Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4034044
HistoryFeb 13, 2018 - 8:00 a.m.

Description of the security update for the Windows scripting engine vulnerability in Windows Server 2008, WES09, and POSReady 2009: February 13, 2018

2018-02-1308:00:00
Microsoft
support.microsoft.com
18

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

Description of the security update for the Windows scripting engine vulnerability in Windows Server 2008, WES09, and POSReady 2009: February 13, 2018

Summary

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.

To learn about the vulnerability, go to CVE-2018-0847.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: February 13, 2018

More Information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Server 2008 file information

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File Information for Windows Server 2008

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4034044-x86.msu 68DFD65A2B83F244E3B5ADF7B2E3D54015A22C56 62F015BD0138DBE3FC5DDFA95F23E7C6EF29039FEEC82F46668A33343B9A1F3C
Windows6.0-KB4034044-ia64.msu B530830671D98053DF0C0981D6F3392644A1D142 15A4C614F1FF8FD74C152F107FF5155CD213A5D51F655E06C390D160359DE70B
Windows6.0-KB4034044-x64.msu 1C814CE5DE4FB87E4706DDD85FC9B961136BC590 C98B44D03572C0B127E8040DC19F896033D96D53B45E918267412329740049F3

For all supported x86-based versions

File name File version File size Date Time Platform
Cdosys.dll 6.6.6002.24282 805,888 12-Jan-2018 15:46 x86
Msado60.tlb 6.0.6002.24282 73,728 12-Jan-2018 14:57 Not applicable
Msado15.dll 6.0.6002.24282 737,280 12-Jan-2018 15:46 x86

For all supported ia64-based versions

File name File version File size Date Time Platform
Cdosys.dll 6.6.6002.24282 2,118,144 12-Jan-2018 15:23 IA-64
Msado60.tlb 6.0.6002.24282 73,728 12-Jan-2018 15:07 Not applicable
Msado15.dll 6.0.6002.24282 1,904,640 12-Jan-2018 15:23 IA-64
Cdosys.dll 6.6.6002.24282 805,888 12-Jan-2018 15:46 x86
Msado60.tlb 6.0.6002.24282 73,728 12-Jan-2018 14:57 Not applicable
Msado15.dll 6.0.6002.24282 737,280 12-Jan-2018 15:46 x86

For all supported x64-based versions

File name File version File size Date Time Platform
Cdosys.dll 6.6.6002.24282 1,151,488 12-Jan-2018 15:36 x64
Msado60.tlb 6.0.6002.24282 73,728 12-Jan-2018 15:15 Not applicable
Msado15.dll 6.0.6002.24282 1,036,288 12-Jan-2018 15:36 x64
Cdosys.dll 6.6.6002.24282 805,888 12-Jan-2018 15:46 x86
Msado60.tlb 6.0.6002.24282 73,728 12-Jan-2018 14:57 Not applicable
Msado15.dll 6.0.6002.24282 737,280 12-Jan-2018 15:46 x86

File Information for WES09, and POSReady

File hash information

File name SHA1 hash SHA256 hash
WindowsXP-KB4034044-x86-Embedded-ENU.exe 2EED2F8234CF7D6326ECE957D4309979FAF9D84A AB1C9456250311056558E7602454E7A9B67D7DA201C256DA5C803E72DC501F84
WES09, and POSReady file information

For all supported x86-based versions

File name File version File size Date Time Platform SP requirement Service branch
Msado15.dll 2.81.3015.0 565,248 11-Feb-2018 02:13 x86 SP3 SP3QFE
Msado28.tlb 2.81.3015.0 81,920 10-Feb-2018 06:35 Not applicable SP3 SP3QFE
Updspapi.dll 6.3.13.0 382,840 16-May-2014 03:08 x86 None Not applicable

Related

prion 1
cve 1
symantec 1
cvelist 1
nvd 1
mscve 1
thn 1
nessus 9
mskb 11
openvas 7
kaspersky 2
trendmicroblog 1
talosblog 1
prion
prion
Information disclosure
2018-02-15 02:29:00
cve
cve
CVE-2018-0847
2018-02-15 02:29:03
symantec
symantec
Microsoft Windows Scripting Engine CVE-2018-0847 Information Disclosure Vulnerability
2018-02-13 00:00:00
cvelist
cvelist
CVE-2018-0847
2018-02-15 02:00:00
nvd
nvd
CVE-2018-0847
2018-02-15 02:29:03
mscve
mscve
Windows Scripting Engine Memory Corruption Vulnerability
2018-02-13 08:00:00
thn
thn
Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities
2018-02-14 08:28:00
nessus
nessus
Security Updates for Windows Server 2008 (February 2018)
2018-02-14 00:00:00
KB4074597: Windows 8.1 and Windows Server 2012 R2 February 2018 Security Update
2018-02-13 00:00:00
KB4074589: Windows Server 2012 February 2018 Security Update
2018-02-13 00:00:00
mskb
mskb
February 13, 2018β€”KB4074597 (Security-only update)
2018-02-13 08:00:00
February 13, 2018β€”KB4074589 (Security-only update)
2018-02-13 08:00:00
February 13, 2018β€”KB4074594 (Monthly Rollup)
2018-02-13 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4074594)
2018-02-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4074598)
2018-02-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4074596)
2018-02-14 00:00:00
kaspersky
kaspersky
KLA11200 Multiple vulnerabilties in Microsoft Products (ESU)
2018-02-13 00:00:00
KLA11195 Multiple vulnerabilities in Microsoft Windows
2018-02-13 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 12, 2018
2018-02-16 13:00:28
talosblog
talosblog
Microsoft Patch Tuesday - February 2018
2018-02-13 13:26:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON
Related for KB4034044
prion1cve1symantec1cvelist1nvd1mscve1thn1nessus9mskb11openvas7kaspersky2trendmicroblog1talosblog1