ID CVE-2018-8512 Type cve Reporter cve@mitre.org Modified 2018-12-06T13:30:00
Description
A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.
{"symantec": [{"lastseen": "2018-10-10T00:02:07", "bulletinFamily": "software", "cvelist": ["CVE-2018-8512"], "description": "### Description\n\nMicrosoft Edge is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-10-09T00:00:00", "published": "2018-10-09T00:00:00", "id": "SMNTC-105486", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105486", "type": "symantec", "title": "Microsoft Edge CVE-2018-8512 Security Bypass Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:17", "bulletinFamily": "info", "cvelist": ["CVE-2018-8511", "CVE-2018-8500", "CVE-2018-8503", "CVE-2018-8513", "CVE-2018-8473", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8491", "CVE-2018-8512", "CVE-2018-8530", "CVE-2018-8510", "CVE-2018-8509"], "description": "### *Detect date*:\n10/09/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.\n\n### *Affected products*:\nChakraCore \nInternet Explorer 11 \nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-8510](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8510>) \n[CVE-2018-8503](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8503>) \n[CVE-2018-8473](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8473>) \n[CVE-2018-8511](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8511>) \n[CVE-2018-8505](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8505>) \n[CVE-2018-8513](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8513>) \n[CVE-2018-8512](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8512>) \n[CVE-2018-8491](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8491>) \n[CVE-2018-8460](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8460>) \n[CVE-2018-8530](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8530>) \n[CVE-2018-8509](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8509>) \n[CVE-2018-8500](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8500>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2018-8500](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8500>)0.0Unknown \n[CVE-2018-8510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8510>)0.0Unknown \n[CVE-2018-8503](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8503>)0.0Unknown \n[CVE-2018-8473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8473>)0.0Unknown \n[CVE-2018-8511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8511>)0.0Unknown \n[CVE-2018-8505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8505>)0.0Unknown \n[CVE-2018-8513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8513>)0.0Unknown \n[CVE-2018-8512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8512>)0.0Unknown \n[CVE-2018-8491](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8491>)0.0Unknown \n[CVE-2018-8460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8460>)0.0Unknown \n[CVE-2018-8530](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8530>)0.0Unknown \n[CVE-2018-8509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8509>)0.0Unknown\n\n### *KB list*:\n[4462917](<http://support.microsoft.com/kb/4462917>) \n[4462918](<http://support.microsoft.com/kb/4462918>) \n[4462923](<http://support.microsoft.com/kb/4462923>) \n[4462919](<http://support.microsoft.com/kb/4462919>) \n[4464330](<http://support.microsoft.com/kb/4464330>) \n[4462937](<http://support.microsoft.com/kb/4462937>) \n[4462922](<http://support.microsoft.com/kb/4462922>) \n[4462926](<http://support.microsoft.com/kb/4462926>) \n[4462949](<http://support.microsoft.com/kb/4462949>)\n\n### *Microsoft official advisories*:", "edition": 25, "modified": "2020-07-22T00:00:00", "published": "2018-10-09T00:00:00", "id": "KLA11331", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11331", "title": "\r KLA11331Multiple vulnerabilities in Microsoft Browsers ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:06:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8495", "CVE-2018-8472", "CVE-2018-8512", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8530", "CVE-2018-8453", "CVE-2018-8490", "CVE-2018-8411"], "description": "This host is missing a critical security\n update according to Microsoft KB4462937", "modified": "2020-06-04T00:00:00", "published": "2018-10-10T00:00:00", "id": "OPENVAS:1361412562310814082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814082", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462937)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462937)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814082\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-8495\", \"CVE-2018-8497\", \"CVE-2018-8503\", \"CVE-2018-8505\",\n \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\", \"CVE-2018-8413\",\n \"CVE-2018-8423\", \"CVE-2018-8453\", \"CVE-2018-8460\", \"CVE-2018-8472\",\n \"CVE-2018-8481\", \"CVE-2018-8482\", \"CVE-2018-8484\", \"CVE-2018-8486\",\n \"CVE-2018-8489\", \"CVE-2018-8490\", \"CVE-2018-8491\", \"CVE-2018-8492\",\n \"CVE-2018-8493\", \"CVE-2018-8494\", \"CVE-2018-8512\", \"CVE-2018-8530\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 10:00:23 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462937)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462937\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Media Player improperly discloses file information.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Microsoft Edge improperly handles requests of different origins.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\n\n - Edge Content Security Policy (CSP) fails to properly validate certain specially\n crafted documents.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - Windows Kernel improperly handles objects in memory.\n\n - Windows Shell improperly handles URIs.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - An input validation error in Device Guard.\n\n - Filter Manager improperly handles objects in memory.\n\n\n - Windows kernel improperly handles objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, bypass security restrictions, gain the same user rights as\n the current user, obtain information to further compromise the user's system,\n improperly discloses file information and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462937\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1386\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1386\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8495", "CVE-2018-8472", "CVE-2018-8512", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8530", "CVE-2018-8453", "CVE-2018-8506", "CVE-2018-8490", "CVE-2018-8509", "CVE-2018-8411", "CVE-2018-8320"], "description": "This host is missing a critical security\n update according to Microsoft KB4462918", "modified": "2020-06-04T00:00:00", "published": "2018-10-10T00:00:00", "id": "OPENVAS:1361412562310814079", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814079", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462918)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462918)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814079\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-8494\", \"CVE-2018-8495\", \"CVE-2018-8497\", \"CVE-2018-8503\",\n \"CVE-2018-8320\", \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\",\n \"CVE-2018-8413\", \"CVE-2018-8423\", \"CVE-2018-8453\", \"CVE-2018-8460\",\n \"CVE-2018-8472\", \"CVE-2018-8481\", \"CVE-2018-8482\", \"CVE-2018-8484\",\n \"CVE-2018-8486\", \"CVE-2018-8489\", \"CVE-2018-8490\", \"CVE-2018-8491\",\n \"CVE-2018-8492\", \"CVE-2018-8493\", \"CVE-2018-8505\", \"CVE-2018-8506\",\n \"CVE-2018-8509\", \"CVE-2018-8512\", \"CVE-2018-8530\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 09:07:36 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462918)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462918\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Media Player improperly discloses file information.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Microsoft Edge improperly handles requests of different origins.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\n\n - Edge Content Security Policy (CSP) fails to properly validate certain specially\n crafted documents.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - Windows Kernel improperly handles objects in memory.\n\n - Windows Shell improperly handles URIs.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - An improper input validation in Device Guard.\n\n - Filter Manager improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Microsoft Windows Codecs Library improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, bypass security restrictions, gain the same user\n rights as the current user, determine the presence of files on disk, escalate\n privileges and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462918\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.725\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.725\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-08-19T05:13:23", "description": "The remote Windows host is missing security update 4462937.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2018-8512)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - A remote code execution vulnerability exists when\n Windows Shell improperly handles URIs. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8495)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-09T00:00:00", "title": "KB4462937: Windows 10 Version 1703 October 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8495", "CVE-2018-8472", "CVE-2018-8512", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8530", "CVE-2018-8453", "CVE-2018-8490", "CVE-2018-8411"], "modified": "2018-10-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_OCT_4462937.NASL", "href": "https://www.tenable.com/plugins/nessus/118004", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118004);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8490\",\n \"CVE-2018-8491\",\n \"CVE-2018-8492\",\n \"CVE-2018-8493\",\n \"CVE-2018-8494\",\n \"CVE-2018-8495\",\n \"CVE-2018-8497\",\n \"CVE-2018-8503\",\n \"CVE-2018-8505\",\n \"CVE-2018-8512\",\n \"CVE-2018-8530\"\n );\n script_bugtraq_id(105477, 105478);\n script_xref(name:\"MSKB\", value:\"4462937\");\n script_xref(name:\"MSFT\", value:\"MS18-4462937\");\n\n script_name(english:\"KB4462937: Windows 10 Version 1703 October 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462937.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2018-8512)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - A remote code execution vulnerability exists when\n Windows Shell improperly handles URIs. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8495)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)\");\n # https://support.microsoft.com/en-us/help/4462937/windows-10-update-kb4462937\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?035901c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4462937.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462937');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462937])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:23", "description": "The remote Windows host is missing security update 4462918.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8509)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Information Disclosure vulnerability exists in the\n way that Microsoft Windows Codecs Library handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. Exploitation of the\n vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2018-8506)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2018-8512)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n Windows Shell improperly handles URIs. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8495)", "edition": 22, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-09T00:00:00", "title": "KB4462918: Windows 10 Version 1709 and Windows Server Version 1709 October 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8495", "CVE-2018-8472", "CVE-2018-8512", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8530", "CVE-2018-8453", "CVE-2018-8506", "CVE-2018-8490", "CVE-2018-8509", "CVE-2018-8411", "CVE-2018-8320"], "modified": "2018-10-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_OCT_4462918.NASL", "href": "https://www.tenable.com/plugins/nessus/117998", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117998);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8490\",\n \"CVE-2018-8491\",\n \"CVE-2018-8492\",\n \"CVE-2018-8493\",\n \"CVE-2018-8494\",\n \"CVE-2018-8495\",\n \"CVE-2018-8497\",\n \"CVE-2018-8503\",\n \"CVE-2018-8505\",\n \"CVE-2018-8506\",\n \"CVE-2018-8509\",\n \"CVE-2018-8512\",\n \"CVE-2018-8530\"\n );\n script_bugtraq_id(105477, 105478);\n script_xref(name:\"MSKB\", value:\"4462918\");\n script_xref(name:\"MSFT\", value:\"MS18-4462918\");\n\n script_name(english:\"KB4462918: Windows 10 Version 1709 and Windows Server Version 1709 October 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462918.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8509)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Information Disclosure vulnerability exists in the\n way that Microsoft Windows Codecs Library handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. Exploitation of the\n vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2018-8506)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2018-8512)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n Windows Shell improperly handles URIs. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8495)\");\n # https://support.microsoft.com/en-us/help/4462918/windows-10-update-kb4462918\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cb51c9ad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4462918.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462918');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462918])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2018-10-10T14:22:46", "bulletinFamily": "blog", "cvelist": ["CVE-2010-3190", "CVE-2018-8265", "CVE-2018-8320", "CVE-2018-8329", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8427", "CVE-2018-8432", "CVE-2018-8448", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8473", "CVE-2018-8480", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8488", "CVE-2018-8489", "CVE-2018-8490", "CVE-2018-8491", "CVE-2018-8492", "CVE-2018-8493", "CVE-2018-8494", "CVE-2018-8495", "CVE-2018-8497", "CVE-2018-8498", "CVE-2018-8500", "CVE-2018-8501", "CVE-2018-8502", "CVE-2018-8503", "CVE-2018-8504", "CVE-2018-8505", "CVE-2018-8506", "CVE-2018-8509", "CVE-2018-8510", "CVE-2018-8511", "CVE-2018-8512", "CVE-2018-8513", "CVE-2018-8518", "CVE-2018-8527", "CVE-2018-8530", "CVE-2018-8531", "CVE-2018-8532", "CVE-2018-8533"], "description": "Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated \"critical,\" 34 that are rated \"important,\u201d two that are considered to have \u201cmoderate\u201d severity and one that\u2019s rated as \u201clow.\u201d \n \nThe advisories cover bugs in the Chakra scripting engine, the Microsoft Edge internet browser and the Microsoft Office suite of products, among other software. \n \nThis update also includes a critical advisory that covers updates to the [Microsoft Office suite of products](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180026>). \n \nPlease visit the SNORT\u24c7 blog [here](<https://blog.snort.org/2018/10/snort-rule-update-for-oct-9-microsoft.html>) if you would like to know more about the coverage we have for these vulnerabilities. \n**Critical vulnerabilities** \n \nMicrosoft has disclosed 12 critical vulnerabilities this month, which we will highlight below. \n \n[CVE-2018-8491](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8491>), [CVE-2018-8460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8460>) and [CVE-2018-8509](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8509>) are memory corruption vulnerabilities in the Internet Explorer web browser. In both cases, an attacker needs to trick the user into visiting a specially crafted, malicious website that can corrupt the browser\u2019s memory, allowing for remote code execution in the context of the current user. This class of vulnerabilities is especially dangerous since a spam campaign can be used to trick the user while hiding the attack from network protections with HTTPS. \n \n[CVE-2018-8473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8473>) is a remote code execution vulnerability in Microsoft Edge. The bug lies in the way the web browser accesses objects in memory. An attacker could trick a user into visiting a malicious website or take advantage of a website that accepts user-created content or advertisements in order to exploit this vulnerability. \n \n[CVE-2018-8513](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8513>), [CVE-2018-8500](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8500>), [CVE-2018-8511](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8511>), [CVE-2018-8505](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8505>) and [CVE-2018-8510](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8510>) are memory corruption vulnerabilities in the Chakra scripting engine that affects a variety of products. In all cases, an attacker could exploit these vulnerabilities to execute code on the system in the context of the current user and completely take over the system. This class of vulnerabilities is especially dangerous since a spam campaign can be used to trick the user while hiding the attack from network protections with HTTPS. \n \n[CVE-2018-8494](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8494>) is a remote code execution vulnerability that exists when the MSXML parser in Microsoft XML Core Services processes user input. An attacker can exploit this bug by invoking MSXML through a web browser on a specially crafted website. The user also needs to convince the user to open the web page. \n \n[CVE-2018-8490](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8490>) and [CVE-2018-8489](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8489>) are remote code execution vulnerabilities in the Windows Hyper-V hypervisor. The bugs lie in the way the host server on Hyper-V fails to properly validate input from an authenticated user on a guest operating system. An attacker could exploit these vulnerabilities by running a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. \n \n**Important vulnerabilities** \n \nThere are also 34 important vulnerabilities in this release. We would like to specifically highlight 22 of them. \n \n[CVE-2018-8512](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512>) is a security feature bypass vulnerability in Microsoft Edge. The web browser improperly validates certain specially crafted documents in the Edge Content Security Policy (CSP), which could allow an attacker to trick a user into loading a malicious page. \n \n[CVE-2018-8448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448>) is an elevation of privilege vulnerability in the Microsoft Exchange email server. The bug exists in the way that Exchange Outlook Web Access improperly handles web requests. An attacker could exploit this vulnerability by performing script or content injection attacks that trick the user into disclosing sensitive information. They could also trick the user into providing login credentials via social engineering in an email or chat client. \n \n[CVE-2018-8453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453>) is an elevation of privilege vulnerability in the Windows operating system that occurs when the Win32k component improperly handles objects in memory. An attacker could obtain the ability to run arbitrary code in kernel mode by logging onto the system and then run a specially crafted application. \n \n[CVE-2018-8484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8484>) is an elevation of privilege vulnerability in the DirectX Graphics Kernel driver that exists when the driver improperly handles objects in memory. An attacker could log onto the system and execute a specially crafted application to exploit this bug and run processes in an elevated context. \n \n[CVE-2018-8423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423>) is a remote code execution vulnerability in the Microsoft JET Database Engine that could allow an attacker to take control of an affected system. A user must open or import a specially crafted Microsoft JET Database Engine file on the system in order to exploit this bug. They could also trick a user into opening a malicious file via email. \n \n[CVE-2018-8502](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8502>) is a security feature bypass vulnerability in Microsoft Excel when the software fails to properly handle objects in protected view. An attacker could execute arbitrary code in the context of the current user if they convince the user to open a specially crafted, malicious Excel document via email or on a web page. This bug cannot be exploited if the user opens the Excel file in just the preview pane. \n \n[CVE-2018-8501](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8501>) is a security feature bypass vulnerability in Microsoft PowerPoint. The bug exists when the software improperly handles objects in protected view. An attacker can execute arbitrary code in the context of the current user if they convince the user to open a specially crafted PowerPoint file. This bug cannot be exploited if the user only opens the file in preview mode. \n \n[CVE-2018-8432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432>) is a remote code execution vulnerability that lies in the way Microsoft Graphics Components handles objects in memory. A user would have to open a specially crafted file in order to trigger this bug. \n \n[CVE-2018-8504](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504>) is a security feature bypass vulnerability in the Microsoft Word word processor. There is a flaw in the way the software handles objects in protected view. An attacker could obtain the ability to arbitrarily execute code in the context of the current user if they convince the user to open a malicious Word document. The bug cannot be triggered if the user opens the file in preview mode. \n \n[CVE-2018-8427](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427>) is an information disclosure vulnerability in Microsoft Graphics Components. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted file, which would expose memory layout. \n \n[CVE-2018-8480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480>) is an elevation of privilege vulnerability in the Microsoft SharePoint collaborative platform. The bug lies in the way the software improperly sanitizes a specially crafted web request to an affected SharePoint server. An attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. \n \n[CVE-2018-8518](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8518>), [CVE-2018-8488](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8488>) and [CVE-2018-8498](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498>) are elevation of privilege vulnerabilities in the Microsoft SharePoint Server. An attacker can exploit these bugs by sending a specially crafted request to an affected SharePoint server, allowing them to carry out cross-site scripting attacks and execute code in the context of the current user. \n \n[CVE-2018-8333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333>) is an elevation of privilege vulnerability in Filter Management that exists when the program improperly handles objects in memory. An attacker needs to log onto the system and delete a specially crafted file in order to exploit this bug, which could lead to them gaining the ability to execute code in the context of an elevated user. \n \n[CVE-2018-8411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8411>) is an elevation of privilege vulnerability that exists when the NFTS file system improperly checks access. An attacker needs to log onto the system to exploit this bug and then run a specially crafted application, which could lead to the attacker running processes in an elevated context. \n \n[CVE-2018-8320](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320>) is a security feature bypass vulnerability that exists in the DNS Global Blocklist feature. An attacker who exploits this bug could redirect traffic to a malicious DNS endpoint. \n \n[CVE-2018-8492](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8492>) is a security bypass vulnerability in the Device Guard Windows feature that could allow an attacker to inject malicious code into Windows PowerShell. An attacker needs direct access to the machine in order to exploit this bug, and then inject malicious code into a script that is trusted by the Code Integrity policy. The malicious code would then run with the same access level as the script, and bypass the integrity policy. \n \n[CVE-2018-8329](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8329>) is an elevation of privilege vulnerability in Linux on Windows. The bug lies in the way Linux improperly handles objects in memory. An attacker can completely take control of an affected system after logging onto the system and running a specially crafted application. \n \n[CVE-2018-8497](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8497>) is an elevation of privilege vulnerability that exists in the way the Windows Kernel handles objects in memory. A locally authenticated attacker can exploit this bug by running a specially crafted application. \n \n[CVE-2018-8495](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8495>) is a remote code execution vulnerability that exists in the way Windows Shell handles URIs. An attacker needs to convince the user to visit a specially crafted website on Microsoft Edge in order to exploit this vulnerability. \n \n[CVE-2018-8413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413>) is a remote code execution vulnerability that exists when \u201cWindows Theme API\u201d improperly decompresses files. A victim can exploit this bug by convincing the user to open a specially crafted file via an email, chat client message or on a malicious web page, allowing the attacker to execute code in the context of the current user. \n \nOther important vulnerabilities: \n\n\n * [CVE-2018-8265](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265>)\n * [CVE-2018-8330](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330>)\n * [CVE-2018-8472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8472>)\n * [CVE-2018-8481](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8481>)\n * [CVE-2018-8482](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8482>)\n * [CVE-2018-8486](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8486>)\n * [CVE-2018-8493](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493>)\n * [CVE-2018-8506](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506>)\n * [CVE-2018-8527](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527>)\n * [CVE-2018-8530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8530>)\n * [CVE-2018-8531](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8531>)\n * [CVE-2018-8532](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8532>)\n \n**Moderate vulnerabilities** \n \nOf the two moderate vulnerabilities disclosed by Microsoft, Talos believes one is worth highlighting. \n \n[CVE-2010-3190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190>) is a remote code execution vulnerability in the way that certain applications built using Microsoft Foundation Classes handle the loading of DLL files. An attacker could take complete control of an affected system by exploiting this vulnerability. At the time this bug was first disclosed, Exchange Server was not identified as an in-scope product, which is why this release highlights a flaw from 2010. \n \nThe other moderate vulnerability is [CVE-2018-8533](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533>). \n \n**Low vulnerability** \n \nThere is also one low-rated vulnerability, which Talos wishes to highlight. \n \n[CVE-2018-8503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8503>) is a remote code execution vulnerability in the way that Chakra scripting engine handles objects in memory in the Microsoft Edge web browser. An attacker needs to convince a user to visit a malicious website or malicious content on a web page that allows user-created content or advertisements in order to exploit this bug. \n \n**Coverage** \n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: [48045 - 48057, 48058 - 48060, 48062, 48063, 48072, 48073](<https://snort.org/advisories/talos-rules-2018-10-09>)\n\n", "modified": "2018-10-10T13:42:32", "published": "2018-10-09T11:38:00", "id": "TALOSBLOG:1F1CE534E194C1DFF1B73DAD241A07B6", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/cH-SgNBr69E/ms-tuesday.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 October 18: Vulnerability disclosures and Snort coverage", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
