Kaspersky LabKLA11165KLA11165 Microsoft vulnerabilities in Microsoft Windows
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.005 Low
EPSS
Percentile
75.0%
Detect date:
01/03/2018
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service.
Affected products:
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1511 for 32-bit Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 7 for x64-based Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 R2
Windows 10 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1709 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 10 Version 1709 for x64-based Systems
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2018-0743
CVE-2018-0744
CVE-2018-0745
CVE-2018-0746
CVE-2018-0747
CVE-2018-0748
CVE-2018-0749
CVE-2018-0751
CVE-2018-0752
CVE-2018-0753
CVE-2018-0754
CVE-2018-0788
ADV180002
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2018-07434.4Warning
CVE-2018-07444.4Warning
CVE-2018-07451.9Warning
CVE-2018-07461.9Warning
CVE-2018-07471.9Warning
CVE-2018-07484.6Warning
CVE-2018-07494.6Warning
CVE-2018-07513.6Warning
CVE-2018-07524.6Warning
CVE-2018-07537.1High
CVE-2018-07542.1Warning
CVE-2018-07886.9High
Microsoft official advisories:
KB list:
4093112
4056898
4056888
4056890
4056893
4056891
4056892
4056896
4056899
4074591
4056895
4074590
4103723
4284860
4284874
4338830
4338820
4338816
4338831
4345424
4345425
4467708
4493464
4493467
4493446
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/4056888
support.microsoft.com/kb/4056890
support.microsoft.com/kb/4056891
support.microsoft.com/kb/4056892
support.microsoft.com/kb/4056893
support.microsoft.com/kb/4056895
support.microsoft.com/kb/4056896
support.microsoft.com/kb/4056898
support.microsoft.com/kb/4056899
support.microsoft.com/kb/4074590
support.microsoft.com/kb/4074591
support.microsoft.com/kb/4093112
support.microsoft.com/kb/4103723
support.microsoft.com/kb/4284860
support.microsoft.com/kb/4284874
support.microsoft.com/kb/4338816
support.microsoft.com/kb/4338820
support.microsoft.com/kb/4338830
support.microsoft.com/kb/4338831
support.microsoft.com/kb/4345424
support.microsoft.com/kb/4345425
support.microsoft.com/kb/4467708
support.microsoft.com/kb/4493446
support.microsoft.com/kb/4493464
support.microsoft.com/kb/4493467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0743
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0747
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0788
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0743
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0744
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0745
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0746
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0747
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0748
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0749
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0751
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0752
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0753
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0754
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0788
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.005 Low
EPSS
Percentile
75.0%