(\n 104328,\n 104331,\n 104333,\n 104334,\n 104336,\n 104337,\n 104338,\n 104340,\n 104343,\n 104353,\n 104356,\n 104360,\n 104361,\n 104364,\n 104369,\n 104373,\n 104379,\n 104382,\n 104389,\n 104391,\n 104392,\n 104393,\n 104394,\n 104395,\n 104398,\n 104401,\n 104404,\n 104406,\n 104407\n );\n script_xref(name:\"MSKB\", value:\"4284880\");\n script_xref(name:\"MSFT\", value:\"MS18-4284880\");\n\n script_name(english:\"KB4284880: Windows 10 Version 1607 and Windows Server 2016 June 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4284880.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2018-8239)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8229)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - An information disclosure vulnerability exists when\n Windows allows a normal user to access the Wireless LAN\n profile of an administrative user. An authenticated\n attacker who successfully exploited the vulnerability\n could access the Wireless LAN profile of an\n administrative user, including passwords for wireless\n networks. An attacker would need to log on to the\n affected system and run a specific command. The security\n update addresses the vulnerability by changing the way\n that Windows enforces access permissions to Wireless LAN\n profiles. (CVE-2018-8209)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V instruction emulation fails to properly\n enforce privilege levels. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges on a target guest operating system. The host\n operating system is not vulnerable to this attack. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, the vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerability by correcting how privileges are\n enforced by Windows Hyper-V instruction emulation.\n (CVE-2018-8219)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8212, CVE-2018-8215,\n CVE-2018-8216, CVE-2018-8217, CVE-2018-8221)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8236)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0982)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-8208, CVE-2018-8214)\");\n # https://support.microsoft.com/en-us/help/4284880/windows-10-update-kb4284880\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3dae2364\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4284880.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8231\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4284880');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"06_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4284880])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:14", "description": "The remote Windows host is missing security update 4284874.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8211, CVE-2018-8212,\n CVE-2018-8215, CVE-2018-8216, CVE-2018-8217,\n CVE-2018-8221)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2018-8239)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-8121)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8227, CVE-2018-8229)\n\n - An information disclosure vulnerability exists when\n Windows allows a normal user to access the Wireless LAN\n profile of an administrative user. An authenticated\n attacker who successfully exploited the vulnerability\n could access the Wireless LAN profile of an\n administrative user, including passwords for wireless\n networks. An attacker would need to log on to the\n affected system and run a specific command. The security\n update addresses the vulnerability by changing the way\n that Windows enforces access permissions to Wireless LAN\n profiles. (CVE-2018-8209)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V instruction emulation fails to properly\n enforce privilege levels. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges on a target guest operating system. The host\n operating system is not vulnerable to this attack. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, the vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerability by correcting how privileges are\n enforced by Windows Hyper-V instruction emulation.\n (CVE-2018-8219)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8236)\n\n - An information disclosure vulnerability exists when Edge\n improperly marks files. An attacker who successfully\n exploited this vulnerability could exfiltrate file\n contents from disk. For an attack to be successful, an\n attacker must persuade a user to open a malicious\n website. The security update addresses the vulnerability\n by properly marking files. (CVE-2018-0871)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A security feature bypass vulnerability exists in\n Internet Explorer that allows for bypassing Mark of the\n Web Tagging (MOTW). Failing to set the MOTW means that a\n large number of Microsoft security technologies are\n bypassed. (CVE-2018-8113)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0982)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-8208, CVE-2018-8214)", "edition": 21, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "KB4284874: Windows 10 Version 1703 June 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8216", "CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8211", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8208", "CVE-2018-8217", "CVE-2018-8226", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8121", "CVE-2018-8113", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8227", "CVE-2018-8214", "CVE-2018-8225", "CVE-2018-0871"], "modified": "2018-06-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_JUN_4284874.NASL", "href": "https://www.tenable.com/plugins/nessus/110490", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110490);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0871\",\n \"CVE-2018-0978\",\n \"CVE-2018-0982\",\n \"CVE-2018-1036\",\n \"CVE-2018-1040\",\n \"CVE-2018-8113\",\n \"CVE-2018-8121\",\n \"CVE-2018-8169\",\n \"CVE-2018-8201\",\n \"CVE-2018-8205\",\n \"CVE-2018-8207\",\n \"CVE-2018-8208\",\n \"CVE-2018-8209\",\n \"CVE-2018-8210\",\n \"CVE-2018-8211\",\n \"CVE-2018-8212\",\n \"CVE-2018-8213\",\n \"CVE-2018-8214\",\n \"CVE-2018-8215\",\n \"CVE-2018-8216\",\n \"CVE-2018-8217\",\n \"CVE-2018-8219\",\n \"CVE-2018-8221\",\n \"CVE-2018-8225\",\n \"CVE-2018-8226\",\n \"CVE-2018-8227\",\n \"CVE-2018-8229\",\n \"CVE-2018-8231\",\n \"CVE-2018-8234\",\n \"CVE-2018-8235\",\n \"CVE-2018-8236\",\n \"CVE-2018-8239\",\n \"CVE-2018-8251\",\n \"CVE-2018-8267\"\n );\n script_bugtraq_id(\n 104326,\n 104328,\n 104331,\n 104333,\n 104334,\n 104336,\n 104337,\n 104338,\n 104339,\n 104340,\n 104343,\n 104353,\n 104356,\n 104360,\n 104361,\n 104364,\n 104365,\n 104368,\n 104369,\n 104373,\n 104379,\n 104380,\n 104382,\n 104389,\n 104391,\n 104392,\n 104393,\n 104394,\n 104395,\n 104398,\n 104401,\n 104404,\n 104406,\n 104407\n );\n script_xref(name:\"MSKB\", value:\"4284874\");\n script_xref(name:\"MSFT\", value:\"MS18-4284874\");\n\n script_name(english:\"KB4284874: Windows 10 Version 1703 June 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4284874.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8211, CVE-2018-8212,\n CVE-2018-8215, CVE-2018-8216, CVE-2018-8217,\n CVE-2018-8221)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2018-8239)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-8121)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8227, CVE-2018-8229)\n\n - An information disclosure vulnerability exists when\n Windows allows a normal user to access the Wireless LAN\n profile of an administrative user. An authenticated\n attacker who successfully exploited the vulnerability\n could access the Wireless LAN profile of an\n administrative user, including passwords for wireless\n networks. An attacker would need to log on to the\n affected system and run a specific command. The security\n update addresses the vulnerability by changing the way\n that Windows enforces access permissions to Wireless LAN\n profiles. (CVE-2018-8209)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V instruction emulation fails to properly\n enforce privilege levels. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges on a target guest operating system. The host\n operating system is not vulnerable to this attack. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, the vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerability by correcting how privileges are\n enforced by Windows Hyper-V instruction emulation.\n (CVE-2018-8219)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8236)\n\n - An information disclosure vulnerability exists when Edge\n improperly marks files. An attacker who successfully\n exploited this vulnerability could exfiltrate file\n contents from disk. For an attack to be successful, an\n attacker must persuade a user to open a malicious\n website. The security update addresses the vulnerability\n by properly marking files. (CVE-2018-0871)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A security feature bypass vulnerability exists in\n Internet Explorer that allows for bypassing Mark of the\n Web Tagging (MOTW). Failing to set the MOTW means that a\n large number of Microsoft security technologies are\n bypassed. (CVE-2018-8113)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0982)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-8208, CVE-2018-8214)\");\n # https://support.microsoft.com/en-us/help/4284874/windows-10-update-kb4284874\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19db0c08\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4284874.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8231\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4284874');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"06_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4284874])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:13", "description": "The remote Windows host is missing security update 4284819.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-8218)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - An denial of service vulnerability exists when Windows\n NT WEBDAV Minirdr attempts to query a WEBDAV directory.\n An attacker who successfully exploited the vulnerability\n could cause a denial of service. (CVE-2018-8175)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2018-8239)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-8121)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8211, CVE-2018-8212,\n CVE-2018-8215, CVE-2018-8221)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - An Elevation of Privilege vulnerability exists when\n Cortana retrieves data from user input services without\n consideration for status. An attacker who successfully\n exploited the vulnerability could execute commands with\n elevated permissions. (CVE-2018-8140)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8227, CVE-2018-8229)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8111,\n CVE-2018-8236)\n\n - An information disclosure vulnerability exists when\n Windows allows a normal user to access the Wireless LAN\n profile of an administrative user. An authenticated\n attacker who successfully exploited the vulnerability\n could access the Wireless LAN profile of an\n administrative user, including passwords for wireless\n networks. An attacker would need to log on to the\n affected system and run a specific command. The security\n update addresses the vulnerability by changing the way\n that Windows enforces access permissions to Wireless LAN\n profiles. (CVE-2018-8209)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V instruction emulation fails to properly\n enforce privilege levels. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges on a target guest operating system. The host\n operating system is not vulnerable to this attack. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, the vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerability by correcting how privileges are\n enforced by Windows Hyper-V instruction emulation.\n (CVE-2018-8219)\n\n - An information disclosure vulnerability exists when Edge\n improperly marks files. An attacker who successfully\n exploited this vulnerability could exfiltrate file\n contents from disk. For an attack to be successful, an\n attacker must persuade a user to open a malicious\n website. The security update addresses the vulnerability\n by properly marking files. (CVE-2018-0871)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A security feature bypass vulnerability exists in\n Internet Explorer that allows for bypassing Mark of the\n Web Tagging (MOTW). Failing to set the MOTW means that a\n large number of Microsoft security technologies are\n bypassed. (CVE-2018-8113)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0982)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-8208, CVE-2018-8214)", "edition": 21, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "KB4284819: Windows 10 Version 1709 and Windows Server Version 1709 June 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8211", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8208", "CVE-2018-8226", "CVE-2018-8218", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8121", "CVE-2018-8113", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8140", "CVE-2018-8111", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8227", "CVE-2018-8214", "CVE-2018-8225", "CVE-2018-0871", "CVE-2018-8175"], "modified": "2018-06-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_JUN_4284819.NASL", "href": "https://www.tenable.com/plugins/nessus/110485", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110485);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0871\",\n \"CVE-2018-0978\",\n \"CVE-2018-0982\",\n \"CVE-2018-1036\",\n \"CVE-2018-1040\",\n \"CVE-2018-8111\",\n \"CVE-2018-8113\",\n \"CVE-2018-8121\",\n \"CVE-2018-8140\",\n \"CVE-2018-8169\",\n \"CVE-2018-8175\",\n \"CVE-2018-8201\",\n \"CVE-2018-8205\",\n \"CVE-2018-8207\",\n \"CVE-2018-8208\",\n \"CVE-2018-8209\",\n \"CVE-2018-8210\",\n \"CVE-2018-8211\",\n \"CVE-2018-8212\",\n \"CVE-2018-8213\",\n \"CVE-2018-8214\",\n \"CVE-2018-8215\",\n \"CVE-2018-8218\",\n \"CVE-2018-8219\",\n \"CVE-2018-8221\",\n \"CVE-2018-8225\",\n \"CVE-2018-8226\",\n \"CVE-2018-8227\",\n \"CVE-2018-8229\",\n \"CVE-2018-8231\",\n \"CVE-2018-8234\",\n \"CVE-2018-8235\",\n \"CVE-2018-8236\",\n \"CVE-2018-8239\",\n \"CVE-2018-8251\",\n \"CVE-2018-8267\"\n );\n script_bugtraq_id(\n 104326,\n 104328,\n 104331,\n 104333,\n 104335,\n 104336,\n 104338,\n 104339,\n 104340,\n 104343,\n 104353,\n 104354,\n 104356,\n 104359,\n 104360,\n 104361,\n 104364,\n 104365,\n 104368,\n 104369,\n 104373,\n 104379,\n 104380,\n 104382,\n 104389,\n 104391,\n 104392,\n 104393,\n 104394,\n 104395,\n 104398,\n 104401,\n 104402,\n 104404,\n 104406,\n 104407\n );\n script_xref(name:\"MSKB\", value:\"4284819\");\n script_xref(name:\"MSFT\", value:\"MS18-4284819\");\n\n script_name(english:\"KB4284819: Windows 10 Version 1709 and Windows Server Version 1709 June 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4284819.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-8218)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - An denial of service vulnerability exists when Windows\n NT WEBDAV Minirdr attempts to query a WEBDAV directory.\n An attacker who successfully exploited the vulnerability\n could cause a denial of service. (CVE-2018-8175)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2018-8239)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-8121)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8211, CVE-2018-8212,\n CVE-2018-8215, CVE-2018-8221)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - An Elevation of Privilege vulnerability exists when\n Cortana retrieves data from user input services without\n consideration for status. An attacker who successfully\n exploited the vulnerability could execute commands with\n elevated permissions. (CVE-2018-8140)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8227, CVE-2018-8229)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8111,\n CVE-2018-8236)\n\n - An information disclosure vulnerability exists when\n Windows allows a normal user to access the Wireless LAN\n profile of an administrative user. An authenticated\n attacker who successfully exploited the vulnerability\n could access the Wireless LAN profile of an\n administrative user, including passwords for wireless\n networks. An attacker would need to log on to the\n affected system and run a specific command. The security\n update addresses the vulnerability by changing the way\n that Windows enforces access permissions to Wireless LAN\n profiles. (CVE-2018-8209)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V instruction emulation fails to properly\n enforce privilege levels. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges on a target guest operating system. The host\n operating system is not vulnerable to this attack. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, the vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerability by correcting how privileges are\n enforced by Windows Hyper-V instruction emulation.\n (CVE-2018-8219)\n\n - An information disclosure vulnerability exists when Edge\n improperly marks files. An attacker who successfully\n exploited this vulnerability could exfiltrate file\n contents from disk. For an attack to be successful, an\n attacker must persuade a user to open a malicious\n website. The security update addresses the vulnerability\n by properly marking files. (CVE-2018-0871)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A security feature bypass vulnerability exists in\n Internet Explorer that allows for bypassing Mark of the\n Web Tagging (MOTW). Failing to set the MOTW means that a\n large number of Microsoft security technologies are\n bypassed. (CVE-2018-8113)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0982)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-8208, CVE-2018-8214)\");\n # https://support.microsoft.com/en-us/help/4284819/windows-10-update-kb4284819\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?21a2fb0a\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4284819.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8231\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4284819');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"06_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4284819])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:14", "description": "The remote Windows host is missing security update 4284835.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - An denial of service vulnerability exists when Windows\n NT WEBDAV Minirdr attempts to query a WEBDAV directory.\n An attacker who successfully exploited the vulnerability\n could cause a denial of service. (CVE-2018-8175)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2018-8239)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-8121)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8211, CVE-2018-8212,\n CVE-2018-8215, CVE-2018-8221)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - An Elevation of Privilege vulnerability exists when\n Cortana retrieves data from user input services without\n consideration for status. An attacker who successfully\n exploited the vulnerability could execute commands with\n elevated permissions. (CVE-2018-8140)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8233)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8227, CVE-2018-8229)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V instruction emulation fails to properly\n enforce privilege levels. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges on a target guest operating system. The host\n operating system is not vulnerable to this attack. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, the vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerability by correcting how privileges are\n enforced by Windows Hyper-V instruction emulation.\n (CVE-2018-8219)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8110,\n CVE-2018-8236)\n\n - An information disclosure vulnerability exists when Edge\n improperly marks files. An attacker who successfully\n exploited this vulnerability could exfiltrate file\n contents from disk. For an attack to be successful, an\n attacker must persuade a user to open a malicious\n website. The security update addresses the vulnerability\n by properly marking files. (CVE-2018-0871)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A security feature bypass vulnerability exists in\n Internet Explorer that allows for bypassing Mark of the\n Web Tagging (MOTW). Failing to set the MOTW means that a\n large number of Microsoft security technologies are\n bypassed. (CVE-2018-8113)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0982)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-8208, CVE-2018-8214)", "edition": 21, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "KB4284835: Windows 10 Version 1803 and Windows Server Version 1803 June 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8211", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-8233", "CVE-2018-0978", "CVE-2018-8208", "CVE-2018-8226", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8110", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8121", "CVE-2018-8113", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8140", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8227", "CVE-2018-8214", "CVE-2018-8225", "CVE-2018-0871", "CVE-2018-8175"], "modified": "2018-06-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_JUN_4284835.NASL", "href": "https://www.tenable.com/plugins/nessus/110487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110487);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0871\",\n \"CVE-2018-0978\",\n \"CVE-2018-0982\",\n \"CVE-2018-1036\",\n \"CVE-2018-1040\",\n \"CVE-2018-8110\",\n \"CVE-2018-8113\",\n \"CVE-2018-8121\",\n \"CVE-2018-8140\",\n \"CVE-2018-8169\",\n \"CVE-2018-8175\",\n \"CVE-2018-8201\",\n \"CVE-2018-8205\",\n \"CVE-2018-8207\",\n \"CVE-2018-8208\",\n \"CVE-2018-8210\",\n \"CVE-2018-8211\",\n \"CVE-2018-8212\",\n \"CVE-2018-8213\",\n \"CVE-2018-8214\",\n \"CVE-2018-8215\",\n \"CVE-2018-8219\",\n \"CVE-2018-8221\",\n \"CVE-2018-8225\",\n \"CVE-2018-8226\",\n \"CVE-2018-8227\",\n \"CVE-2018-8229\",\n \"CVE-2018-8231\",\n \"CVE-2018-8233\",\n \"CVE-2018-8234\",\n \"CVE-2018-8235\",\n \"CVE-2018-8236\",\n \"CVE-2018-8239\",\n \"CVE-2018-8251\",\n \"CVE-2018-8267\"\n );\n script_bugtraq_id(\n 104326,\n 104328,\n 104330,\n 104331,\n 104333,\n 104336,\n 104338,\n 104339,\n 104340,\n 104343,\n 104353,\n 104354,\n 104356,\n 104359,\n 104360,\n 104361,\n 104364,\n 104365,\n 104368,\n 104369,\n 104373,\n 104379,\n 104380,\n 104382,\n 104383,\n 104389,\n 104391,\n 104392,\n 104394,\n 104395,\n 104398,\n 104401,\n 104404,\n 104406,\n 104407\n );\n script_xref(name:\"MSKB\", value:\"4284835\");\n script_xref(name:\"MSFT\", value:\"MS18-4284835\");\n\n script_name(english:\"KB4284835: Windows 10 Version 1803 and Windows Server Version 1803 June 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4284835.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n (Human Interface Device) HID Parser Library driver\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2018-8169)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2018-8251)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8205)\n\n - An denial of service vulnerability exists when Windows\n NT WEBDAV Minirdr attempts to query a WEBDAV directory.\n An attacker who successfully exploited the vulnerability\n could cause a denial of service. (CVE-2018-8175)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2018-8239)\n\n - A remote code execution vulnerability exists when HTTP\n Protocol Stack (Http.sys) improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code and take\n control of the affected system. (CVE-2018-8231)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-8121)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8201, CVE-2018-8211, CVE-2018-8212,\n CVE-2018-8215, CVE-2018-8221)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8234)\n\n - An Elevation of Privilege vulnerability exists when\n Cortana retrieves data from user input services without\n consideration for status. An attacker who successfully\n exploited the vulnerability could execute commands with\n elevated permissions. (CVE-2018-8140)\n\n - A denial of service vulnerability exists in the HTTP 2.0\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP 2.0 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2018-8226)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8267)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8207)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8233)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-1036)\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the Local System\n Account. (CVE-2018-8225)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8235)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8227, CVE-2018-8229)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0978)\n\n - An elevation of privilege vulnerability exists when\n Windows Hyper-V instruction emulation fails to properly\n enforce privilege levels. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges on a target guest operating system. The host\n operating system is not vulnerable to this attack. This\n vulnerability by itself does not allow arbitrary code to\n be run. However, the vulnerability could be used in\n conjunction with one or more vulnerabilities (e.g. a\n remote code execution vulnerability and another\n elevation of privilege) that could take advantage of the\n elevated privileges when running. The update addresses\n the vulnerability by correcting how privileges are\n enforced by Windows Hyper-V instruction emulation.\n (CVE-2018-8219)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8110,\n CVE-2018-8236)\n\n - An information disclosure vulnerability exists when Edge\n improperly marks files. An attacker who successfully\n exploited this vulnerability could exfiltrate file\n contents from disk. For an attack to be successful, an\n attacker must persuade a user to open a malicious\n website. The security update addresses the vulnerability\n by properly marking files. (CVE-2018-0871)\n\n - A denial of service vulnerability exists in the way that\n the Windows Code Integrity Module performs hashing. An\n attacker who successfully exploited the vulnerability\n could cause a system to stop responding. Note that the\n denial of service condition would not allow an attacker\n to execute code or to elevate user privileges. However,\n the denial of service condition could prevent authorized\n users from using system resources. An attacker could\n host a specially crafted file in a website or SMB share.\n The attacker could also take advantage of compromised\n websites, or websites that accept or host user-provided\n content or advertisements, by adding specially crafted\n content that could exploit the vulnerability. However,\n in all cases an attacker would have no way to force\n users to view the attacker-controlled content. Instead,\n an attacker would have to convince users to take action,\n typically via an enticement in email or instant message,\n or by getting them to open an email attachment. The\n security update addresses the vulnerability by modifying\n how the Code Integrity Module performs hashing.\n (CVE-2018-1040)\n\n - A security feature bypass vulnerability exists in\n Internet Explorer that allows for bypassing Mark of the\n Web Tagging (MOTW). Failing to set the MOTW means that a\n large number of Microsoft security technologies are\n bypassed. (CVE-2018-8113)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2018-8210, CVE-2018-8213)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0982)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-8208, CVE-2018-8214)\");\n # https://support.microsoft.com/en-us/help/4284835/windows-10-update-kb4284835\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7614a17f\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4284835.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8231\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4284835');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"06_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4284835])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-08T13:29:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8169", "CVE-2018-8249", "CVE-2018-0978", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8225"], "description": "This host is missing an important security\n update according to Microsoft KB4284815", "modified": "2019-12-20T00:00:00", "published": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310813532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813532", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4284815)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4284815)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813532\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-0978\", \"CVE-2018-1036\", \"CVE-2018-1040\", \"CVE-2018-8169\",\n \"CVE-2018-8205\", \"CVE-2018-8207\", \"CVE-2018-8210\", \"CVE-2018-8225\",\n \"CVE-2018-8249\", \"CVE-2018-8251\", \"CVE-2018-8267\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 09:16:31 +0530 (Wed, 13 Jun 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4284815)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4284815\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to errors,\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Windows improperly handles objects in memory.\n\n - When the (Human Interface Device) HID Parser Library driver improperly handles\n objects in memory.\n\n - When NTFS improperly checks access.\n\n - In the way that the scripting engine handles objects in memory in Internet\n Explorer.\n\n - When Windows Media Foundation improperly handles objects in memory.\n\n - In Windows Domain Name System (DNS) DNSAPI.\n\n - In the way that the Windows Code Integrity Module performs hashing.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain elevated privileges, execute arbitrary code, install programs, view,\n change, or delete data or create new accounts with full user rights and create\n a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4284815\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"winload.efi\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.19035\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\winload.efi\",\n file_version:fileVer, vulnerable_range:\"Less than 6.3.9600.19035\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8224", "CVE-2018-8169", "CVE-2018-8249", "CVE-2018-0978", "CVE-2018-8207", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8225"], "description": "This host is missing a critical security\n update according to Microsoft KB4284826", "modified": "2020-06-04T00:00:00", "published": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310813533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813533", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4284826)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4284826)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813533\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0978\", \"CVE-2018-1036\", \"CVE-2018-1040\", \"CVE-2018-8169\",\n \"CVE-2018-8205\", \"CVE-2018-8207\", \"CVE-2018-8224\", \"CVE-2018-8225\",\n \"CVE-2018-8249\", \"CVE-2018-8251\", \"CVE-2018-8267\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 09:20:23 +0530 (Wed, 13 Jun 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4284826)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4284826\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to errors,\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Windows improperly handles objects in memory.\n\n - When the (Human Interface Device) HID Parser Library driver improperly handles\n objects in memory.\n\n - When NTFS improperly checks access.\n\n - When Windows Media Foundation improperly handles objects in memory.\n\n - In the way that the scripting engine handles objects in memory in Internet\n Explorer.\n\n - When the Windows kernel fails to properly handle objects in memory.\n\n - In Windows Domain Name System (DNS) DNSAPI.\n\n - In the way that the Windows Code Integrity Module performs hashing.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, run processes in\n an elevated context, inject code into a trusted PowerShell process, execute\n arbitrary code, read privileged data, force the browser to send restricted data,\n install programs and create a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4284826\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"appidsvc.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24150\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\appidsvc.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24150\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8216", "CVE-2018-8205", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8217", "CVE-2018-8226", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8225"], "description": "This host is missing a critical security\n update according to Microsoft KB4284860", "modified": "2020-06-04T00:00:00", "published": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310813529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813529", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4284860)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4284860)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813529\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0978\", \"CVE-2018-1036\", \"CVE-2018-1040\", \"CVE-2018-8169\",\n \"CVE-2018-8201\", \"CVE-2018-8205\", \"CVE-2018-8207\", \"CVE-2018-8209\",\n \"CVE-2018-8210\", \"CVE-2018-8212\", \"CVE-2018-8213\", \"CVE-2018-8215\",\n \"CVE-2018-8216\", \"CVE-2018-8217\", \"CVE-2018-8221\", \"CVE-2018-8225\",\n \"CVE-2018-8226\", \"CVE-2018-8229\", \"CVE-2018-8231\", \"CVE-2018-8234\",\n \"CVE-2018-8235\", \"CVE-2018-8236\", \"CVE-2018-8251\", \"CVE-2018-8267\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 09:08:36 +0530 (Wed, 13 Jun 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4284860)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4284860\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to errors,\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Windows improperly handles objects in memory.\n\n - When the (Human Interface Device) HID Parser Library driver improperly handles\n objects in memory.\n\n - When Windows allows a normal user to access the Wireless LAN profile of an\n administrative user.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - When Microsoft Edge improperly handles requests of different origins.\n\n - When Microsoft Edge improperly handles objects in memory.\n\n - When Windows Media Foundation improperly handles objects in memory.\n\n - In the way that the Windows Code Integrity Module performs hashing.\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When NTFS improperly checks access.\n\n - In the way that the Chakra scripting engine handles objects in memory in\n Microsoft Edge.\n\n - In the way that the scripting engine handles objects in memory in Internet\n Explorer.\n\n - In Windows Domain Name System (DNS) DNSAPI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, run processes in\n an elevated context, inject code into a trusted PowerShell process, execute\n arbitrary code, read privileged data, force the browser to send restricted data,\n interject cross-process communication, install programs, view, change, or delete\n data or create new accounts with full user rights and create a denial of service\n condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4284860\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17888\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.17888\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:28:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8216", "CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8211", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8208", "CVE-2018-8217", "CVE-2018-8226", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8214", "CVE-2018-8225"], "description": "This host is missing a critical security\n update according to Microsoft KB4284880", "modified": "2019-12-20T00:00:00", "published": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310813528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813528", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4284880)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4284880)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813528\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-0978\", \"CVE-2018-0982\", \"CVE-2018-1036\", \"CVE-2018-1040\",\n \"CVE-2018-8169\", \"CVE-2018-8201\", \"CVE-2018-8205\", \"CVE-2018-8207\",\n \"CVE-2018-8208\", \"CVE-2018-8209\", \"CVE-2018-8210\", \"CVE-2018-8211\",\n \"CVE-2018-8212\", \"CVE-2018-8213\", \"CVE-2018-8214\", \"CVE-2018-8215\",\n \"CVE-2018-8216\", \"CVE-2018-8217\", \"CVE-2018-8219\", \"CVE-2018-8221\",\n \"CVE-2018-8225\", \"CVE-2018-8226\", \"CVE-2018-8229\", \"CVE-2018-8231\",\n \"CVE-2018-8234\", \"CVE-2018-8235\", \"CVE-2018-8236\", \"CVE-2018-8239\",\n \"CVE-2018-8251\", \"CVE-2018-8267\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 09:07:28 +0530 (Wed, 13 Jun 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4284880)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4284880\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to errors,\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Windows improperly handles objects in memory.\n\n - When the (Human Interface Device) HID Parser Library driver improperly handles\n objects in memory.\n\n - In Device Guard that could allow an attacker to inject malicious code into a\n Windows PowerShell session.\n\n - In Windows when Desktop Bridge does not properly manage the virtual registry.\n\n - When Windows allows a normal user to access the Wireless LAN profile of an\n administrative user.\n\n - In the way that the Windows Code Integrity Module performs hashing.\n\n - When Microsoft Edge improperly handles requests of different origins.\n\n - In the way that the Windows Kernel API enforces permissions.\n\n - When Microsoft Edge improperly handles objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - When Windows Media Foundation improperly handles objects in memory.\n\n - When the Windows GDI component improperly discloses the contents of its\n memory.\n\n - When Windows Hyper-V instruction emulation fails to properly enforce privilege\n levels.\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When NTFS improperly checks access.\n\n - In the way that the Chakra scripting engine handles objects in memory in\n Microsoft Edge.\n\n - In the way that the scripting engine handles objects in memory in Internet\n Explorer.\n\n - In Windows Domain Name System (DNS) DNSAPI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, run processes in\n an elevated context, inject code into a trusted PowerShell process, execute\n arbitrary code, read privileged data, force the browser to send restricted data,\n interject cross-process communication, install programs, view, change, or delete\n data or create new accounts with full user rights and create a denial of service\n condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4284880\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2311\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2311\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8216", "CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8211", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8208", "CVE-2018-8217", "CVE-2018-8226", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8121", "CVE-2018-8113", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8227", "CVE-2018-8214", "CVE-2018-8225", "CVE-2018-0871"], "description": "This host is missing a critical security\n update according to Microsoft KB4284874", "modified": "2020-06-04T00:00:00", "published": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310813527", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813527", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4284874)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4284874)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813527\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0871\", \"CVE-2018-0978\", \"CVE-2018-0982\", \"CVE-2018-1036\",\n \"CVE-2018-1040\", \"CVE-2018-8113\", \"CVE-2018-8121\", \"CVE-2018-8169\",\n \"CVE-2018-8201\", \"CVE-2018-8205\", \"CVE-2018-8207\", \"CVE-2018-8208\",\n \"CVE-2018-8209\", \"CVE-2018-8210\", \"CVE-2018-8211\", \"CVE-2018-8212\",\n \"CVE-2018-8213\", \"CVE-2018-8214\", \"CVE-2018-8215\", \"CVE-2018-8216\",\n \"CVE-2018-8217\", \"CVE-2018-8219\", \"CVE-2018-8221\", \"CVE-2018-8225\",\n \"CVE-2018-8226\", \"CVE-2018-8227\", \"CVE-2018-8229\", \"CVE-2018-8231\",\n \"CVE-2018-8234\", \"CVE-2018-8235\", \"CVE-2018-8236\", \"CVE-2018-8239\",\n \"CVE-2018-8251\", \"CVE-2018-8267\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 09:06:23 +0530 (Wed, 13 Jun 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4284874)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4284874\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to errors,\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Windows improperly handles objects in memory.\n\n - When the (Human Interface Device) HID Parser Library driver improperly handles\n objects in memory.\n\n - In Device Guard that could allow an attacker to inject malicious code into a\n Windows PowerShell session.\n\n - In Windows when Desktop Bridge does not properly manage the virtual registry.\n\n - When Windows allows a normal user to access the Wireless LAN profile of an\n administrative user.\n\n - When the Windows kernel improperly initializes objects in memory.\n\n - In the way that the Windows Code Integrity Module performs hashing.\n\n - When Microsoft Edge improperly handles requests of different origins.\n\n - In the way that the Windows Kernel API enforces permissions.\n\n - When Microsoft Edge improperly handles objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - When Windows Media Foundation improperly handles objects in memory.\n\n - When the Windows GDI component improperly discloses the contents of its\n memory.\n\n - When Windows Hyper-V instruction emulation fails to properly enforce privilege\n levels.\n\n - In Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW).\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When NTFS improperly checks access.\n\n - When Edge improperly marks files.\n\n - In the way that the Chakra scripting engine handles objects in memory in\n Microsoft Edge.\n\n - In the way that the scripting engine handles objects in memory in Internet\n Explorer.\n\n - In Windows Domain Name System (DNS) DNSAPI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, run processes in\n an elevated context, inject code into a trusted PowerShell process, execute\n arbitrary code, read privileged data, force the browser to send restricted data,\n interject cross-process communication, install programs, view, change, or delete\n data or create new accounts with full user rights, create a denial of service\n condition and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4284874\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1154\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1154\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8211", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-8233", "CVE-2018-0978", "CVE-2018-8208", "CVE-2018-8226", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8110", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8121", "CVE-2018-8113", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8140", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8227", "CVE-2018-8214", "CVE-2018-1003", "CVE-2018-8225", "CVE-2018-0871", "CVE-2018-8175"], "description": "This host is missing a critical security\n update according to Microsoft KB4284835", "modified": "2020-06-04T00:00:00", "published": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310813530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813530", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4284835)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4284835)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813530\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0871\", \"CVE-2018-0978\", \"CVE-2018-0982\", \"CVE-2018-1036\",\n \"CVE-2018-1040\", \"CVE-2018-8110\", \"CVE-2018-8113\", \"CVE-2018-8121\",\n \"CVE-2018-8140\", \"CVE-2018-8169\", \"CVE-2018-8175\", \"CVE-2018-8201\",\n \"CVE-2018-8205\", \"CVE-2018-8207\", \"CVE-2018-8208\", \"CVE-2018-8210\",\n \"CVE-2018-8211\", \"CVE-2018-8212\", \"CVE-2018-8213\", \"CVE-2018-8214\",\n \"CVE-2018-8215\", \"CVE-2018-8219\", \"CVE-2018-8221\", \"CVE-2018-8225\",\n \"CVE-2018-8226\", \"CVE-2018-8227\", \"CVE-2018-8229\", \"CVE-2018-8231\",\n \"CVE-2018-8233\", \"CVE-2018-8234\", \"CVE-2018-8235\", \"CVE-2018-8236\",\n \"CVE-2018-8239\", \"CVE-2018-8251\", \"CVE-2018-8267\", \"CVE-2018-1003\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 09:09:57 +0530 (Wed, 13 Jun 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4284835)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4284835\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to errors,\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Windows improperly handles objects in memory.\n\n - When the (Human Interface Device) HID Parser Library driver improperly handles\n objects in memory.\n\n - In Device Guard that could allow an attacker to inject malicious code into a\n Windows PowerShell session.\n\n - In Windows when Desktop Bridge does not properly manage the virtual registry.\n\n - When Cortana retrieves data from user input services without consideration for\n status.\n\n - When the Windows kernel improperly initializes objects in memory.\n\n - In Windows when the Win32k component fails to properly handle objects in\n memory.\n\n - In the way that the Windows Code Integrity Module performs hashing.\n\n - When Microsoft Edge improperly handles requests of different origins.\n\n - In the way that the Windows Kernel API enforces permissions.\n\n - When Microsoft Edge improperly handles objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - When Windows Media Foundation improperly handles objects in memory.\n\n - When the Windows GDI component improperly discloses the contents of its\n memory.\n\n - When Windows Hyper-V instruction emulation fails to properly enforce privilege\n levels.\n\n - When Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory.\n\n - In Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW).\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When NTFS improperly checks access.\n\n - When Edge improperly marks files.\n\n - In the way that the Chakra scripting engine handles objects in memory in\n Microsoft Edge.\n\n - In the way that the scripting engine handles objects in memory in Internet\n Explorer.\n\n - In Windows Domain Name System (DNS) DNSAPI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, run processes in\n an elevated context, inject code into a trusted PowerShell process, execute\n arbitrary code, read privileged data, force the browser to send restricted data,\n interject cross-process communication, install programs, view, change, or delete\n data or create new accounts with full user rights and create a denial of service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1803 x32/x64-bit Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4284835\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.111\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.111\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8205", "CVE-2018-1036", "CVE-2018-0982", "CVE-2018-1040", "CVE-2018-8212", "CVE-2018-8211", "CVE-2018-8215", "CVE-2018-8229", "CVE-2018-8239", "CVE-2018-8219", "CVE-2018-8169", "CVE-2018-0978", "CVE-2018-8208", "CVE-2018-8226", "CVE-2018-8218", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8209", "CVE-2018-8221", "CVE-2018-8213", "CVE-2018-8234", "CVE-2018-8121", "CVE-2018-8113", "CVE-2018-8207", "CVE-2018-8210", "CVE-2018-8267", "CVE-2018-8251", "CVE-2018-8140", "CVE-2018-8111", "CVE-2018-8231", "CVE-2018-8201", "CVE-2018-8227", "CVE-2018-8214", "CVE-2018-8225", "CVE-2018-0871", "CVE-2018-8175"], "description": "This host is missing a critical security\n update according to Microsoft KB4284819", "modified": "2020-06-04T00:00:00", "published": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310813526", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813526", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4284819)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4284819)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813526\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0871\", \"CVE-2018-0978\", \"CVE-2018-0982\", \"CVE-2018-1036\",\n \"CVE-2018-1040\", \"CVE-2018-8111\", \"CVE-2018-8113\", \"CVE-2018-8121\",\n \"CVE-2018-8140\", \"CVE-2018-8169\", \"CVE-2018-8175\", \"CVE-2018-8201\",\n \"CVE-2018-8205\", \"CVE-2018-8207\", \"CVE-2018-8208\", \"CVE-2018-8209\",\n \"CVE-2018-8210\", \"CVE-2018-8211\", \"CVE-2018-8212\", \"CVE-2018-8213\",\n \"CVE-2018-8214\", \"CVE-2018-8215\", \"CVE-2018-8218\", \"CVE-2018-8219\",\n \"CVE-2018-8221\", \"CVE-2018-8225\", \"CVE-2018-8226\", \"CVE-2018-8227\",\n \"CVE-2018-8229\", \"CVE-2018-8231\", \"CVE-2018-8234\", \"CVE-2018-8235\",\n \"CVE-2018-8236\", \"CVE-2018-8239\", \"CVE-2018-8251\", \"CVE-2018-8267\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 09:05:09 +0530 (Wed, 13 Jun 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4284819)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4284819\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to errors,\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Windows improperly handles objects in memory.\n\n - When the (Human Interface Device) HID Parser Library driver improperly handles\n objects in memory.\n\n - In Device Guard that could allow an attacker to inject malicious code into a\n Windows PowerShell session.\n\n - In Windows when Desktop Bridge does not properly manage the virtual registry.\n\n - When Windows allows a normal user to access the Wireless LAN profile of an\n administrative user.\n\n - When Cortana retrieves data from user input services without consideration for\n status.\n\n - When the Windows kernel improperly initializes objects in memory.\n\n - In the way that the Windows Code Integrity Module performs hashing.\n\n - When Microsoft Edge improperly handles requests of different origins.\n\n - In the way that the Windows Kernel API enforces permissions.\n\n - When Microsoft Edge improperly handles objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - When Windows Media Foundation improperly handles objects in memory.\n\n - When HTTP Protocol Stack (Http.\n\n - When the Windows GDI component improperly discloses the contents of its\n memory.\n\n - When Windows Hyper-V instruction emulation fails to properly enforce privilege\n levels.\n\n - When Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory.\n\n - When Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - In Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW).\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When NTFS improperly checks access.\n\n - When Edge improperly marks files.\n\n - In the way that the Chakra scripting engine handles objects in memory in\n Microsoft Edge.\n\n - In the way that the scripting engine handles objects in memory in Internet\n Explorer.\n\n - In Windows Domain Name System (DNS) DNSAPI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, run processes in\n an elevated context, inject code into a trusted PowerShell process, execute\n arbitrary code, read privileged data, force the browser to send restricted data,\n interject cross-process communication, install programs, view, change, or delete\n data or create new accounts with full user rights and create a denial of service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1709 for x32/x64-bit Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4284819\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.491\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.491\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2018-07-10T22:29:40", "bulletinFamily": "blog", "cvelist": ["CVE-2018-0871", "CVE-2018-0978", "CVE-2018-0982", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8110", "CVE-2018-8111", "CVE-2018-8113", "CVE-2018-8121", "CVE-2018-8140", "CVE-2018-8169", "CVE-2018-8175", "CVE-2018-8201", "CVE-2018-8205", "CVE-2018-8207", "CVE-2018-8208", "CVE-2018-8209", "CVE-2018-8210", "CVE-2018-8211", "CVE-2018-8212", "CVE-2018-8213", "CVE-2018-8214", "CVE-2018-8215", "CVE-2018-8216", "CVE-2018-8217", "CVE-2018-8218", "CVE-2018-8219", "CVE-2018-8221", "CVE-2018-8224", "CVE-2018-8225", "CVE-2018-8226", "CVE-2018-8227", "CVE-2018-8229", "CVE-2018-8231", "CVE-2018-8233", "CVE-2018-8234", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8239", "CVE-2018-8243", "CVE-2018-8244", "CVE-2018-8245", "CVE-2018-8246", "CVE-2018-8247", "CVE-2018-8248", "CVE-2018-8249", "CVE-2018-8251", "CVE-2018-8252", "CVE-2018-8254", "CVE-2018-8267"], "description": "## Executive Summary\n\n \nMicrosoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 50 flaws, with 11 of them rated \"critical,\" and 39 rated \"important.\" These vulnerabilities impact Microsoft Edge, Internet Explorer, Chakra Scripting Engine, Windows DNSAPI, Microsoft Office, Windows Kernel and more. \n \nIn addition to the 50 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180014, the June 2018 Adobe Flash Security Update, which addresses the vulnerabilities described in the security bulletin. \n\n\n### Critical vulnerabilities\n\n \nThis month, Microsoft is addressing 11 vulnerabilities that are rated \"critical.\" Talos believes these three vulnerabilities in particular are notable and require prompt attention. \n \n[CVE-2018-8225 - Windows DNSAPI Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8225>) \n \nA remote code vulnerability is present within Windows DNS. This vulnerability manifests due to DNSAPI.dll improperly handling DNS responses. This vulnerability could allow a remote attacker to execute arbitrary code within the context of the LocalSystem account on affected systems. An attacker could leverage a malicious DNS server and send specially crafted DNS responses to trigger this vulnerability. \n \n[CVE-2018-8229 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229>) \n \nA remote code execution vulnerability is present within Microsoft Scripting Engine. This vulnerability manifests due to the Chakra engine improperly handling objects in memory. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability could be leveraged in web-based attacks where a user is convinced to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker controlled webpage, or simply a page that hosts external content, such as advertisements. \n \n[CVE-2018-8267 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8267>) \n \nA remote code execution vulnerability is present within Microsoft Scripting Engine. This vulnerability manifests due to scripting engine not properly handling objects in memory in Internet Explorer. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability was publicly disclosed prior to a patch being made available. \n \nOther vulnerabilities deemed \"critical\" are listed below: \n\n\n * [CVE-2018-8110 - Microsoft Edge Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8110>)\n * [CVE-2018-8111 - Microsoft Edge Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8111>)\n * [CVE-2018-8213 - Windows Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8213>)\n * [CVE-2018-8231 - HTTP Protocol Stack Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8231>)\n * [CVE-2018-8236 - Microsoft Edge Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8236>)\n * [CVE-2018-8243 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8243>)\n * [CVE-2018-8249 - Internet Explorer Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8249>)\n * [CVE-2018-8251 - Media Foundation Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251>)\n * [CVE-2018-8267 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8267>)\n\n### Important vulnerabilities\n\n \nThis month, Microsoft is addressing 39 vulnerabilities that are rated \"important.\" One of these vulnerabilities is TALOS-2018-0545, which was assigned [CVE-2018-8210](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8210>). This vulnerability is a Windows remote code execution flaw that was discovered by Marcin Noga of Cisco Talos. Additional information related to this vulnerability can be found in the advisory report [here](<https://www.talosintelligence.com/reports/TALOS-2018-0545>). \n \nAdditionally, Talos believes the following vulnerability is notable and requires prompt attention. \n \n[CVE-2018-8227 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8227>) \n \nA remote code execution vulnerability is present within the Microsoft Scripting Engine. This vulnerability manifests due to the Chakra engine improperly handling objects in memory. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability could be leveraged in web-based attacks where a user is convinced to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker controlled webpage, or simply a page that hosts external content, such as advertisements. \n \nOther vulnerabilities deemed \"important\" are listed below: \n\n\n * [CVE-2018-0871 - Microsoft Edge Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0871>)\n * [CVE-2018-0978 - Internet Explorer Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0978>)\n * [CVE-2018-0982 - Windows Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0982>)\n * [CVE-2018-1036 - NTFS Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1036>)\n * [CVE-2018-1040 - Windows Code Integrity Module Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1040>)\n * [CVE-2018-8113 - Internet Explorer Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8113>)\n * [CVE-2018-8121 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8121>)\n * [CVE-2018-8140 - Cortana Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8140>)\n * [CVE-2018-8169 - HIDParser Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169>)\n * [CVE-2018-8175 - WEBDAV Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8175>)\n * [CVE-2018-8201 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8201>)\n * [CVE-2018-8205 - Windows Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8205>)\n * [CVE-2018-8207 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8207>)\n * [CVE-2018-8208 - Windows Desktop Bridge Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8208>)\n * [CVE-2018-8209 - Windows Wireless Network Profile Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8209>)\n * [CVE-2018-8210 - Windows Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8210>)\n * [CVE-2018-8211 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211>)\n * [CVE-2018-8212 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8212>)\n * [CVE-2018-8214 - Windows Desktop Bridge Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8214>)\n * [CVE-2018-8215 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8215>)\n * [CVE-2018-8216 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8216>)\n * [CVE-2018-8217 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8217>)\n * [CVE-2018-8218 - Windows Hyper-V Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8218>)\n * [CVE-2018-8219 - Hypervisor Code Integrity Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8219>)\n * [CVE-2018-8221 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8221>)\n * [CVE-2018-8224 - Windows Kernel Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8224>)\n * [CVE-2018-8226 - HTTP.sys Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8226>)\n * [CVE-2018-8233 - Win32k Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8233>)\n * [CVE-2018-8234 - Microsoft Edge Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8234>)\n * [CVE-2018-8235 - Microsoft Edge Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8235>)\n * [CVE-2018-8239 - Windows GDI Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8239>)\n * [CVE-2018-8244 - Microsoft Outlook Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244>)\n * [CVE-2018-8245 - Microsoft Office Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245>)\n * [CVE-2018-8246 - Microsoft Excel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246>)\n * [CVE-2018-8247 - Microsoft Office Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247>)\n * [CVE-2018-8248 - Microsoft Excel Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8248>)\n * [CVE-2018-8252 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252>)\n * [CVE-2018-8254 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254>)\n\n### Coverage\n\n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detects attempts to exploit them. Please note that additional rules may be released in the future, and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \n**Snort Rules:** \n\n\n * 45628, 46927 - 46930, 46933 - 46935, 46938 - 46945, 46951 - 46958, 46961 - 46962\n", "modified": "2018-06-19T18:44:24", "published": "2018-06-12T11:58:00", "id": "TALOSBLOG:30BC73E0EDF7739A87A63A99D8A6E0D4", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/jJACfZt8sFk/ms-tuesday.html", "type": "talosblog", "title": "Microsoft Patch Tuesday - June 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2018-06-19T08:13:49", "bulletinFamily": "blog", "cvelist": ["CVE-2018-0871", "CVE-2018-0978", "CVE-2018-0982", "CVE-2018-1036", "CVE-2018-1040", "CVE-2018-8110", "CVE-2018-8111", "CVE-2018-8113", "CVE-2018-8121", "CVE-2018-8140", "CVE-2018-8169", "CVE-2018-8175", "CVE-2018-8201", "CVE-2018-8205", "CVE-2018-8207", "CVE-2018-8208", "CVE-2018-8209", "CVE-2018-8210", "CVE-2018-8211", "CVE-2018-8212", "CVE-2018-8213", "CVE-2018-8214", "CVE-2018-8215", "CVE-2018-8216", "CVE-2018-8217", "CVE-2018-8218", "CVE-2018-8219", "CVE-2018-8221", "CVE-2018-8224", "CVE-2018-8225", "CVE-2018-8226", "CVE-2018-8227", "CVE-2018-8229", "CVE-2018-8231", "CVE-2018-8233", "CVE-2018-8234", "CVE-2018-8235", "CVE-2018-8236", "CVE-2018-8239", "CVE-2018-8243", "CVE-2018-8244", "CVE-2018-8245", "CVE-2018-8246", "CVE-2018-8247", "CVE-2018-8248", "CVE-2018-8249", "CVE-2018-8251", "CVE-2018-8252", "CVE-2018-8254", "CVE-2018-8267"], "description": "\n\nAs a native Texan, I\u2019ve seen more than my fair share of bugs - actual physical bugs that love the hot, humid Texas climate and my curly hair for some reason. The Zero Day Initiative (ZDI) sees many bugs (of the software variety), including those that affect SCADA control systems. Fritz Sands recently walked through a deep dive into an attack on a remote procedure call (RPC) interface based on the proofs of concept from Advantech vulnerability submissions to ZDI. While Advantech\u2019s products focus on Internet of Things (IoT) and Industrial IoT, the use of RPC interfaces isn\u2019t limited to SCADA. Their use is more prevalent than you think. So if you want to get an understanding of RPC interfaces and hone your skills, you can go down the rabbit hole with Fritz and get the full details [here](<https://www.zerodayinitiative.com/blog/2018/6/7/down-the-rabbit-hole-a-deep-dive-into-an-attack-on-an-rpc-interface>).\n\n**Microsoft Security Updates**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before June 12, 2018. This month, Microsoft released 50 security patches covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V Server, Windows, and Microsoft Office and Office Services. Of the 50 CVEs, 11 are listed as Critical and 39 are rated Important. Five of the CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [June 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/6/12/the-june-2018-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0871 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0978 | 32124 | \nCVE-2018-0982 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1036 | 32162 | \nCVE-2018-1040 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8110 | 32026 | \nCVE-2018-8111 | 32027 | \nCVE-2018-8113 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8121 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8140 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8169 | 32164 | \nCVE-2018-8175 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8201 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8205 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8207 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8208 | 32126 | \nCVE-2018-8209 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8210 | 32028 | \nCVE-2018-8211 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8212 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8213 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8214 | 32127 | \nCVE-2018-8215 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8216 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8217 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8218 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8219 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8221 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8224 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8225 | 32029 | \nCVE-2018-8226 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8227 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8229 | 32030 | \nCVE-2018-8231 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8233 | 32034 | \nCVE-2018-8234 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8235 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8236 | 32054 | \nCVE-2018-8239 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8243 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8244 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8245 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8246 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8247 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8248 | 32032 | \nCVE-2018-8249 | 32038 | \nCVE-2018-8251 | 32068 | \nCVE-2018-8252 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8254 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8267 | 32065 | \n \n \n\n**Zero-Day Filters**\n\nThere are six new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Foxit (2)_**\n\n| \n\n * 31967: HTTP: Foxit Reader resolveNode Use-After-Free Vulnerability (ZDI-18-339)\n * 31969: HTTP: Foxit Reader boundItem Use-After-Free Vulnerability (ZDI-18-353) \n---|--- \n| \n \n**_Microsoft (3)_**\n\n| \n\n * 31953: HTTP: Microsoft Windows VBScript Join Function Memory Corruption Vulnerability (ZDI-18-297)\n * 31955: HTTP: Microsoft Windows Font Memory Corruption Vulnerability (ZDI-18-293)\n * 31970: HTTP: Microsoft Windows JScript defineProperty Use-After-Free Vulnerability (ZDI-18-298) \n---|--- \n| \n \n**_OMRON (1)_**\n\n| \n\n * 31965: HTTP: OMRON CX-Supervisor SCS File Parsing Buffer Overflow Vulnerability (ZDI-18-261) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-june-4-2018/>).\n\nThe post [TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 11, 2018](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-june-11-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "modified": "2018-06-15T12:39:57", "published": "2018-06-15T12:39:57", "id": "TRENDMICROBLOG:F2BD1E9071121715A43D46B35B2E97A7", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-june-11-2018/", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 11, 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
