Lucene search

MicrosoftKB4463103

HistoryOct 09, 2018 - 12:00 a.m.

Description of the security update for the elevation of privilege vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: October 9, 2018

2018-10-0900:00:00

Microsoft

support.microsoft.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.7%

JSON

Description of the security update for the elevation of privilege vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: October 9, 2018

Summary

An elevation of privilege vulnerability exists when NTFS improperly checks access, and an information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.

To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website. ImportantIf you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

More Information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

How to obtain help and support for this security update

Help for installing updates: Protect yourself online

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 file information

File hash information

File name	SHA1 hash	SHA256 hash
WindowsXP-KB4463103-x86-Embedded-ENU.exe	1D7CC48A7F1902BDD5953A1AB980DB5832631339	FE0A2630CF2DA6D24DDA7163B2F67D77E2D6F79C52B256392F6A9FF708183EC2

For all supported x86-based versions

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Ntfs.sys	5.1.2600.7581	576,768	12-Sep-2018	16:58	x86	SP3	SP3QFE
Ntkrnlmp.exe	5.1.2600.7581	2,150,400	12-Sep-2018	17:01	x86	SP3	SP3QFE
Ntkrnlpa.exe	5.1.2600.7581	2,070,656	12-Sep-2018	16:45	x86	SP3	SP3QFE
Ntkrpamp.exe	5.1.2600.7581	2,029,056	12-Sep-2018	16:45	x86	SP3	SP3QFE
Ntoskrnl.exe	5.1.2600.7581	2,194,176	12-Sep-2018	17:02	x86	SP3	SP3QFE
Updspapi.dll	6.3.13.0	382,840	31-Jan-2018	03:26	x86	None	Not applicable