Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4074587
HistoryFeb 13, 2018 - 8:00 a.m.

February 13, 2018—KB4074587 (Security-only update)

2018-02-1308:00:00
Microsoft
support.microsoft.com
50

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

February 13, 2018—KB4074587 (Security-only update)

Improvements and fixes

This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Security updates to Windows Graphics, Windows Kernel, Common Log File System driver, Microsoft Windows Search component, and Windows storage and file systems.
    For more information about the resolved security vulnerabilities, see the Security Update Guide.

Notes

ImportantPlease apply KB4100480 immediately after applying this update. KB4100480 resolves an elevation of privilege vulnerability in the Windows Kernel for the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038.

Known issues in this update

Symptom Workaround
Because of an issue that affects some versions of antivirus software, this fix is being applied only to the computers on which the antivirus ISV have updated the ALLOW REGKEY.
This issue is resolved in KB4093108. You no longer need the following ALLOW REGKEY to detect and be offered this update: HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc
After installing KB4056897 or any other recent monthly updates, SMB servers may experience a memory leak for some scenarios. This occurs when the requested path traverses a symbolic link, mount point, or directory junction and the registry key is set to 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanManServer\Parameters\EnableEcp This issue is resolved in KB4103718.

How to get this update

This update is now available for installation through WSUS. To get the standalone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4074587.

Related

mskb 25
openvas 9
kaspersky 3
nessus 10
cve 20
cvelist 20
prion 20
trendmicroblog 1
talosblog 1
symantec 15
mscve 16
zdi 4
zdt 1
cert 1
qualysblog 4
checkpoint_advisories 9
cisa 1
threatpost 3
seebug 1
thn 2
googleprojectzero 1
mskb
mskb
February 13, 2018—KB4074589 (Security-only update)
2018-02-13 08:00:00
February 13, 2018—KB4074598 (Monthly Rollup)
2018-02-13 08:00:00
February 13, 2018—KB4074593 (Monthly Rollup)
2018-02-13 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4074598)
2018-02-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4074594)
2018-02-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4074596)
2018-02-14 00:00:00
kaspersky
kaspersky
KLA11200 Multiple vulnerabilties in Microsoft Products (ESU)
2018-02-13 00:00:00
KLA11195 Multiple vulnerabilities in Microsoft Windows
2018-02-13 00:00:00
KLA11219 PE vulnerability in Microsoft Products (ESU)
2018-03-29 00:00:00
nessus
nessus
Security Updates for Windows Server 2008 (February 2018)
2018-02-14 00:00:00
KB4074587: Windows 7 and Windows Server 2008 R2 February 2018 Security Update
2018-02-13 00:00:00
KB4074589: Windows Server 2012 February 2018 Security Update
2018-02-13 00:00:00
cve
cve
CVE-2018-0760
2018-02-15 02:29:00
CVE-2018-0855
2018-02-15 02:29:00
CVE-2018-0755
2018-02-15 02:29:00
cvelist
cvelist
CVE-2018-0855
2018-02-13 00:00:00
CVE-2018-0755
2018-02-13 00:00:00
CVE-2018-0760
2018-02-13 00:00:00
prion
prion
Information disclosure
2018-02-15 02:29:00
Information disclosure
2018-02-15 02:29:00
Information disclosure
2018-02-15 02:29:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 12, 2018
2018-02-16 13:00:28
talosblog
talosblog
Microsoft Patch Tuesday - February 2018
2018-02-13 13:26:00
symantec
symantec
Microsoft Windows CVE-2018-0855 Information Disclosure Vulnerability
2018-02-13 00:00:00
Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
2018-02-13 00:00:00
Microsoft Windows CVE-2018-0761 Information Disclosure Vulnerability
2018-02-13 00:00:00
mscve
mscve
Windows EOT Font Engine Information Disclosure Vulnerability
2018-02-13 08:00:00
Windows Kernel Elevation of Privilege Vulnerability
2018-03-29 07:00:00
Windows Kernel Elevation of Privilege Vulnerability
2018-02-13 08:00:00
zdi
zdi
Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability
2018-03-19 00:00:00
Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability
2018-02-27 00:00:00
Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability
2018-02-21 00:00:00
zdt
zdt
Windows - Local Privilege Escalation Exploit
2018-05-03 00:00:00
cert
cert
Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed
2018-03-29 00:00:00
qualysblog
qualysblog
A “Patch for the Meltdown Patch” released out of band Thursday night
2018-03-30 19:05:27
February Patch Tuesday – 55 Microsoft vulnerabilities patched, 45 for Adobe
2018-02-13 19:38:14
Microsoft Misfires with Meltdown Patch, while WannaCry Pops Up at Boeing
2018-04-02 18:02:51
checkpoint_advisories
checkpoint_advisories
Microsoft Windows EOT Font Engine Information Disclosure (CVE-2018-0855)
2018-02-19 00:00:00
Microsoft StructuredQuery Remote Code Execution (CVE-2018-0825)
2018-02-13 00:00:00
Microsoft Windows Remote Code Execution (CVE-2018-0842)
2018-02-13 00:00:00
cisa
cisa
Microsoft Release Patch for Windows 7 and Windows Server 2008 R2 Systems
2018-03-29 00:00:00
threatpost
threatpost
Microsoft Fixes Bad Patch That Left Win7, Server 2008 Open to Attack
2018-03-30 18:51:48
Two Nasty Outlook Bugs Fixed in Microsoft’s Feb. Patch Tuesday Update
2018-02-13 17:01:19
Microsoft Fixes 66 Bugs in April Patch Tuesday Release
2018-04-10 21:16:16
seebug
seebug
Windows Kernel 64-bit stack memory disclosure in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback)(CVE-2018-0810)
2018-02-24 00:00:00
thn
thn
Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure
2018-03-29 14:36:00
Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities
2018-02-14 08:28:00
googleprojectzero
googleprojectzero
Taking a page from the kernel's book: A TLB issue in mremap()
2019-01-17 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for KB4074587
mskb25openvas9kaspersky3nessus10cve20cvelist20prion20trendmicroblog1talosblog1symantec15mscve16zdi4zdt1cert1qualysblog4checkpoint_advisories9cisa1threatpost3seebug1thn2googleprojectzero1