Lucene search

K
mskbMicrosoftKB4056942
HistoryJan 03, 2018 - 8:00 a.m.

Description of the security update for the Microsoft Color Management information disclosure vulnerability in Windows Server 2008: January 3, 2018

2018-01-0308:00:00
Microsoft
support.microsoft.com
20

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6

Confidence

High

EPSS

0.007

Percentile

80.3%

Description of the security update for the Microsoft Color Management information disclosure vulnerability in Windows Server 2008: January 3, 2018

Summary

An information disclosure vulnerabilities exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosure does not allow arbitrary code execution. However, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

To learn more about the vulnerability, go to CVE-2018-0741.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

More Information

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:Security update deployment information: January 9, 2018
File information The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.Windows Server 2008 file information

Note: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File Information

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4056942-x64.msu 7FC0413BC5B4C22A95F971FBBC1635E3F4F7283D EA5D32B8CFA19290342390B30E5F0FBD88EE0FBEFC830C603BF25CF741236E3C
Windows6.0-KB4056942-x86.msu 05CE724B74F2F73A8814409001D02DFBF0F7E91C DB656811086E69580E11AC42859268866B873C9F4CA6D8B78920E3C78D3617AF
Windows6.0-KB4056942-ia64.msu D0D8D2253CB5134F7AFF42C9EE53EA456E79DA1E 9D27AE120851DF8287630B0614FCB5C923ED7E2C5371166EF139BDF412979724

For all supported x64-based versions

File name File version File size Date Time Platform
Icm32.dll 6.0.6002.24259 252,928 09-Dec-2017 01:03 x64
Mscms.dll 6.0.6002.24259 519,680 09-Dec-2017 01:03 x64
Wcspluginservice.dll 6.0.6002.24259 39,936 09-Dec-2017 01:04 x64
Icm32.dll 6.0.6002.24259 215,040 09-Dec-2017 01:15 x86
Mscms.dll 6.0.6002.24259 391,680 09-Dec-2017 01:15 x86
Wcspluginservice.dll 6.0.6002.24259 32,256 09-Dec-2017 01:15 x86

For all supported x86-based versions

File name File version File size Date Time Platform
Icm32.dll 6.0.6002.24259 215,040 09-Dec-2017 01:15 x86
Mscms.dll 6.0.6002.24259 391,680 09-Dec-2017 01:15 x86
Wcspluginservice.dll 6.0.6002.24259 32,256 09-Dec-2017 01:15 x86

For all supported ia64-based versions

File name File version File size Date Time Platform
Icm32.dll 6.0.6002.24259 772,608 09-Dec-2017 00:53 IA-64
Mscms.dll 6.0.6002.24259 1,190,400 09-Dec-2017 00:53 IA-64
Wcspluginservice.dll 6.0.6002.24259 80,896 09-Dec-2017 00:53 IA-64
Icm32.dll 6.0.6002.24259 215,040 09-Dec-2017 01:15 x86
Mscms.dll 6.0.6002.24259 391,680 09-Dec-2017 01:15 x86
Wcspluginservice.dll 6.0.6002.24259 32,256 09-Dec-2017 01:15 x86

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6

Confidence

High

EPSS

0.007

Percentile

80.3%