Lucene search

K
kasperskyKaspersky LabKLA11778
HistoryMar 13, 2018 - 12:00 a.m.

KLA11778 Multiple vulnerabilities in Microsoft Products (ESU)

2018-03-1300:00:00
Kaspersky Lab
threats.kaspersky.com
17

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

Low

EPSS

0.95

Percentile

99.3%

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
  2. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  3. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
  4. A remote code execution vulnerability in CredSSP can be exploited remotely via specially crafted application to execute arbitrary code.
  5. An elevation of privilege vulnerability in Microsoft Video Control can be exploited remotely via specially crafted application to gain privileges.
  6. A remote code execution vulnerability in Windows Shell can be exploited remotely via specially crafted file to execute arbitrary code.
  7. An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
  8. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  9. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  10. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
  11. An information disclosure vulnerability in Windows Remote Assistance can be exploited remotely via specially crafted to obtain sensitive information.
  12. An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.

Original advisories

CVE-2018-0888

CVE-2018-0889

CVE-2018-0885

CVE-2018-0886

CVE-2018-0881

CVE-2018-0883

CVE-2018-0929

CVE-2018-0904

CVE-2018-0868

CVE-2018-0901

CVE-2018-0900

CVE-2018-0891

CVE-2018-0897

CVE-2018-0896

CVE-2018-0895

CVE-2018-0894

CVE-2018-0899

CVE-2018-0898

CVE-2018-0935

CVE-2018-0813

CVE-2018-0878

CVE-2018-0811

CVE-2018-0817

CVE-2018-0816

CVE-2018-0815

CVE-2018-0814

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

Microsoft-Edge

ChakraCore

CVE list

CVE-2018-0811 warning

CVE-2018-0813 warning

CVE-2018-0814 warning

CVE-2018-0815 high

CVE-2018-0816 high

CVE-2018-0817 high

CVE-2018-0868 high

CVE-2018-0878 warning

CVE-2018-0881 high

CVE-2018-0883 critical

CVE-2018-0885 high

CVE-2018-0886 critical

CVE-2018-0888 warning

CVE-2018-0894 warning

CVE-2018-0895 warning

CVE-2018-0896 warning

CVE-2018-0897 warning

CVE-2018-0898 warning

CVE-2018-0899 warning

CVE-2018-0900 warning

CVE-2018-0901 warning

CVE-2018-0904 warning

CVE-2018-0889 critical

CVE-2018-0891 warning

CVE-2018-0929 warning

CVE-2018-0935 critical

KB list

4089187

4088878

4088875

4056564

4073011

4087398

4088827

4089175

4089229

4089344

4089453

4103712

4103718

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows 10 Version 1803 for x64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1709 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2012 R2Windows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2016 (Server Core installation)Windows Server, version 1709 (Server Core Installation)Windows Server 2019Internet Explorer 9Windows 10 Version 1511 for 32-bit SystemsWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows 10 Version 1903 for x64-based SystemsWindows 8.1 for 32-bit systemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1703 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 8.1 for x64-based systemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for x64-based SystemsWindows 10 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 1809 for x64-based SystemsWindows Server 2012Windows 10 Version 1903 for ARM64-based SystemsChakraCoreWindows RT 8.1Microsoft Edge (EdgeHTML-based)Internet Explorer 10Windows Server 2016Windows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1511 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Internet Explorer 11Windows Server 2012 R2 (Server Core installation)Windows 7 for 32-bit Systems Service Pack 1Windows 10 Version 1809 for 32-bit Systems

References

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

Low

EPSS

0.95

Percentile

99.3%