Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4087398
HistoryMar 13, 2018 - 7:00 a.m.

Description of the security update for the Windows Installer elevation of privilege Vulnerability in Windows Server 2008 and WES09 and POSReady 2009: March 13, 2018

2018-03-1307:00:00
Microsoft
support.microsoft.com
19

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

Description of the security update for the Windows Installer elevation of privilege Vulnerability in Windows Server 2008 and WES09 and POSReady 2009: March 13, 2018

Summary

An elevation of privilege vulnerability exists in Windows Installer when the Installer fails to properly sanitize input, leading to insecure library loading behavior.

To learn more about the vulnerability, go to CVE-2018-0868.

More Information

Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, see the following article in the Microsoft Knowledge Base:Security update deployment information: March 13, 2018

More Information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Windows Server 2008 file information

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4087398-ia64.msu 2D672C5563FFF0DB2E2C074CB994204ADA894E1A 6A671D7F0B3CA2CA420D37419648856E21359C2722F22A39799815A43329C1D4
Windows6.0-KB4087398-x86.msu 44D44B3A5DDC8CDF5DA8944DE709172B7CD6C419 3557BEE6D4F850C7A351EC4B5D9F1E16CACBC2C5678FFF6AB1E50BD5C30E33D6
Windows6.0-KB4087398-x64.msu 9A671C5D4882B7772B1D8B85A48E7E94539F9737 379A91B9081C233FE5BC2D62C88362C994F161C06F1228D635B9B4974E4F3C48

For all supported ia64-based versions

File name File version File size Date Time Platform
Appinfo.dll 6.0.6002.24299 90,624 03-Feb-2018 15:25 IA-64
Authui.dll.mui 6.0.6002.24299 11,264 03-Feb-2018 17:03 Not applicable
Authui.dll.mui 6.0.6002.24299 11,776 03-Feb-2018 17:16 Not applicable
Authui.dll.mui 6.0.6002.24299 14,336 03-Feb-2018 16:57 Not applicable
Authui.dll.mui 6.0.6002.24299 14,848 03-Feb-2018 17:12 Not applicable
Authui.dll.mui 6.0.6002.24299 20,480 03-Feb-2018 16:44 Not applicable
Authui.dll.mui 6.0.6002.24299 20,480 03-Feb-2018 16:43 Not applicable
Authui.dll.mui 6.0.6002.24299 21,504 03-Feb-2018 15:27 Not applicable
Authui.dll.mui 6.0.6002.24299 24,576 03-Feb-2018 16:41 Not applicable
Authui.dll.mui 6.0.6002.24299 24,576 03-Feb-2018 16:47 Not applicable
Authui.dll.mui 6.0.6002.24299 26,112 03-Feb-2018 17:04 Not applicable
Authui.dll.mui 6.0.6002.24299 26,112 03-Feb-2018 17:05 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 15:50 Not applicable
Authui.dll.mui 6.0.6002.24299 36,864 03-Feb-2018 16:37 Not applicable
Authui.dll.mui 6.0.6002.24299 36,864 03-Feb-2018 16:47 Not applicable
Authui.dll 6.0.6002.24299 1,993,728 03-Feb-2018 15:46 x86
Authui.dll 6.0.6002.24299 2,951,680 03-Feb-2018 15:25 IA-64
Consent.exe 6.0.6002.24299 133,120 03-Feb-2018 15:01 IA-64
Msi.dll 4.5.6002.24299 2,267,648 03-Feb-2018 15:47 x86
Msi.dll 4.5.6002.24299 5,999,616 03-Feb-2018 15:25 IA-64
Msiexec.exe 4.5.6002.24299 237,568 03-Feb-2018 15:01 IA-64
Msiexec.exe 4.5.6002.24299 73,216 03-Feb-2018 14:53 x86
Msihnd.dll 4.5.6002.24299 1,085,952 03-Feb-2018 15:25 IA-64
Msihnd.dll 4.5.6002.24299 332,800 03-Feb-2018 15:47 x86
Msimsg.dll 4.5.6002.24299 2,560 03-Feb-2018 15:00 IA-64
Msimsg.dll 4.5.6002.24299 2,560 03-Feb-2018 14:53 x86

For all supported x86-based versions

File name File version File size Date Time Platform
Appinfo.dll 6.0.6002.24299 33,280 03-Feb-2018 15:46 x86
Authui.dll.mui 6.0.6002.24299 20,480 03-Feb-2018 16:44 Not applicable
Authui.dll.mui 6.0.6002.24299 20,480 03-Feb-2018 16:43 Not applicable
Authui.dll.mui 6.0.6002.24299 24,576 03-Feb-2018 16:41 Not applicable
Authui.dll.mui 6.0.6002.24299 24,576 03-Feb-2018 16:47 Not applicable
Authui.dll.mui 6.0.6002.24299 28,672 03-Feb-2018 16:44 Not applicable
Authui.dll.mui 6.0.6002.24299 28,672 03-Feb-2018 16:49 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:37 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:46 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:36 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 15:50 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:45 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:35 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:50 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:51 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:52 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:47 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:39 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:40 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:38 Not applicable
Authui.dll.mui 6.0.6002.24299 36,864 03-Feb-2018 16:37 Not applicable
Authui.dll.mui 6.0.6002.24299 36,864 03-Feb-2018 16:38 Not applicable
Authui.dll.mui 6.0.6002.24299 36,864 03-Feb-2018 16:47 Not applicable
Authui.dll 6.0.6002.24299 1,993,728 03-Feb-2018 15:46 x86
Consent.exe 6.0.6002.24299 82,432 03-Feb-2018 14:54 x86
Msi.dll 4.5.6002.24299 2,267,648 03-Feb-2018 15:47 x86
Msiexec.exe 4.5.6002.24299 73,216 03-Feb-2018 14:53 x86
Msihnd.dll 4.5.6002.24299 332,800 03-Feb-2018 15:47 x86
Msimsg.dll 4.5.6002.24299 2,560 03-Feb-2018 14:53 x86

For all supported x64-based versions

File name File version File size Date Time Platform
Appinfo.dll 6.0.6002.24299 45,056 03-Feb-2018 15:34 x64
Authui.dll.mui 6.0.6002.24299 11,264 03-Feb-2018 16:52 Not applicable
Authui.dll.mui 6.0.6002.24299 11,776 03-Feb-2018 16:55 Not applicable
Authui.dll.mui 6.0.6002.24299 14,336 03-Feb-2018 16:54 Not applicable
Authui.dll.mui 6.0.6002.24299 14,848 03-Feb-2018 16:59 Not applicable
Authui.dll.mui 6.0.6002.24299 18,944 03-Feb-2018 17:00 Not applicable
Authui.dll.mui 6.0.6002.24299 20,480 03-Feb-2018 16:44 Not applicable
Authui.dll.mui 6.0.6002.24299 20,480 03-Feb-2018 16:43 Not applicable
Authui.dll.mui 6.0.6002.24299 20,992 03-Feb-2018 16:48 Not applicable
Authui.dll.mui 6.0.6002.24299 21,504 03-Feb-2018 15:38 Not applicable
Authui.dll.mui 6.0.6002.24299 21,504 03-Feb-2018 16:48 Not applicable
Authui.dll.mui 6.0.6002.24299 22,528 03-Feb-2018 16:47 Not applicable
Authui.dll.mui 6.0.6002.24299 22,528 03-Feb-2018 16:50 Not applicable
Authui.dll.mui 6.0.6002.24299 22,528 03-Feb-2018 16:45 Not applicable
Authui.dll.mui 6.0.6002.24299 22,528 03-Feb-2018 16:58 Not applicable
Authui.dll.mui 6.0.6002.24299 22,528 03-Feb-2018 16:43 Not applicable
Authui.dll.mui 6.0.6002.24299 22,528 03-Feb-2018 16:56 Not applicable
Authui.dll.mui 6.0.6002.24299 22,528 03-Feb-2018 16:55 Not applicable
Authui.dll.mui 6.0.6002.24299 23,040 03-Feb-2018 16:57 Not applicable
Authui.dll.mui 6.0.6002.24299 23,040 03-Feb-2018 16:51 Not applicable
Authui.dll.mui 6.0.6002.24299 23,040 03-Feb-2018 16:52 Not applicable
Authui.dll.mui 6.0.6002.24299 23,552 03-Feb-2018 16:47 Not applicable
Authui.dll.mui 6.0.6002.24299 23,552 03-Feb-2018 17:02 Not applicable
Authui.dll.mui 6.0.6002.24299 23,552 03-Feb-2018 16:45 Not applicable
Authui.dll.mui 6.0.6002.24299 23,552 03-Feb-2018 16:44 Not applicable
Authui.dll.mui 6.0.6002.24299 23,552 03-Feb-2018 16:54 Not applicable
Authui.dll.mui 6.0.6002.24299 23,552 03-Feb-2018 16:53 Not applicable
Authui.dll.mui 6.0.6002.24299 24,064 03-Feb-2018 16:46 Not applicable
Authui.dll.mui 6.0.6002.24299 24,064 03-Feb-2018 16:57 Not applicable
Authui.dll.mui 6.0.6002.24299 24,064 03-Feb-2018 16:47 Not applicable
Authui.dll.mui 6.0.6002.24299 24,064 03-Feb-2018 16:48 Not applicable
Authui.dll.mui 6.0.6002.24299 24,064 03-Feb-2018 16:43 Not applicable
Authui.dll.mui 6.0.6002.24299 24,576 03-Feb-2018 16:49 Not applicable
Authui.dll.mui 6.0.6002.24299 24,576 03-Feb-2018 16:41 Not applicable
Authui.dll.mui 6.0.6002.24299 24,576 03-Feb-2018 16:47 Not applicable
Authui.dll.mui 6.0.6002.24299 25,088 03-Feb-2018 16:48 Not applicable
Authui.dll.mui 6.0.6002.24299 26,112 03-Feb-2018 16:48 Not applicable
Authui.dll.mui 6.0.6002.24299 26,112 03-Feb-2018 16:57 Not applicable
Authui.dll.mui 6.0.6002.24299 27,136 03-Feb-2018 16:49 Not applicable
Authui.dll.mui 6.0.6002.24299 28,672 03-Feb-2018 16:44 Not applicable
Authui.dll.mui 6.0.6002.24299 28,672 03-Feb-2018 16:49 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:37 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:46 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:36 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 15:50 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:45 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:35 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:50 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:51 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:52 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:47 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:39 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:40 Not applicable
Authui.dll.mui 6.0.6002.24299 32,768 03-Feb-2018 16:38 Not applicable
Authui.dll.mui 6.0.6002.24299 36,864 03-Feb-2018 16:37 Not applicable
Authui.dll.mui 6.0.6002.24299 36,864 03-Feb-2018 16:38 Not applicable
Authui.dll.mui 6.0.6002.24299 36,864 03-Feb-2018 16:47 Not applicable
Authui.dll 6.0.6002.24299 1,993,728 03-Feb-2018 15:46 x86
Authui.dll 6.0.6002.24299 2,280,960 03-Feb-2018 15:34 x64
Consent.exe 6.0.6002.24299 87,552 03-Feb-2018 15:06 x64
Msi.dll 4.5.6002.24299 2,267,648 03-Feb-2018 15:47 x86
Msi.dll 4.5.6002.24299 3,143,168 03-Feb-2018 15:34 x64
Msiexec.exe 4.5.6002.24299 125,952 03-Feb-2018 15:06 x64
Msiexec.exe 4.5.6002.24299 73,216 03-Feb-2018 14:53 x86
Msihnd.dll 4.5.6002.24299 332,800 03-Feb-2018 15:47 x86
Msihnd.dll 4.5.6002.24299 503,296 03-Feb-2018 15:34 x64
Msimsg.dll 4.5.6002.24299 2,560 03-Feb-2018 15:05 x64
Msimsg.dll 4.5.6002.24299 2,560 03-Feb-2018 14:53 x86

Windows XP file information

File hash information

File name SHA1 hash SHA256 hash
WindowsXP-KB4087398-x86-Embedded-ENU.exe A20BCE534494DB1303EFEFF6F2ABAE8CB15F4861 009EE613EA96082999B990B67EC6B9E877704D7EAA157CD1AF2CB380C80AF830

For all supported x86-based versions

File name File version File size Date Time Platform SP requirement Service branch
Msi.dll 4.5.6002.24298 4,471,808 09-Feb-2018 08:26 x86 SP3 SP3QFE
Msiexec.exe 4.5.6002.23731 96,256 07-Feb-2018 15:30 x86 SP3 SP3QFE
Msihnd.dll 4.5.6002.23415 332,800 09-Feb-2018 08:26 x86 SP3 SP3QFE
Updspapi.dll 6.3.13.0 382,840 16-May-2014 03:08 x86 None Not applicable

Related

cve 1
mscve 1
nvd 1
prion 1
cvelist 1
symantec 1
mskb 11
nessus 9
kaspersky 2
openvas 6
trendmicroblog 1
talosblog 1
cve
cve
CVE-2018-0868
2018-03-14 17:29:00
mscve
mscve
Windows Installer Elevation of Privilege Vulnerability
2018-03-13 07:00:00
nvd
nvd
CVE-2018-0868
2018-03-14 17:29:00
prion
prion
Privilege escalation
2018-03-14 17:29:00
cvelist
cvelist
CVE-2018-0868
2018-03-14 17:00:00
symantec
symantec
Microsoft Windows Installer CVE-2018-0868 DLL Loading Local Privilege Escalation Vulnerability
2018-03-13 00:00:00
mskb
mskb
March 13, 2018—KB4088879 (Security-only update)
2018-03-13 07:00:00
March 13, 2018—KB4088880 (Security-only update)
2018-03-13 07:00:00
March 13, 2018—KB4088878 (Security-only update)
2018-03-13 07:00:00
nessus
nessus
Security Updates for Windows Server 2008 (March 2018)
2018-03-13 00:00:00
KB4088880: Windows Server 2012 March 2018 Security Update (Meltdown)(Spectre)
2018-03-13 00:00:00
KB4088879: Windows 8.1 and Windows Server 2012 R2 March 2018 Security Update (Meltdown)(Spectre)
2018-03-13 00:00:00
kaspersky
kaspersky
KLA11778 Multiple vulnerabilities in Microsoft Products (ESU)
2018-03-13 00:00:00
KLA11207 Multiple vulnerabilities in Microsoft Windows
2018-03-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4088876)
2018-03-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4088875)
2018-03-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4088786)
2018-03-14 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018
2018-03-16 15:14:43
talosblog
talosblog
Microsoft Patch Tuesday - March 2018
2018-03-13 14:38:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON
Related for KB4087398
cve1mscve1nvd1prion1cvelist1symantec1mskb11nessus9kaspersky2openvas6trendmicroblog1talosblog1