Microsoft JET Database Engine Remote Code Execution Vulnerability

2018-10-09T07:00:00

Description

A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, a user must open/import a specially crafted Microsoft JET Database Engine file. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user, and then convince the user to open the file. The security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.

{"id": "MS:CVE-2018-8423", "bulletinFamily": "microsoft", "title": "Microsoft JET Database Engine Remote Code Execution Vulnerability", "description": "A remote code execution vulnerability exists in the Microsoft JET Database Engine.\n\nAn attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nTo exploit the vulnerability, a user must open/import a specially crafted Microsoft JET Database Engine file. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user, and then convince the user to open the file.\n\nThe security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.\n", "published": "2018-10-09T07:00:00", "modified": "2018-10-09T07:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-8423", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2018-8423"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-26T18:28:14", "edition": 1, "viewCount": 4, "enchantments": {"backreferences": {"references": [{"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["KREBS:B1E4FC3B67F4D04866AEE77CDE9721A9"], "type": "krebs"}, {"idList": ["CVE-2018-8423"], "type": "cve"}, {"idList": ["SRC-2018-0029"], "type": "srcincite"}, {"idList": ["SMB_NT_MS18_OCT_4462926.NASL"], "type": "nessus"}, {"idList": ["THN:C3FF55EFF6D358D430A376476FE270D4"], "type": "thn"}, {"idList": ["OPENVAS:1361412562310814083", "OPENVAS:1361412562310814084", "OPENVAS:1361412562310814078", "OPENVAS:1361412562310814081", "OPENVAS:1361412562310814085", "OPENVAS:1361412562310814080", "OPENVAS:1361412562310814079", "OPENVAS:1361412562310814082"], "type": "openvas"}, {"idList": ["THREATPOST:EB71471BE2C7CB3DBC11E266C20BA1CE"], "type": "threatpost"}, {"idList": ["KB4462941"], "type": "mskb"}, {"idList": ["KLA11333"], "type": "kaspersky"}, {"idList": ["ZDI-18-1075"], "type": "zdi"}, {"idList": ["TALOSBLOG:1F1CE534E194C1DFF1B73DAD241A07B6"], "type": "talosblog"}]}, "dependencies": {"references": [{"idList": ["KREBS:B1E4FC3B67F4D04866AEE77CDE9721A9"], "type": "krebs"}, {"idList": ["CVE-2018-8423"], "type": "cve"}, {"idList": ["SRC-2018-0029"], "type": "srcincite"}, {"idList": ["THREATPOST:EB71471BE2C7CB3DBC11E266C20BA1CE", "THREATPOST:6494F574043B1EE5082C988D28B55E4C"], "type": "threatpost"}, {"idList": ["THN:C3FF55EFF6D358D430A376476FE270D4"], "type": "thn"}, {"idList": ["OPENVAS:1361412562310814083", "OPENVAS:1361412562310814084", "OPENVAS:1361412562310814078", "OPENVAS:1361412562310814081", "OPENVAS:1361412562310814085", "OPENVAS:1361412562310814080", "OPENVAS:1361412562310814079", "OPENVAS:1361412562310814082"], "type": "openvas"}, {"idList": ["KLA11889", "KLA11333"], "type": "kaspersky"}, {"idList": ["SMB_NT_MS18_OCT_4462937.NASL", "SMB_NT_MS18_OCT_4463097.NASL", "SMB_NT_MS18_OCT_4462919.NASL", "SMB_NT_MS18_OCT_4462918.NASL", "SMB_NT_MS18_OCT_4462926.NASL", "SMB_NT_MS18_OCT_4462917.NASL", "SMB_NT_MS18_OCT_4462922.NASL", "SMB_NT_MS18_OCT_4462929.NASL", "SMB_NT_MS18_OCT_4462923.NASL", "SMB_NT_MS18_OCT_4464330.NASL"], "type": "nessus"}, {"idList": ["ZDI-18-1075"], "type": "zdi"}, {"idList": ["TALOSBLOG:1F1CE534E194C1DFF1B73DAD241A07B6"], "type": "talosblog"}, {"idList": ["KB4463573"], "type": "mskb"}], "rev": 4}, "exploitation": null, "score": {"value": 1.8, "vector": "NONE"}, "vulnersScore": 1.8}, "_state": {"dependencies": 1666809388, "score": 1666809538}, "_internal": {"score_hash": "d52bf9d77e7dc15cd9379ba8930f864f"}, "kbList": ["KB4462929", "KB4457135", "KB4462919", "KB4462922", "KB4458010", "KB4462918", "KB4462941", "KB4457132", "KB4457129", "KB4462926", "KB4462917", "KB4462923", "KB4462915", "KB4462937", "KB4463104", "KB4464330", "KB4457128", "KB4457138", "KB4457142", "KB4462931", "KB4457144", "KB4463097", "KB4457131"], "msrc": "", "mscve": "CVE-2018-8423", "msAffectedSoftware": [{"kb": "KB4464330", "kbSupersedence": "", "msplatform": "", "name": "windows server 2019", "operator": "", "version": ""}, {"kb": "KB4463104", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462915", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for itanium-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4462926", "kbSupersedence": "KB4457129", "msplatform": "", "name": "windows server 2012 r2", "operator": "", "version": ""}, {"kb": "KB4462923", "kbSupersedence": "KB4457144", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462937", "kbSupersedence": "KB4457138", "msplatform": "", "name": "windows 10 version 1703 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4462931", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462915", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4462926", "kbSupersedence": "KB4457129", "msplatform": "", "name": "windows 8.1 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4462923", "kbSupersedence": "KB4457144", "msplatform": "", "name": "windows server 2008 r2 for itanium-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4463097", "kbSupersedence": "KB4458010", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4462917", "kbSupersedence": "KB4457131", "msplatform": "", "name": "windows server 2016 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462919", "kbSupersedence": "KB4457128", "msplatform": "", "name": "windows server, version 1803 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462923", "kbSupersedence": "KB4457144", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4462915", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4462919", "kbSupersedence": "KB4457128", "msplatform": "", "name": "windows 10 version 1803 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4463104", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for itanium-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4462919", "kbSupersedence": "KB4457128", "msplatform": "", "name": "windows 10 version 1803 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4462915", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4462941", "kbSupersedence": "", "msplatform": "", "name": "windows 8.1 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4462923", "kbSupersedence": "KB4457144", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4462918", "kbSupersedence": "KB4457142", "msplatform": "", "name": "windows server, version 1709 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4463104", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4463104", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4464330", "kbSupersedence": "", "msplatform": "", "name": "windows server 2019 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462917", "kbSupersedence": "KB4457131", "msplatform": "", "name": "windows 10 version 1607 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4463097", "kbSupersedence": "KB4458010", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4463097", "kbSupersedence": "KB4458010", "msplatform": "", "name": "windows server 2008 for itanium-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4462941", "kbSupersedence": "", "msplatform": "", "name": "windows 8.1 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4462918", "kbSupersedence": "KB4457142", "msplatform": "", "name": "windows 10 version 1709 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4462923", "kbSupersedence": "KB4457144", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4462917", "kbSupersedence": "KB4457131", "msplatform": "", "name": "windows server 2016", "operator": "", "version": ""}, {"kb": "KB4462922", "kbSupersedence": "KB4457132", "msplatform": "", "name": "windows 10 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4462915", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462917", "kbSupersedence": "KB4457131", "msplatform": "", "name": "windows 10 version 1607 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4464330", "kbSupersedence": "", "msplatform": "", "name": "windows 10 version 1809 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4462918", "kbSupersedence": "KB4457142", "msplatform": "", "name": "windows 10 version 1709 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4462922", "kbSupersedence": "KB4457132", "msplatform": "", "name": "windows 10 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4462937", "kbSupersedence": "KB4457138", "msplatform": "", "name": "windows 10 version 1703 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4464330", "kbSupersedence": "", "msplatform": "", "name": "windows 10 version 1809 for 32-bit systems", "operator": "", "version": ""}, {"kb": "KB4462931", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012", "operator": "", "version": ""}, {"kb": "KB4463104", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462941", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 r2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462926", "kbSupersedence": "KB4457129", "msplatform": "", "name": "windows 8.1 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4463097", "kbSupersedence": "KB4458010", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4462929", "kbSupersedence": "KB4457135", "msplatform": "", "name": "windows server 2012", "operator": "", "version": ""}, {"kb": "KB4462926", "kbSupersedence": "KB4457129", "msplatform": "", "name": "windows rt 8.1", "operator": "", "version": ""}, {"kb": "KB4463097", "kbSupersedence": "KB4458010", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462926", "kbSupersedence": "KB4457129", "msplatform": "", "name": "windows server 2012 r2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4462941", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 r2", "operator": "", "version": ""}, {"kb": "KB4462929", "kbSupersedence": "KB4457135", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "", "version": ""}], "vendorCvss": {"baseScore": "7.8", "temporalScore": "7.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}

{"srcincite": [{"lastseen": "2022-04-20T17:16:27", "description": "**Vulnerability Details:**\n\nThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the management of indexes in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.\n\n**Affected Vendors:**\n\nMicrosoft\n\n**Affected Products:**\n\nWindows\n\n**Vendor Response:**\n\nMicrosoft has issued an update to correct these vulnerabilities. More details can be found at: \n<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-02T00:00:00", "type": "srcincite", "title": "SRC-2018-0029 : Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8423"], "modified": "2018-10-09T00:00:00", "id": "SRC-2018-0029", "href": "https://srcincite.io/advisories/src-2018-0029/", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": ""}], "zdi": [{"lastseen": "2022-01-31T21:45:25", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the management of indexes in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-20T00:00:00", "type": "zdi", "title": "(0Day) Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8423"], "modified": "2018-10-10T00:00:00", "id": "ZDI-18-1075", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1075/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-08-06T08:14:35", "description": "UPDATE\n\nMicrosoft patched a zero-day in its JET Database Engine this week \u2013 but the patch was incomplete, according to researchers at 0patch. The company has developed a micropatch that corrects that hole, it said Friday.\n\nThe memory corruption vulnerability ([CVE-2018-8423](<https://threatpost.com/unpatched-microsoft-zero-day-in-jet-allows-remote-code-execution/137597/>)) could allow remote code-execution. It was found by Trend Micro\u2019s Zero Day Initiative (ZDI), which subsequently released the flaw as a zero-day 135 days after reporting it to Microsoft. Eighteen days later, Microsoft issued a fix as part of its [Patch Tuesday updates](<https://threatpost.com/microsoft-patches-zero-day-under-active-attack-by-apt/138164/>) this week.\n\nThe flaw is an out-of-bounds (OOB) write in the JET Database Engine, which underlies the Microsoft Access and Visual Basic software. It\u2019s a less well-known alternative to Microsoft\u2019s flagship SQL Server.\n\n\u201cThe root cause boils down to how the JET Database Engine handles malformed data in a database file,\u201d Dustin Childs, communications manager for ZDI, told Threatpost. \u201cImproper handling of the malformed data could lead to code execution.\u201d\n\nAccording to ZDI, the specific flaw exists within the management of indexes in JET. It can be triggered by opening a booby-trapped JET database file via OLEDB, which is an API designed by Microsoft that enables data to be accessed from an array of disparate sources in a uniform manner. That consequently would cause a \u201cwrite past the end of an allocated buffer,\u201d i.e., a crash, which in turn would allow an adversary to execute code with the same privileges as the target machine\u2019s legitimate user.\n\nBecause the vulnerability was published as a zero-day before the official patch was available, 0patch issued a micropatch just a day after it dropped. It has now issued another micropatch to correct the official patch.\n\nThe problem lies in one of Window\u2019s core dynamic link libraries, \u201cmsrd3x40.dll.\u201d\n\n\u201cAs expected, the update brought a modified msrd3x40.dll binary: this is the binary with the vulnerability, which we had micropatched with four CPU instructions (one of which was just for reporting purposes),\u201d said Mitja Kolsek, a researcher with the 0patch team, in a [notice](<https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html>) about the fresh fix. \u201cThe version of msrd3x40.dll changed from 4.0.9801.0 to 4.0.9801.5 and of course its cryptographic hash also changed \u2013 which resulted in our micropatch for this issue no longer getting applied to msrd3x40.dll.\u201d\n\nHowever, when the company reviewed the differences between the official patch and the micropatch, it found slight differences, \u201cunfortunately in a way that only limited the vulnerability instead of eliminating it,\u201d Kolsek said.\n\nThe original ZDI PoC is blocked by Microsoft\u2018s patch, but it can be slightly modified to again cause memory corruption, he explained in an email to Threatpost.\n\n\u201cMicrosoft\u2018s patch undoubtedly limits the attacker\u2019s ability to exploit the vulnerability, but we can\u2019t say to what extent; this could only be answered by a skilled exploit developer investing due effort in actually trying to exploit this to launch malicious code on user\u2019s computer,\u201d he told us. \u201cIf an exploit was developed for this \u2018remaining\u2019 issue, it would very much look like an exploit for the unpatched issue \u2013 so there would likely be no more hoops to go through.\u201d\n\nThere are however mitigating factors to successful exploitation: This technique relies on social engineering to convince users to open a malicious attachments. Users should, as always, use caution when opening emails from unknown senders or opening unknown files, or accepting file transfers.\n\n0patch has notified Microsoft about the problem and said that it will await an official update before publishing proof-of-concept details \u2014 Kolsek told Threatpost that it hasn\u2019t received Microsoft\u2018s confirmation yet.\n\nJeff Jones, senior director at Microsoft, told Threatpost that _\u201c_We\u2019re aware of the report will take additional action to protect customers if needed.\u201d\n\nKolsek said the new micropatch (a video demonstration can be seen [here](<https://www.youtube.com/watch?v=nmlJk40XBrY&feature=youtu.be>)) fixes fully updated 32-bit and 64-bit Windows 10, Windows 8.1, Windows 7, Windows Server 2008 and Windows Server 2012, as well as other Windows versions that share the same version of msrd3x40.dll.\n\n_This posting was updated on Oct. 17 with input from 0patch and Microsoft._\n", "cvss3": {}, "published": "2018-10-12T17:01:15", "type": "threatpost", "title": "Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-8423"], "modified": "2018-10-12T17:01:15", "id": "THREATPOST:EB71471BE2C7CB3DBC11E266C20BA1CE", "href": "https://threatpost.com/microsoft-zero-day-patch-for-jet-bug-incomplete-claims-firm/138262/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T05:50:47", "description": "Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component.\n\nThe zero-day ([CVE-2018-8453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453>)), found by Kaspersky Lab, could allow an adversary to run arbitrary code in kernel mode on targeted systems. \u201cAn attacker could then install programs; view, change or delete data; or create new accounts with full user rights,\u201d Microsoft wrote in its patch update. Windows 7, 8.1, 10, and Server 2008, 2012, 2016, and 2019 are affected.\n\nMiddle East-based[ APT FruityArmor,](<https://threatpost.com/fruityarmor-apt-group-used-recently-patched-windows-zero-day/121398/>) which has a history of targeting Windows zero-day, is believed to be actively exploiting the flaw, according to Kaspersky Lab. In 2016, [Kaspersky Lab researchers](<https://threatpost.com/fruityarmor-apt-group-used-recently-patched-windows-zero-day/121398/>) reported that the group carried out a number of targeted attacks exploiting zero-days to escape browser-based sandboxes and execute malicious code in the wild. In that case, the adversaries targeted CVE-2016-3393, tied to Windows graphics device interface.\n\nThe zero-day patch was one of 49 fixes issued Tuesday; 12 were listed as critical.\n\nMicrosoft also patched an eight-year-old remote code-execution vulnerability, first identified in 2010 and rated critical. The bug ([CVE-2010-3190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190>)) is tied to a nagging issue with Microsoft Foundation Class Library, a resource used by developers to manage how DLL files are loaded and handled by an application. The bug has been patched multiple times over the years: in 2010, 2011 and 2016 with the most recent update available Tuesday. Microsoft said the problem is once again an issue as it relates to installations of Exchange Server 2016.\n\n\u201cAn attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights,\u201d Microsoft wrote.\n\nThe software giant added, \u201cExchange Server was not identified as an in-scope product when CVE-2010-3190 was originally published\u2026The update addresses this vulnerability by correcting how applications built using MFC load DLL files.\u201d\n\nOther Microsoft patches addressed vulnerabilities in the Edge and Internet Explorer browsers; and applications such as SharePoint Enterprise server and SQL Server Management software.\n\n\u201cOne of the most important vulnerabilities fixed in today\u2019s Patch Tuesday release is the Microsoft JET Database Engine zero-day ([CVE-2018-8423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423>)), which [was disclosed last month](<https://threatpost.com/unpatched-microsoft-zero-day-in-jet-allows-remote-code-execution/137597/>),\u201d wrote Glen Pendley, deputy CTO at Tenable, in an analysis. \u201cThe vulnerability was published along with a sample exploit code, leaving organizations everywhere exposed for the last several weeks. As such, organizations are urged to update their systems immediately.\u201d\n\nOf the 49 CVEs listed by Microsoft this month, the majority, 33, were fixed in Windows 10, Edge and the associated Server versions, pointed out Chris Goettl, director of security product management for Ivanti. \u201cAlso, please note that there was an update for Server 2019 which was made generally available last week. Microsoft continued the trend from last month where they introduced both a monthly roll-up and a security-only release for Server 2008,\u201d he said.\n\nMicrosoft\u2019s ubiquitous Office Suite bundle also received a number of updates including those for Excel, Outlook, PowerPoint and Word. With those updates came important version tweaks, according to Goettl: \u201cOffice for Mac version 16.17 [from last patch Tuesday](<https://threatpost.com/microsoft-patches-three-actively-exploited-bugs-as-part-of-patch-tuesday/137372/>), and all future 16.17+ releases are now officially \u2018Office 2019\u2019,\u201d he said. Office 2016 will continue to receive updates \u2018as needed\u2019 until October 2020.\u201d\n", "cvss3": {}, "published": "2018-10-09T21:24:54", "type": "threatpost", "title": "Microsoft Patches Zero-Day Under Active Attack by APT", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-3190", "CVE-2016-3393", "CVE-2018-8423", "CVE-2018-8453", "CVE-2019-0797"], "modified": "2018-10-09T21:24:54", "id": "THREATPOST:6494F574043B1EE5082C988D28B55E4C", "href": "https://threatpost.com/microsoft-patches-zero-day-under-active-attack-by-apt/138164/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:35:13", "description": "<html><body><p>Resolves a vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009.</p><h2>Summary</h2><div class=\"kb-summary-section section\">A remote code execution vulnerability exists in the Microsoft JET Database Engine.<br/><br/>To learn more about the vulnerability, go to <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8423\" id=\"kb-link-2\" managed-link=\"\" target=\"_blank\">CVE-2018-8423</a>.</div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"><h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" id=\"kb-link-13\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</div><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3><div class=\"kb-collapsible kb-collapsible-expanded\">To get the stand-alone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=4463573\" id=\"kb-link-14\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a> website.</div></div><p><strong class=\"sbody-strong\">Important\u00a0</strong>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</p><h2>More information</h2><div class=\"kb-moreinformation-section section\"><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=\"\"><div class=\"kb-collapsible kb-collapsible-collapsed\"><span>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/en-us/safety/pc-security/updates.aspx\" managed-link=\"\" target=\"_blank\">Protect yourself online</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a><br/><br/>Local support according to your country: <a data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" managed-link=\"\" target=\"_blank\">International Support</a></span></div><span> </span></td></tr></tbody></table><a class=\"bookmark\" id=\"fileinfo\"></a></div><h2>Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 file information</h2><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>WindowsXP-KB4463573-x86-Embedded-ENU.exe</td><td>117A603508CE1DD5ECF8F080CAA55285EF66CFAB</td><td>1538BAB95C5C19BA2A9877503DCE3B44EAEADAE92A2EEE909C5DC39F83E3C946</td></tr></tbody></table></td></tr></tbody></table><p><strong>File information</strong><br/><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.</span></p><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Msrd3x40.dll</td><td>4.0.9801.4</td><td>344,064</td><td>11-Sep-2018</td><td>06:50</td><td>x86</td></tr><tr><td>Updspapi.dll</td><td>6.3.13.0</td><td>382,840</td><td>01-Feb-2018</td><td>21:28</td><td>x86</td></tr></tbody></table></td></tr></tbody></table></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "mskb", "title": "Description of the security update for the remote code execution vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: October 9, 2018", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8423"], "modified": "2018-10-09T17:01:56", "id": "KB4463573", "href": "https://support.microsoft.com/en-us/help/4463573/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T18:45:50", "description": "A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-10T13:29:00", "type": "cve", "title": "CVE-2018-8423", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8423"], "modified": "2020-09-28T12:58:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*"], "id": "CVE-2018-8423", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8423", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"]}], "krebs": [{"lastseen": "2018-10-11T22:23:00", "description": "**Microsoft** this week released software updates to fix roughly 50 security problems with various versions of its **Windows** operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2014/07/brokenwindows.png)The zero-day bug -- [CVE-2018-8453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453>) -- affects Windows versions 7, 8.1, 10 and Server 2008, 2012, 2016 and 2019. According to security firm **Ivanti**, an attacker first needs to log into the operating system, but then can exploit this vulnerability to gain administrator privileges.\n\nAnother vulnerability patched on Tuesday -- [CVE-2018-8423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423>) -- was publicly disclosed last month along with sample exploit code. This flaw involves a component shipped on all Windows machines and used by a number of programs, and could be exploited by getting a user to open a specially-crafted file -- such as a booby-trapped **Microsoft Office** document.\n\nKrebsOnSecurity has frequently suggested that Windows users wait a day or two after Microsoft releases monthly security updates before installing the fixes, with the rationale that occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.\n\nThis month, Microsoft briefly paused updates for Windows 10 users after many users reported losing all of the files in their \"My Documents\" folder. The worst part? Rolling back to previous saved versions of Windows prior to the update did not restore the files.\n\nMicrosoft appears to have since fixed the issue, but these kinds of incidents illustrate the value of not only waiting a day or two to install updates but also manually backing up your data prior to installing patches (i.e., not just simply counting on Microsoft's System Restore feature to save the day should things go haywire).\n\nMercifully, **Adobe** has spared us an update this month for its **Flash Player** software, although it has shipped a non-security update for Flash.\n\nFor more on this month's Patch Tuesday batch, check out posts from [Ivanti](<https://www.ivanti.com/blog/october-patch-tuesday-2018>) and [Qualys](<https://blog.qualys.com/laws-of-vulnerabilities/2018/10/09/october-2018-patch-tuesday-49-vulns-critical-browser-patches-hyper-v-adobe-vulns>).\n\nAs always, if you experience any issues installing any of these patches this month, please feel free to leave a comment about it below; there's a good chance other readers have experienced the same and may even chime in here with some helpful tips. My apologies for the tardiness of this post; I have been traveling in Australia this past week with only sporadic access to the Internet.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2018/10/Melbourne.jpg)\n\nDowntown Melbourne, Australia.", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-11T07:34:56", "type": "krebs", "title": "Patch Tuesday, October 2018 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8423", "CVE-2018-8453"], "modified": "2018-10-11T07:34:56", "id": "KREBS:B1E4FC3B67F4D04866AEE77CDE9721A9", "href": "https://krebsonsecurity.com/2018/10/patch-tuesday-october-2018-edition/", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2022-05-09T12:40:48", "description": "[![microsoft windows patch update](https://thehackernews.com/images/-yWCVA21ga8g/W7z0WOAz3RI/AAAAAAAAyW0/0cLk_Hz_pnEI94Nf4iePYDJdSDL38uQTwCLcBGAs/s728-e100/microsoft-windows-patch-update.jpg)](<https://thehackernews.com/images/-yWCVA21ga8g/W7z0WOAz3RI/AAAAAAAAyW0/0cLk_Hz_pnEI94Nf4iePYDJdSDL38uQTwCLcBGAs/s728-e100/microsoft-windows-patch-update.jpg>)\n\nMicrosoft has just [released](<https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/aa99ba28-e99f-e811-a978-000d3a33c573>) its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products. \n \nThis month's security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server. \n \nOut of 49 flaws patched this month, 12 are rated as critical, 35 are rated as important, one moderate, and one is low in severity. \n \nThree of these vulnerabilities patched by the tech giant are listed as \"publicly known\" at the time of release, and one flaw is reported as being actively exploited in the wild. \n \n\n\n## Windows Update Patches An Important Flaw Under Active Attack\n\n \nAccording to the Microsoft [advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453>), an undisclosed group of attackers is actively exploiting an important elevation of privilege vulnerability (CVE-2018-8453) in Microsoft Windows operating system to take full control over the targeted systems. \n \nThis flaw exists when the Win32K (kernel-mode drivers) component fails to properly handle objects in memory, allowing an attacker to execute arbitrary code in the kernel mode using a specially crafted application. \n \nThis month's updates also patches a critical remote code execution vulnerability in Microsoft Windows and affects all supported versions of Windows, including Windows 10, 8.1, 7, and Server 2019, 2016, 2012, and 2008. \n \nThe vulnerability ([CVE-2018-8494](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8494>)) resides in the parser component of the Microsoft XML Core Services (MSXML), which can be exploited by passing malicious XML content via user input. \n \nAn attacker can remotely execute malicious code on a targeted computer and take full control of the system just by convincing users to view a specially crafted website designed to invoke MSXML through a web browser. \n \n\n\n## Microsoft Patches Three Publicly Disclosed Flaws\n\n \nThe details of one of the three publicly disclosed vulnerabilities was revealed late last month by a security researcher after the company failed to patch the bug within the 120-days deadline. \n \nThe vulnerability, marked as important and assigned CVE-2018-8423, resides in Microsoft Jet Database Engine that could allow an attacker to remotely execute malicious code on any vulnerable Windows computer. \n \nFor [proof-of-concept exploit](<https://thehackernews.com/2018/09/windows-zero-day-vulnerability.html>) code and more details about this vulnerability you can read our article. \n \nRest two publicly disclosed vulnerabilities are also marked as important and reside in Windows Kernel (CVE-2018-8497) and Azure IoT Hub Device Client SDK (CVE-2018-8531), which lead to privilege escalation and remote code execution respectively. \n \nThe security updates also include patches for 9 critical memory corruption vulnerabilities\u20142 in Internet Explorer, 2 in Microsoft Edge, 4 in Chakra Scripting Engine, and 1 in Scripting Engine\u2014all leads to remotely execution of code on the targeted system. \n \nBesides this, Microsoft has also released an [update for Microsoft Office](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180026>) that provides enhanced security as a defense in depth measure. \n \nUsers and system administrators are strongly advised to apply these security patches as soon as possible to keep hackers and cybercriminals away from taking control of their systems. \n \nFor installing security patch updates, directly head on to Settings \u2192 Update & security \u2192 Windows Update \u2192 Check for updates, or you can install the updates manually.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T18:40:00", "type": "thn", "title": "Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8423", "CVE-2018-8453", "CVE-2018-8494", "CVE-2018-8497", "CVE-2018-8531"], "modified": "2018-10-09T18:40:40", "id": "THN:C3FF55EFF6D358D430A376476FE270D4", "href": "https://thehackernews.com/2018/10/microsoft-windows-update.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:50:14", "description": "The remote Windows host is missing security update 4462931 or cumulative update 4462929. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4462931: Windows Server 2012 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8453", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8494"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_OCT_4462929.NASL", "href": "https://www.tenable.com/plugins/nessus/118003", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118003);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8494\"\n );\n script_bugtraq_id(105477);\n script_xref(name:\"MSKB\", value:\"4462929\");\n script_xref(name:\"MSKB\", value:\"4462931\");\n script_xref(name:\"MSFT\", value:\"MS18-4462929\");\n script_xref(name:\"MSFT\", value:\"MS18-4462931\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4462931: Windows Server 2012 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462931\nor cumulative update 4462929. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\");\n # https://support.microsoft.com/en-us/help/4462929/windows-server-2012-update-kb4462929\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a3a9fcdf\");\n # https://support.microsoft.com/en-us/help/4462931/windows-server-2012-update-kb4462931\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6b84938\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4462931 or Cumulative Update KB4462929.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462929', '4462931');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462929, 4462931])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:44", "description": "The remote Windows host is missing security update 4463104 or cumulative update 4463097. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2018-8432)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2018-8427)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4463104: Windows Server 2008 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8423", "CVE-2018-8427", "CVE-2018-8432", "CVE-2018-8453", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8494"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_OCT_4463097.NASL", "href": "https://www.tenable.com/plugins/nessus/118005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118005);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8423\",\n \"CVE-2018-8427\",\n \"CVE-2018-8432\",\n \"CVE-2018-8453\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8494\"\n );\n script_bugtraq_id(105477);\n script_xref(name:\"MSKB\", value:\"4463097\");\n script_xref(name:\"MSKB\", value:\"4463104\");\n script_xref(name:\"MSFT\", value:\"MS18-4463097\");\n script_xref(name:\"MSFT\", value:\"MS18-4463104\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4463104: Windows Server 2008 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4463104\nor cumulative update 4463097. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2018-8432)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2018-8427)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\");\n # https://support.microsoft.com/en-us/help/4463097/windows-server-2008-update-kb4463097\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09e189e0\");\n # https://support.microsoft.com/en-us/help/4463104/windows-server-2008-update-kb4463104\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91c1d31f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4463104 or Cumulative Update KB4463097.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4463097', '4463104');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4463097, 4463104])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:14", "description": "The remote Windows host is missing security update 4462915 or cumulative update 4462923. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)\n\n - A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2018-8432)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4462915: Windows 7 and Windows Server 2008 R2 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8432", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8491", "CVE-2018-8494"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_OCT_4462923.NASL", "href": "https://www.tenable.com/plugins/nessus/118001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118001);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8432\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8491\",\n \"CVE-2018-8494\"\n );\n script_bugtraq_id(105477);\n script_xref(name:\"MSKB\", value:\"4462915\");\n script_xref(name:\"MSKB\", value:\"4462923\");\n script_xref(name:\"MSFT\", value:\"MS18-4462915\");\n script_xref(name:\"MSFT\", value:\"MS18-4462923\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4462915: Windows 7 and Windows Server 2008 R2 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462915\nor cumulative update 4462923. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2018-8432)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\");\n # https://support.microsoft.com/en-us/help/4462915/windows-7-update-kb4462915\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bececb62\");\n # https://support.microsoft.com/en-us/help/4462923/windows-7-update-kb4462923\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?07e1318e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4462915 or Cumulative Update KB4462923.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462915', '4462923');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462915, 4462923])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:45", "description": "The remote Windows host is missing security update 4462941 or cumulative update 4462926. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)\n\n - A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4462941: Windows 8.1 and Windows Server 2012 R2 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8491", "CVE-2018-8493", "CVE-2018-8494"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS18_OCT_4462926.NASL", "href": "https://www.tenable.com/plugins/nessus/118002", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118002);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8491\",\n \"CVE-2018-8493\",\n \"CVE-2018-8494\"\n );\n script_bugtraq_id(105477);\n script_xref(name:\"MSKB\", value:\"4462926\");\n script_xref(name:\"MSKB\", value:\"4462941\");\n script_xref(name:\"MSFT\", value:\"MS18-4462926\");\n script_xref(name:\"MSFT\", value:\"MS18-4462941\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4462941: Windows 8.1 and Windows Server 2012 R2 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462941\nor cumulative update 4462926. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\");\n # https://support.microsoft.com/en-us/help/4462926/windows-8-update-kb4462926\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?554e569a\");\n # https://support.microsoft.com/en-us/help/4462941/windows-8-update-kb4462941\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d16a66a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4462941 or Cumulative Update KB4462926.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462926', '4462941');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462926, 4462941])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:45", "description": "The remote Windows host is missing security update 4462922.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8503)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4462922: Windows 10 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8490", "CVE-2018-8491", "CVE-2018-8493", "CVE-2018-8494", "CVE-2018-8503"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_OCT_4462922.NASL", "href": "https://www.tenable.com/plugins/nessus/118000", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118000);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8490\",\n \"CVE-2018-8491\",\n \"CVE-2018-8493\",\n \"CVE-2018-8494\",\n \"CVE-2018-8503\"\n );\n script_bugtraq_id(105477);\n script_xref(name:\"MSKB\", value:\"4462922\");\n script_xref(name:\"MSFT\", value:\"MS18-4462922\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4462922: Windows 10 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462922.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\");\n # https://support.microsoft.com/en-us/help/4462922/windows-10-update-kb4462922\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbae3c83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4462922.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462922');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462922])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:51:12", "description": "The remote Windows host is missing security update 4462917.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)\n\n - A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - A remote code execution vulnerability exists when Windows Shell improperly handles URIs. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8495)\n\n - An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-8497)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4462917: Windows 10 Version 1607 and Windows Server 2016 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8490", "CVE-2018-8491", "CVE-2018-8492", "CVE-2018-8493", "CVE-2018-8494", "CVE-2018-8495", "CVE-2018-8497", "CVE-2018-8503", "CVE-2018-8505"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_OCT_4462917.NASL", "href": "https://www.tenable.com/plugins/nessus/117997", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117997);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8490\",\n \"CVE-2018-8491\",\n \"CVE-2018-8492\",\n \"CVE-2018-8493\",\n \"CVE-2018-8494\",\n \"CVE-2018-8495\",\n \"CVE-2018-8497\",\n \"CVE-2018-8503\",\n \"CVE-2018-8505\"\n );\n script_bugtraq_id(105477, 105478);\n script_xref(name:\"MSKB\", value:\"4462917\");\n script_xref(name:\"MSFT\", value:\"MS18-4462917\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4462917: Windows 10 Version 1607 and Windows Server 2016 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462917.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - A remote code execution vulnerability exists when\n Windows Shell improperly handles URIs. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8495)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)\");\n # https://support.microsoft.com/en-us/help/4462917/windows-10-update-kb4462917\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b8713dae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4462917.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462917');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462917])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:28", "description": "The remote Windows host is missing security update 4462937.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. (CVE-2018-8512)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - A remote code execution vulnerability exists when Windows Shell improperly handles URIs. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8495)\n\n - An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-8497)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4462937: Windows 10 Version 1703 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8490", "CVE-2018-8491", "CVE-2018-8492", "CVE-2018-8493", "CVE-2018-8494", "CVE-2018-8495", "CVE-2018-8497", "CVE-2018-8503", "CVE-2018-8505", "CVE-2018-8512", "CVE-2018-8530"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_OCT_4462937.NASL", "href": "https://www.tenable.com/plugins/nessus/118004", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118004);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8490\",\n \"CVE-2018-8491\",\n \"CVE-2018-8492\",\n \"CVE-2018-8493\",\n \"CVE-2018-8494\",\n \"CVE-2018-8495\",\n \"CVE-2018-8497\",\n \"CVE-2018-8503\",\n \"CVE-2018-8505\",\n \"CVE-2018-8512\",\n \"CVE-2018-8530\"\n );\n script_bugtraq_id(105477, 105478);\n script_xref(name:\"MSKB\", value:\"4462937\");\n script_xref(name:\"MSFT\", value:\"MS18-4462937\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4462937: Windows 10 Version 1703 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462937.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2018-8512)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - A remote code execution vulnerability exists when\n Windows Shell improperly handles URIs. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8495)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)\");\n # https://support.microsoft.com/en-us/help/4462937/windows-10-update-kb4462937\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?035901c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4462937.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462937');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462937])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:44", "description": "The remote Windows host is missing security update 4462919.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8493)\n\n - A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8484)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-8497)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8509)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2018-8506)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2018-8329)\n\n - A remote code execution vulnerability exists when Windows Shell improperly handles URIs. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8495)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4462919: Windows 10 Version 1803 and Windows Server Version 1803 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8329", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8491", "CVE-2018-8492", "CVE-2018-8493", "CVE-2018-8494", "CVE-2018-8495", "CVE-2018-8497", "CVE-2018-8503", "CVE-2018-8505", "CVE-2018-8506", "CVE-2018-8509", "CVE-2018-8530"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_OCT_4462919.NASL", "href": "https://www.tenable.com/plugins/nessus/117999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117999);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8329\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8491\",\n \"CVE-2018-8492\",\n \"CVE-2018-8493\",\n \"CVE-2018-8494\",\n \"CVE-2018-8495\",\n \"CVE-2018-8497\",\n \"CVE-2018-8503\",\n \"CVE-2018-8505\",\n \"CVE-2018-8506\",\n \"CVE-2018-8509\",\n \"CVE-2018-8530\"\n );\n script_bugtraq_id(105477, 105478);\n script_xref(name:\"MSKB\", value:\"4462919\");\n script_xref(name:\"MSFT\", value:\"MS18-4462919\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4462919: Windows 10 Version 1803 and Windows Server Version 1803 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462919.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8509)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Information Disclosure vulnerability exists in the\n way that Microsoft Windows Codecs Library handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. Exploitation of the\n vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2018-8506)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - An Elevation of Privilege vulnerability exists in\n Windows Subsystem for Linux when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could execute arbitrary\n code and take control of an affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-8329)\n\n - A remote code execution vulnerability exists when\n Windows Shell improperly handles URIs. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8495)\");\n # https://support.microsoft.com/en-us/help/4462919/windows-10-update-kb4462919\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ced2e3a3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4462919.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462919');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462919])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:28", "description": "The remote Windows host is missing security update 4464330.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)\n\n - A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2018-8506)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2018-8432)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8473)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-8497)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4464330: Windows 10 Version 1809 and Windows Server 2019 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8432", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8473", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8490", "CVE-2018-8491", "CVE-2018-8492", "CVE-2018-8494", "CVE-2018-8497", "CVE-2018-8503", "CVE-2018-8505", "CVE-2018-8506", "CVE-2018-8510", "CVE-2018-8511", "CVE-2018-8513"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_OCT_4464330.NASL", "href": "https://www.tenable.com/plugins/nessus/118006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118006);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8432\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8473\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8490\",\n \"CVE-2018-8491\",\n \"CVE-2018-8492\",\n \"CVE-2018-8494\",\n \"CVE-2018-8497\",\n \"CVE-2018-8503\",\n \"CVE-2018-8505\",\n \"CVE-2018-8506\",\n \"CVE-2018-8510\",\n \"CVE-2018-8511\",\n \"CVE-2018-8513\"\n );\n script_bugtraq_id(105477, 105478);\n script_xref(name:\"MSKB\", value:\"4464330\");\n script_xref(name:\"MSFT\", value:\"MS18-4464330\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4464330: Windows 10 Version 1809 and Windows Server 2019 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4464330.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - An Information Disclosure vulnerability exists in the\n way that Microsoft Windows Codecs Library handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. Exploitation of the\n vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2018-8506)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2018-8432)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505,\n CVE-2018-8510, CVE-2018-8511, CVE-2018-8513)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8473)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)\");\n # https://support.microsoft.com/en-us/help/4464330/windows-10-update-kb4464330\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?649061ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4464330.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4464330');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4464330])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:56", "description": "The remote Windows host is missing security update 4462918.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8493)\n\n - A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8484)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-8497)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8509)\n\n - A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)\n\n - An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2018-8506)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. (CVE-2018-8512)\n\n - An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)\n\n - A remote code execution vulnerability exists when Windows Shell improperly handles URIs. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8495)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "nessus", "title": "KB4462918: Windows 10 Version 1709 and Windows Server Version 1709 October 2018 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8490", "CVE-2018-8491", "CVE-2018-8492", "CVE-2018-8493", "CVE-2018-8494", "CVE-2018-8495", "CVE-2018-8497", "CVE-2018-8503", "CVE-2018-8505", "CVE-2018-8506", "CVE-2018-8509", "CVE-2018-8512", "CVE-2018-8530"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_OCT_4462918.NASL", "href": "https://www.tenable.com/plugins/nessus/117998", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117998);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\n \"CVE-2018-8320\",\n \"CVE-2018-8330\",\n \"CVE-2018-8333\",\n \"CVE-2018-8411\",\n \"CVE-2018-8413\",\n \"CVE-2018-8423\",\n \"CVE-2018-8453\",\n \"CVE-2018-8460\",\n \"CVE-2018-8472\",\n \"CVE-2018-8481\",\n \"CVE-2018-8482\",\n \"CVE-2018-8484\",\n \"CVE-2018-8486\",\n \"CVE-2018-8489\",\n \"CVE-2018-8490\",\n \"CVE-2018-8491\",\n \"CVE-2018-8492\",\n \"CVE-2018-8493\",\n \"CVE-2018-8494\",\n \"CVE-2018-8495\",\n \"CVE-2018-8497\",\n \"CVE-2018-8503\",\n \"CVE-2018-8505\",\n \"CVE-2018-8506\",\n \"CVE-2018-8509\",\n \"CVE-2018-8512\",\n \"CVE-2018-8530\"\n );\n script_bugtraq_id(105477, 105478);\n script_xref(name:\"MSKB\", value:\"4462918\");\n script_xref(name:\"MSFT\", value:\"MS18-4462918\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/21\");\n\n script_name(english:\"KB4462918: Windows 10 Version 1709 and Windows Server Version 1709 October 2018 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4462918.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in DNS\n Global Blocklist feature. An attacker who successfully\n exploited this vulnerability could redirect traffic to\n malicious DNS endpoints. The update addresses the\n vulnerability by updating DNS Server Role record\n additions to not bypass the Global Query Blocklist.\n (CVE-2018-8320)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-8493)\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles requests of different\n origins. The vulnerability allows Microsoft Edge to\n bypass Same-Origin Policy (SOP) restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2018-8530)\n\n - An elevation of privilege vulnerability exists when NTFS\n improperly checks access. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8411)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2018-8492)\n\n - An elevation of privilege vulnerability exists when the\n DirectX Graphics Kernel (DXGKRNL) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2018-8484)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-8497)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2018-8472)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8509)\n\n - A remote code execution vulnerability exists when\n "Windows Theme API" does not properly\n decompress files. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights.\n (CVE-2018-8413)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-8453)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-8503, CVE-2018-8505)\n\n - A remote code execution vulnerability exists in the\n Microsoft JET Database Engine. An attacker who\n successfully exploited this vulnerability could take\n control of an affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-8423)\n\n - An Information Disclosure vulnerability exists in the\n way that Microsoft Windows Codecs Library handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. Exploitation of the\n vulnerability requires that a program process a\n specially crafted image file. The update addresses the\n vulnerability by correcting how Microsoft Windows Codecs\n Library handles objects in memory. (CVE-2018-8506)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8460,\n CVE-2018-8491)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-8330)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2018-8486)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2018-8512)\n\n - An Elevation of Privilege vulnerability exists in Filter\n Manager when it improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could execute elevated code and take control of an\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-8333)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2018-8494)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2018-8489, CVE-2018-8490)\n\n - An information disclosure vulnerability exists when\n Windows Media Player improperly discloses file\n information. Successful exploitation of the\n vulnerability could allow an attacker to determine the\n presence of files on disk. (CVE-2018-8481,\n CVE-2018-8482)\n\n - A remote code execution vulnerability exists when\n Windows Shell improperly handles URIs. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-8495)\");\n # https://support.microsoft.com/en-us/help/4462918/windows-10-update-kb4462918\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cb51c9ad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4462918.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8494\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Windows NtUserSetWindowFNID Win32k User Callback');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-10\";\nkbs = make_list('4462918');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"10_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4462918])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:01:46", "description": "### *Detect date*:\n10/09/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nMicrosoft Office 2016 for Mac \nMicrosoft Office 2019 for 64-bit editions \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nOffice 365 ProPlus for 64-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nOffice 365 ProPlus for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nMicrosoft Office Word Viewer \nMicrosoft PowerPoint Viewer 2007 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nMicrosoft Office 2019 for 32-bit editions \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nMicrosoft Excel Viewer 2007 Service Pack 3 \nMicrosoft Office Compatibility Pack Service Pack 3 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2 \nWindows 10 Version 1803 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-8453](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8453>) \n[CVE-2018-8489](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8489>) \n[CVE-2018-8472](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8472>) \n[CVE-2018-8481](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8481>) \n[CVE-2018-8482](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8482>) \n[CVE-2018-8494](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8494>) \n[CVE-2018-8486](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8486>) \n[CVE-2018-8333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8333>) \n[CVE-2018-8330](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8330>) \n[CVE-2018-8413](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8413>) \n[CVE-2018-8411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8411>) \n[CVE-2018-8320](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8320>) \n[CVE-2018-8423](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8423>) \n[CVE-2018-8432](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8432>) \n[CVE-2018-8427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8427>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2018-8320](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8320>)4.0Warning \n[CVE-2018-8333](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8333>)6.9High \n[CVE-2018-8423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8423>)9.3Critical \n[CVE-2018-8432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8432>)9.3Critical \n[CVE-2018-8486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8486>)2.1Warning \n[CVE-2018-8330](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8330>)2.1Warning \n[CVE-2018-8472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8472>)2.1Warning \n[CVE-2018-8481](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8481>)2.6Warning \n[CVE-2018-8482](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8482>)2.6Warning \n[CVE-2018-8413](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8413>)9.3Critical \n[CVE-2018-8453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8453>)7.2High \n[CVE-2018-8411](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8411>)7.2High \n[CVE-2018-8494](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8494>)9.3Critical \n[CVE-2018-8427](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8427>)2.1Warning \n[CVE-2018-8489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8489>)7.7Critical\n\n### *KB list*:\n[4463097](<http://support.microsoft.com/kb/4463097>) \n[4462923](<http://support.microsoft.com/kb/4462923>) \n[4462915](<http://support.microsoft.com/kb/4462915>) \n[4463104](<http://support.microsoft.com/kb/4463104>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "kaspersky", "title": "KLA11889 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8427", "CVE-2018-8432", "CVE-2018-8453", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8494"], "modified": "2020-07-22T00:00:00", "id": "KLA11889", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11889/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T11:12:03", "description": "### *Detect date*:\n10/09/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information.\n\n### *Affected products*:\nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 \nWindows Server 2012 (Server Core installation) \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2016 \nWindows Server 2016 (Server Core installation) \nWindows Server 2019 \nWindows Server 2019 (Server Core installation) \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1709 for x64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-8320](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8320>) \n[CVE-2018-8333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8333>) \n[CVE-2018-8423](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8423>) \n[CVE-2018-8432](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8432>) \n[CVE-2018-8486](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8486>) \n[CVE-2018-8330](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8330>) \n[CVE-2018-8493](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8493>) \n[CVE-2018-8472](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8472>) \n[CVE-2018-8492](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8492>) \n[CVE-2018-8481](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8481>) \n[CVE-2018-8482](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8482>) \n[CVE-2018-8506](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8506>) \n[CVE-2018-8490](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8490>) \n[CVE-2018-8413](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8413>) \n[CVE-2018-8329](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8329>) \n[CVE-2018-8453](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8453>) \n[CVE-2018-8411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8411>) \n[CVE-2018-8494](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8494>) \n[CVE-2018-8495](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8495>) \n[CVE-2018-8484](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8484>) \n[CVE-2018-8489](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8489>) \n[CVE-2018-8497](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8497>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Word](<https://threats.kaspersky.com/en/product/Microsoft-Word/>)\n\n### *CVE-IDS*:\n[CVE-2018-8320](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8320>)4.0Warning \n[CVE-2018-8333](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8333>)6.9High \n[CVE-2018-8423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8423>)9.3Critical \n[CVE-2018-8432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8432>)9.3Critical \n[CVE-2018-8486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8486>)2.1Warning \n[CVE-2018-8330](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8330>)2.1Warning \n[CVE-2018-8493](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8493>)5.0Critical \n[CVE-2018-8472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8472>)2.1Warning \n[CVE-2018-8492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8492>)4.6Warning \n[CVE-2018-8481](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8481>)2.6Warning \n[CVE-2018-8482](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8482>)2.6Warning \n[CVE-2018-8506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8506>)1.9Warning \n[CVE-2018-8490](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8490>)7.7Critical \n[CVE-2018-8413](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8413>)9.3Critical \n[CVE-2018-8329](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8329>)7.2High \n[CVE-2018-8453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8453>)7.2High \n[CVE-2018-8411](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8411>)7.2High \n[CVE-2018-8494](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8494>)9.3Critical \n[CVE-2018-8495](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8495>)7.6Critical \n[CVE-2018-8484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8484>)7.2High \n[CVE-2018-8489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8489>)7.7Critical \n[CVE-2018-8497](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8497>)4.6Warning\n\n### *KB list*:\n[4462917](<http://support.microsoft.com/kb/4462917>) \n[4462918](<http://support.microsoft.com/kb/4462918>) \n[4462931](<http://support.microsoft.com/kb/4462931>) \n[4462919](<http://support.microsoft.com/kb/4462919>) \n[4464330](<http://support.microsoft.com/kb/4464330>) \n[4462929](<http://support.microsoft.com/kb/4462929>) \n[4462937](<http://support.microsoft.com/kb/4462937>) \n[4462922](<http://support.microsoft.com/kb/4462922>) \n[4462926](<http://support.microsoft.com/kb/4462926>) \n[4462941](<http://support.microsoft.com/kb/4462941>)\n\n### *Microsoft official advisories*:\n\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-09T00:00:00", "type": "kaspersky", "title": "KLA11333 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8320", "CVE-2018-8329", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8432", "CVE-2018-8453", "CVE-2018-8472", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8489", "CVE-2018-8490", "CVE-2018-8492", "CVE-2018-8493", "CVE-2018-8494", "CVE-2018-8495", "CVE-2018-8497", "CVE-2018-8506"], "modified": "2020-07-22T00:00:00", "id": "KLA11333", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11333/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:06:17", "description": "This host is missing a critical security\n update according to Microsoft KB4462923", "cvss3": {}, "published": "2018-10-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462923)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8423", "CVE-2018-8432", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8491", "CVE-2018-8472", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8453", "CVE-2018-8411", "CVE-2018-8320"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462923)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814084\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-8320\", \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\",\n \"CVE-2018-8413\", \"CVE-2018-8423\", \"CVE-2018-8432\", \"CVE-2018-8453\",\n \"CVE-2018-8460\", \"CVE-2018-8472\", \"CVE-2018-8481\", \"CVE-2018-8482\",\n \"CVE-2018-8486\", \"CVE-2018-8489\", \"CVE-2018-8491\", \"CVE-2018-8494\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 10:22:26 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462923)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462923\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Filter Manager improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - Windows Media Player improperly discloses file information.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, bypass security restrictions, gain the same user rights\n as the current user, obtain information to further compromise the user's system,\n improperly discloses file information and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462923\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Gdi32.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24260\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Gdi32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24260\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:29:06", "description": "This host is missing a critical security\n update according to Microsoft KB4462926", "cvss3": {}, "published": "2018-10-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462926)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8491", "CVE-2018-8472", "CVE-2018-8484", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8453", "CVE-2018-8411", "CVE-2018-8320"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310814083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462926)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814083\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-8320\", \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\",\n \"CVE-2018-8413\", \"CVE-2018-8423\", \"CVE-2018-8453\", \"CVE-2018-8460\",\n \"CVE-2018-8472\", \"CVE-2018-8481\", \"CVE-2018-8482\", \"CVE-2018-8484\",\n \"CVE-2018-8486\", \"CVE-2018-8489\", \"CVE-2018-8491\", \"CVE-2018-8493\",\n \"CVE-2018-8494\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 10:22:26 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462926)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462926\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Filter Manager improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - Windows Media Player improperly discloses file information.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, bypass security restrictions, gain the same user rights\n as the current user, obtain information to further compromise the user's system,\n improperly discloses file information and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2012 R2\n\n - Microsoft Windows 8.1 for 32-bit/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462926\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"urlmon.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"11.0.9600.19155\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\urlmon.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 11.0.9600.19155\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:05", "description": "This host is missing a critical security\n update according to Microsoft KB4462922", "cvss3": {}, "published": "2018-10-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462922)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8491", "CVE-2018-8472", "CVE-2018-8484", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8453", "CVE-2018-8490", "CVE-2018-8411"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814078", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462922)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814078\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-8503\", \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\",\n \"CVE-2018-8413\", \"CVE-2018-8423\", \"CVE-2018-8453\", \"CVE-2018-8460\",\n \"CVE-2018-8472\", \"CVE-2018-8481\", \"CVE-2018-8482\", \"CVE-2018-8484\",\n \"CVE-2018-8486\", \"CVE-2018-8489\", \"CVE-2018-8490\", \"CVE-2018-8491\",\n \"CVE-2018-8493\", \"CVE-2018-8494\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 08:49:30 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462922)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462922\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - Windows Media Player improperly discloses file information.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Filter Manager improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, gain the same user rights as the current user, obtain\n information to further compromise the user's system, improperly discloses file\n information and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462922\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.18004\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.18004\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:29:08", "description": "This host is missing a critical security\n update according to Microsoft KB4462917", "cvss3": {}, "published": "2018-10-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462917)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8495", "CVE-2018-8472", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8453", "CVE-2018-8490", "CVE-2018-8411", "CVE-2018-8320"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310814081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814081", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462917)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814081\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-8495\", \"CVE-2018-8497\", \"CVE-2018-8503\", \"CVE-2018-8505\",\n \"CVE-2018-8320\", \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\",\n \"CVE-2018-8413\", \"CVE-2018-8423\", \"CVE-2018-8453\", \"CVE-2018-8460\",\n \"CVE-2018-8472\", \"CVE-2018-8481\", \"CVE-2018-8482\", \"CVE-2018-8484\",\n \"CVE-2018-8486\", \"CVE-2018-8489\", \"CVE-2018-8490\", \"CVE-2018-8491\",\n \"CVE-2018-8492\", \"CVE-2018-8493\", \"CVE-2018-8494\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 09:48:26 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462917)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462917\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Media Player improperly discloses file information.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - Windows Kernel improperly handles objects in memory.\n\n - Windows Shell improperly handles URIs.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - An input validation error in Device Guard.\n\n - Filter Manager improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Chakra scripting engine handles objects in memory in Microsoft Edge.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, bypass security restrictions, gain the same user rights\n as the current user, obtain information to further compromise the user's system,\n improperly discloses file information and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462917\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2550\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2550\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:17", "description": "This host is missing a critical security\n update according to Microsoft KB4462937", "cvss3": {}, "published": "2018-10-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462937)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8495", "CVE-2018-8472", "CVE-2018-8512", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8530", "CVE-2018-8453", "CVE-2018-8490", "CVE-2018-8411"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814082", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462937)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814082\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-8495\", \"CVE-2018-8497\", \"CVE-2018-8503\", \"CVE-2018-8505\",\n \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\", \"CVE-2018-8413\",\n \"CVE-2018-8423\", \"CVE-2018-8453\", \"CVE-2018-8460\", \"CVE-2018-8472\",\n \"CVE-2018-8481\", \"CVE-2018-8482\", \"CVE-2018-8484\", \"CVE-2018-8486\",\n \"CVE-2018-8489\", \"CVE-2018-8490\", \"CVE-2018-8491\", \"CVE-2018-8492\",\n \"CVE-2018-8493\", \"CVE-2018-8494\", \"CVE-2018-8512\", \"CVE-2018-8530\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 10:00:23 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462937)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462937\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Media Player improperly discloses file information.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Microsoft Edge improperly handles requests of different origins.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\n\n - Edge Content Security Policy (CSP) fails to properly validate certain specially\n crafted documents.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - Windows Kernel improperly handles objects in memory.\n\n - Windows Shell improperly handles URIs.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - An input validation error in Device Guard.\n\n - Filter Manager improperly handles objects in memory.\n\n\n - Windows kernel improperly handles objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, bypass security restrictions, gain the same user rights as\n the current user, obtain information to further compromise the user's system,\n improperly discloses file information and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462937\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1386\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1386\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:14", "description": "This host is missing a critical security\n update according to Microsoft KB4462919", "cvss3": {}, "published": "2018-10-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8329", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8495", "CVE-2018-8472", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8530", "CVE-2018-8453", "CVE-2018-8506", "CVE-2018-8509", "CVE-2018-8411", "CVE-2018-8320"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814080", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462919)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814080\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-8494\", \"CVE-2018-8495\", \"CVE-2018-8497\", \"CVE-2018-8503\",\n \"CVE-2018-8320\", \"CVE-2018-8329\", \"CVE-2018-8330\", \"CVE-2018-8333\",\n \"CVE-2018-8411\", \"CVE-2018-8413\", \"CVE-2018-8423\", \"CVE-2018-8453\",\n \"CVE-2018-8460\", \"CVE-2018-8472\", \"CVE-2018-8481\", \"CVE-2018-8482\",\n \"CVE-2018-8484\", \"CVE-2018-8486\", \"CVE-2018-8489\", \"CVE-2018-8491\",\n \"CVE-2018-8492\", \"CVE-2018-8493\", \"CVE-2018-8505\", \"CVE-2018-8506\",\n \"CVE-2018-8509\", \"CVE-2018-8530\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 09:28:04 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462919)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462919\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Media Player improperly discloses file information.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Windows Subsystem for Linux fails to properly handle objects in memory.\n\n - Microsoft Edge improperly handles requests of different origins.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - Windows Kernel improperly handles objects in memory.\n\n - Windows Shell improperly handles URIs.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - An input validation error in Device Guard.\n\n - Filter Manager improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Microsoft Windows Codecs Library improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, bypass security restrictions, gain the same user rights\n as the current user, obtain information to further compromise the user's system,\n improperly discloses file information and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462919\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.344\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.344\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:10", "description": "This host is missing a critical security\n update according to Microsoft KB4462918", "cvss3": {}, "published": "2018-10-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4462918)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8423", "CVE-2018-8493", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8495", "CVE-2018-8472", "CVE-2018-8512", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8530", "CVE-2018-8453", "CVE-2018-8506", "CVE-2018-8490", "CVE-2018-8509", "CVE-2018-8411", "CVE-2018-8320"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814079", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814079", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4462918)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814079\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-8494\", \"CVE-2018-8495\", \"CVE-2018-8497\", \"CVE-2018-8503\",\n \"CVE-2018-8320\", \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\",\n \"CVE-2018-8413\", \"CVE-2018-8423\", \"CVE-2018-8453\", \"CVE-2018-8460\",\n \"CVE-2018-8472\", \"CVE-2018-8481\", \"CVE-2018-8482\", \"CVE-2018-8484\",\n \"CVE-2018-8486\", \"CVE-2018-8489\", \"CVE-2018-8490\", \"CVE-2018-8491\",\n \"CVE-2018-8492\", \"CVE-2018-8493\", \"CVE-2018-8505\", \"CVE-2018-8506\",\n \"CVE-2018-8509\", \"CVE-2018-8512\", \"CVE-2018-8530\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 09:07:36 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4462918)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4462918\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Media Player improperly discloses file information.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.\n\n - Microsoft Edge improperly handles requests of different origins.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\n\n - Edge Content Security Policy (CSP) fails to properly validate certain specially\n crafted documents.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in memory.\n\n - Windows Kernel improperly handles objects in memory.\n\n - Windows Shell improperly handles URIs.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - An improper input validation in Device Guard.\n\n - Filter Manager improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Microsoft Windows Codecs Library improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, bypass security restrictions, gain the same user\n rights as the current user, determine the presence of files on disk, escalate\n privileges and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4462918\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.725\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.725\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:05", "description": "This host is missing a critical security\n update according to Microsoft KB4464330", "cvss3": {}, "published": "2018-10-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4464330)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8423", "CVE-2018-8432", "CVE-2018-8511", "CVE-2018-8503", "CVE-2018-8489", "CVE-2018-8481", "CVE-2018-8413", "CVE-2018-8513", "CVE-2018-8473", "CVE-2018-8505", "CVE-2018-8460", "CVE-2018-8494", "CVE-2018-8330", "CVE-2018-8497", "CVE-2018-8491", "CVE-2018-8472", "CVE-2018-8484", "CVE-2018-8492", "CVE-2018-8333", "CVE-2018-8486", "CVE-2018-8482", "CVE-2018-8510", "CVE-2018-8453", "CVE-2018-8506", "CVE-2018-8490", "CVE-2018-8411", "CVE-2018-8320"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814085", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4464330)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814085\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-8494\", \"CVE-2018-8497\", \"CVE-2018-8503\", \"CVE-2018-8320\",\n \"CVE-2018-8330\", \"CVE-2018-8333\", \"CVE-2018-8411\", \"CVE-2018-8413\",\n \"CVE-2018-8423\", \"CVE-2018-8432\", \"CVE-2018-8453\", \"CVE-2018-8460\",\n \"CVE-2018-8472\", \"CVE-2018-8473\", \"CVE-2018-8481\", \"CVE-2018-8482\",\n \"CVE-2018-8484\", \"CVE-2018-8486\", \"CVE-2018-8489\", \"CVE-2018-8490\",\n \"CVE-2018-8491\", \"CVE-2018-8492\", \"CVE-2018-8505\", \"CVE-2018-8506\",\n \"CVE-2018-8510\", \"CVE-2018-8511\", \"CVE-2018-8513\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-10 11:10:04 +0530 (Wed, 10 Oct 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4464330)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4464330\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Media Player improperly discloses file information.\n\n - DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in\n memory.\n\n - Windows Theme API does not properly decompress files.\n\n - NTFS improperly checks access.\n\n - Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Microsoft Graphics Components improperly handle objects in memory.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - An input validation error in Windows Graphics Device Interface (GDI).\n\n - Windows Kernel improperly handles objects in memory.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - An input validation error in Device Guard.\n\n - Filter Manager improperly handles objects in memory.\n\n - Microsoft Windows Codecs Library improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, bypass security restriction, gain the same user rights\n as the current user, obtain information to further compromise the user's system,\n improperly discloses file information and escalate privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4464330\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17763.0\", test_version2:\"11.0.17763.54\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17763.0 - 11.0.17763.54\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2018-10-10T14:22:46", "description": "Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, 12 of which are rated \"critical,\" 34 that are rated \"important,\u201d two that are considered to have \u201cmoderate\u201d severity and one that\u2019s rated as \u201clow.\u201d \n \nThe advisories cover bugs in the Chakra scripting engine, the Microsoft Edge internet browser and the Microsoft Office suite of products, among other software. \n \nThis update also includes a critical advisory that covers updates to the [Microsoft Office suite of products](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180026>). \n \nPlease visit the SNORT\u24c7 blog [here](<https://blog.snort.org/2018/10/snort-rule-update-for-oct-9-microsoft.html>) if you would like to know more about the coverage we have for these vulnerabilities. \n**Critical vulnerabilities** \n \nMicrosoft has disclosed 12 critical vulnerabilities this month, which we will highlight below. \n \n[CVE-2018-8491](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8491>), [CVE-2018-8460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8460>) and [CVE-2018-8509](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8509>) are memory corruption vulnerabilities in the Internet Explorer web browser. In both cases, an attacker needs to trick the user into visiting a specially crafted, malicious website that can corrupt the browser\u2019s memory, allowing for remote code execution in the context of the current user. This class of vulnerabilities is especially dangerous since a spam campaign can be used to trick the user while hiding the attack from network protections with HTTPS. \n \n[CVE-2018-8473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8473>) is a remote code execution vulnerability in Microsoft Edge. The bug lies in the way the web browser accesses objects in memory. An attacker could trick a user into visiting a malicious website or take advantage of a website that accepts user-created content or advertisements in order to exploit this vulnerability. \n \n[CVE-2018-8513](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8513>), [CVE-2018-8500](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8500>), [CVE-2018-8511](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8511>), [CVE-2018-8505](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8505>) and [CVE-2018-8510](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8510>) are memory corruption vulnerabilities in the Chakra scripting engine that affects a variety of products. In all cases, an attacker could exploit these vulnerabilities to execute code on the system in the context of the current user and completely take over the system. This class of vulnerabilities is especially dangerous since a spam campaign can be used to trick the user while hiding the attack from network protections with HTTPS. \n \n[CVE-2018-8494](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8494>) is a remote code execution vulnerability that exists when the MSXML parser in Microsoft XML Core Services processes user input. An attacker can exploit this bug by invoking MSXML through a web browser on a specially crafted website. The user also needs to convince the user to open the web page. \n \n[CVE-2018-8490](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8490>) and [CVE-2018-8489](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8489>) are remote code execution vulnerabilities in the Windows Hyper-V hypervisor. The bugs lie in the way the host server on Hyper-V fails to properly validate input from an authenticated user on a guest operating system. An attacker could exploit these vulnerabilities by running a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. \n \n**Important vulnerabilities** \n \nThere are also 34 important vulnerabilities in this release. We would like to specifically highlight 22 of them. \n \n[CVE-2018-8512](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512>) is a security feature bypass vulnerability in Microsoft Edge. The web browser improperly validates certain specially crafted documents in the Edge Content Security Policy (CSP), which could allow an attacker to trick a user into loading a malicious page. \n \n[CVE-2018-8448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448>) is an elevation of privilege vulnerability in the Microsoft Exchange email server. The bug exists in the way that Exchange Outlook Web Access improperly handles web requests. An attacker could exploit this vulnerability by performing script or content injection attacks that trick the user into disclosing sensitive information. They could also trick the user into providing login credentials via social engineering in an email or chat client. \n \n[CVE-2018-8453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453>) is an elevation of privilege vulnerability in the Windows operating system that occurs when the Win32k component improperly handles objects in memory. An attacker could obtain the ability to run arbitrary code in kernel mode by logging onto the system and then run a specially crafted application. \n \n[CVE-2018-8484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8484>) is an elevation of privilege vulnerability in the DirectX Graphics Kernel driver that exists when the driver improperly handles objects in memory. An attacker could log onto the system and execute a specially crafted application to exploit this bug and run processes in an elevated context. \n \n[CVE-2018-8423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423>) is a remote code execution vulnerability in the Microsoft JET Database Engine that could allow an attacker to take control of an affected system. A user must open or import a specially crafted Microsoft JET Database Engine file on the system in order to exploit this bug. They could also trick a user into opening a malicious file via email. \n \n[CVE-2018-8502](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8502>) is a security feature bypass vulnerability in Microsoft Excel when the software fails to properly handle objects in protected view. An attacker could execute arbitrary code in the context of the current user if they convince the user to open a specially crafted, malicious Excel document via email or on a web page. This bug cannot be exploited if the user opens the Excel file in just the preview pane. \n \n[CVE-2018-8501](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8501>) is a security feature bypass vulnerability in Microsoft PowerPoint. The bug exists when the software improperly handles objects in protected view. An attacker can execute arbitrary code in the context of the current user if they convince the user to open a specially crafted PowerPoint file. This bug cannot be exploited if the user only opens the file in preview mode. \n \n[CVE-2018-8432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432>) is a remote code execution vulnerability that lies in the way Microsoft Graphics Components handles objects in memory. A user would have to open a specially crafted file in order to trigger this bug. \n \n[CVE-2018-8504](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8504>) is a security feature bypass vulnerability in the Microsoft Word word processor. There is a flaw in the way the software handles objects in protected view. An attacker could obtain the ability to arbitrarily execute code in the context of the current user if they convince the user to open a malicious Word document. The bug cannot be triggered if the user opens the file in preview mode. \n \n[CVE-2018-8427](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427>) is an information disclosure vulnerability in Microsoft Graphics Components. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted file, which would expose memory layout. \n \n[CVE-2018-8480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480>) is an elevation of privilege vulnerability in the Microsoft SharePoint collaborative platform. The bug lies in the way the software improperly sanitizes a specially crafted web request to an affected SharePoint server. An attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. \n \n[CVE-2018-8518](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8518>), [CVE-2018-8488](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8488>) and [CVE-2018-8498](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498>) are elevation of privilege vulnerabilities in the Microsoft SharePoint Server. An attacker can exploit these bugs by sending a specially crafted request to an affected SharePoint server, allowing them to carry out cross-site scripting attacks and execute code in the context of the current user. \n \n[CVE-2018-8333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333>) is an elevation of privilege vulnerability in Filter Management that exists when the program improperly handles objects in memory. An attacker needs to log onto the system and delete a specially crafted file in order to exploit this bug, which could lead to them gaining the ability to execute code in the context of an elevated user. \n \n[CVE-2018-8411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8411>) is an elevation of privilege vulnerability that exists when the NFTS file system improperly checks access. An attacker needs to log onto the system to exploit this bug and then run a specially crafted application, which could lead to the attacker running processes in an elevated context. \n \n[CVE-2018-8320](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320>) is a security feature bypass vulnerability that exists in the DNS Global Blocklist feature. An attacker who exploits this bug could redirect traffic to a malicious DNS endpoint. \n \n[CVE-2018-8492](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8492>) is a security bypass vulnerability in the Device Guard Windows feature that could allow an attacker to inject malicious code into Windows PowerShell. An attacker needs direct access to the machine in order to exploit this bug, and then inject malicious code into a script that is trusted by the Code Integrity policy. The malicious code would then run with the same access level as the script, and bypass the integrity policy. \n \n[CVE-2018-8329](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8329>) is an elevation of privilege vulnerability in Linux on Windows. The bug lies in the way Linux improperly handles objects in memory. An attacker can completely take control of an affected system after logging onto the system and running a specially crafted application. \n \n[CVE-2018-8497](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8497>) is an elevation of privilege vulnerability that exists in the way the Windows Kernel handles objects in memory. A locally authenticated attacker can exploit this bug by running a specially crafted application. \n \n[CVE-2018-8495](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8495>) is a remote code execution vulnerability that exists in the way Windows Shell handles URIs. An attacker needs to convince the user to visit a specially crafted website on Microsoft Edge in order to exploit this vulnerability. \n \n[CVE-2018-8413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413>) is a remote code execution vulnerability that exists when \u201cWindows Theme API\u201d improperly decompresses files. A victim can exploit this bug by convincing the user to open a specially crafted file via an email, chat client message or on a malicious web page, allowing the attacker to execute code in the context of the current user. \n \nOther important vulnerabilities: \n\n\n * [CVE-2018-8265](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265>)\n * [CVE-2018-8330](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330>)\n * [CVE-2018-8472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8472>)\n * [CVE-2018-8481](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8481>)\n * [CVE-2018-8482](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8482>)\n * [CVE-2018-8486](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8486>)\n * [CVE-2018-8493](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493>)\n * [CVE-2018-8506](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506>)\n * [CVE-2018-8527](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527>)\n * [CVE-2018-8530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8530>)\n * [CVE-2018-8531](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8531>)\n * [CVE-2018-8532](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8532>)\n \n**Moderate vulnerabilities** \n \nOf the two moderate vulnerabilities disclosed by Microsoft, Talos believes one is worth highlighting. \n \n[CVE-2010-3190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190>) is a remote code execution vulnerability in the way that certain applications built using Microsoft Foundation Classes handle the loading of DLL files. An attacker could take complete control of an affected system by exploiting this vulnerability. At the time this bug was first disclosed, Exchange Server was not identified as an in-scope product, which is why this release highlights a flaw from 2010. \n \nThe other moderate vulnerability is [CVE-2018-8533](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533>). \n \n**Low vulnerability** \n \nThere is also one low-rated vulnerability, which Talos wishes to highlight. \n \n[CVE-2018-8503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8503>) is a remote code execution vulnerability in the way that Chakra scripting engine handles objects in memory in the Microsoft Edge web browser. An attacker needs to convince a user to visit a malicious website or malicious content on a web page that allows user-created content or advertisements in order to exploit this bug. \n \n**Coverage** \n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: [48045 - 48057, 48058 - 48060, 48062, 48063, 48072, 48073](<https://snort.org/advisories/talos-rules-2018-10-09>)\n\n![](http://feeds.feedburner.com/~r/feedburner/Talos/~4/cH-SgNBr69E)", "cvss3": {}, "published": "2018-10-09T11:38:00", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 October 18: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2010-3190", "CVE-2018-8265", "CVE-2018-8320", "CVE-2018-8329", "CVE-2018-8330", "CVE-2018-8333", "CVE-2018-8411", "CVE-2018-8413", "CVE-2018-8423", "CVE-2018-8427", "CVE-2018-8432", "CVE-2018-8448", "CVE-2018-8453", "CVE-2018-8460", "CVE-2018-8472", "CVE-2018-8473", "CVE-2018-8480", "CVE-2018-8481", "CVE-2018-8482", "CVE-2018-8484", "CVE-2018-8486", "CVE-2018-8488", "CVE-2018-8489", "CVE-2018-8490", "CVE-2018-8491", "CVE-2018-8492", "CVE-2018-8493", "CVE-2018-8494", "CVE-2018-8495", "CVE-2018-8497", "CVE-2018-8498", "CVE-2018-8500", "CVE-2018-8501", "CVE-2018-8502", "CVE-2018-8503", "CVE-2018-8504", "CVE-2018-8505", "CVE-2018-8506", "CVE-2018-8509", "CVE-2018-8510", "CVE-2018-8511", "CVE-2018-8512", "CVE-2018-8513", "CVE-2018-8518", "CVE-2018-8527", "CVE-2018-8530", "CVE-2018-8531", "CVE-2018-8532", "CVE-2018-8533"], "modified": "2018-10-10T13:42:32", "id": "TALOSBLOG:1F1CE534E194C1DFF1B73DAD241A07B6", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/cH-SgNBr69E/ms-tuesday.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}