Lucene search

K
mskbMicrosoftKB4466388
HistoryNov 14, 2018 - 12:00 a.m.

Description of the security update for the Windows COM elevation of privilege vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: November 13, 2018

2018-11-1400:00:00
Microsoft
support.microsoft.com
99
windows security update
com vulnerability
elevation of privilege
scanner
serial devices
windows update
microsoft update catalog
language packs
restart
file information

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.015

Percentile

87.5%

Description of the security update for the Windows COM elevation of privilege vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: November 13, 2018

Summary

An elevation of privilege exists in Windows COM Aggregate Marshaler. An elevation of privilege vulnerability exists when Windows does not validate input correctly before it loads type libraries.

To learn more about the vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):

  • CVE-2017-0213
  • CVE-2017-0214

Fixes that are included in this security update

  • Addresses an issue in which some scanners and serial devices may stop working after security update 4074852 is applied.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website. Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

More information

Prerequisites

There are no prerequisites for installing this update.

Restart information

You may have to restart the computer after you apply this update.

Update replacement information

This update doesn’t replace a previously released update.

More information

How to obtain help and support for this security update

Help for installing updates: Protect yourself online

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File Information

File hash information

File name SHA1 hash SHA256 hash
WindowsXP-KB4466388-x86-Embedded-ENU.exe A55F6E9011156548AB9722DE332F609B17B415D0 A742F8B84FF530CC7A0205B629C9677352EA85B258DE020224AC6D9E279A8A02
Windows XP

x86 Windows XP

File name File version File size Date Time Platform SP requirement Service branch
Kernel32.dll 5.1.2600.7593 993,792 06-Nov-2018 22:52 x86 SP3 SP3QFE
Ntdll.dll 5.1.2600.7593 720,384 06-Nov-2018 22:52 x86 SP3 SP3QFE
Ole32.dll 5.1.2600.7593 1,299,968 06-Nov-2018 06:52 x86 SP3 SP3QFE
Oleaut32.dll 5.1.2600.7593 563,200 06-Nov-2018 22:52 x86 SP3 SP3QFE
Rpcss.dll 5.1.2600.7593 404,480 06-Nov-2018 22:52 x86 SP3 SP3QFE
Updspapi.dll 6.3.13.0 382,840 01-Feb-2018 21:28 x86 None Not applicable

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.015

Percentile

87.5%