Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4467700
HistoryNov 13, 2018 - 8:00 a.m.

November 13, 2018—KB4467700 (Security-only update)

2018-11-1308:00:00
Microsoft
support.microsoft.com
44

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

November 13, 2018—KB4467700 (Security-only update)

Improvements and fixes

This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
  • Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Wireless Networking , and Windows Kernel.
    For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

Symptom Workaround
After installing this update, users may not be able to use the Seek Bar in Windows Media Player when playing specific files. This issue does not affect normal playback. This issue is resolved in KB4471319.

How to get this update

This update is now available for installation through WSUS. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4467700.

Related

mskb 16
nessus 59
kaspersky 2
openvas 27
qualysblog 1
symantec 7
mscve 10
cve 10
prion 10
checkpoint_advisories 7
zdi 2
securelist 1
attackerkb 1
cisa_kev 1
exploitpack 1
packetstorm 1
zdt 2
krebs 1
exploitdb 1
suse 9
oraclelinux 6
osv 1
debian 2
ibm 1
debiancve 1
amazon 2
redhat 13
centos 1
mageia 1
cloudfoundry 1
threatpost 1
mskb
mskb
November 13, 2018—KB4467706 (Monthly Rollup)
2018-11-13 08:00:00
November 13, 2018—KB4467106 (Security-only update)
2018-11-13 08:00:00
November 13, 2018—KB4467678 (Security-only update)
2018-11-13 08:00:00
nessus
nessus
KB4467700: Windows Server 2008 November 2018 Security Update
2018-11-13 00:00:00
KB4467106: Windows 7 and Windows Server 2008 R2 November 2018 Security Update
2018-11-13 00:00:00
KB4467678: Windows Server 2012 November 2018 Security Update
2018-11-13 00:00:00
kaspersky
kaspersky
KLA11898 Multiple vulnerabilities in Microsoft Products (ESU)
2018-11-13 00:00:00
KLA11354 Multiple vulnerabilities in Microsoft Windows
2018-11-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4467107)
2018-11-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4467697)
2018-11-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4467691)
2018-11-14 00:00:00
qualysblog
qualysblog
November 2018 Patch Tuesday – 62 Vulns, TFTP Server RCE, Adobe PoC
2018-11-13 18:46:17
symantec
symantec
Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8589 Local Privilege Escalation Vulnerability
2018-11-13 00:00:00
Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8565 Local Information Disclosure Vulnerability
2018-11-13 00:00:00
Microsoft Windows MSRPC CVE-2018-8407 Local Information Disclosure Vulnerability
2018-11-13 00:00:00
mscve
mscve
Windows Remote Procedure Call Information Disclosure Vulnerability
2018-11-13 08:00:00
Windows Win32k Elevation of Privilege Vulnerability
2018-11-13 08:00:00
Windows Kernel Information Disclosure Vulnerability
2018-11-13 08:00:00
cve
cve
CVE-2018-8407
2018-11-14 01:29:00
CVE-2018-8565
2018-11-14 01:29:00
CVE-2018-8589
2018-11-14 01:29:00
prion
prion
Remote code execution
2018-11-14 01:29:00
Information disclosure
2018-11-14 01:29:00
Privilege escalation
2018-11-14 01:29:00
checkpoint_advisories
checkpoint_advisories
Microsoft Graphics Components Remote Code Execution (CVE-2018-8553)
2018-11-13 00:00:00
Microsoft Windows Win32k Elevation of Privilege (CVE-2018-8589)
2018-11-13 00:00:00
Microsoft Windows Kernel Information Disclosure (CVE-2018-8408)
2018-11-13 00:00:00
zdi
zdi
Microsoft Windows NtGdiExtTextOutW Out-Of-Bounds Write Privilege Escalation Vulnerability
2018-11-21 00:00:00
Microsoft Windows VBScript Class_Terminate Scripting.Dictionary Use-After-Free Remote Code Execution Vulnerability
2018-11-21 00:00:00
securelist
securelist
A new exploit for zero-day vulnerability CVE-2018-8589
2018-11-14 07:00:38
attackerkb
attackerkb
CVE-2018-8589
2018-11-14 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-05-23 00:00:00
exploitpack
exploitpack
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
2018-11-20 00:00:00
packetstorm
packetstorm
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
2018-11-30 00:00:00
zdt
zdt
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
2018-12-01 00:00:00
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Exploit
2018-11-20 00:00:00
krebs
krebs
Patch Tuesday, November 2018 Edition
2018-11-14 13:25:13
exploitdb
exploitdb
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
2018-11-20 00:00:00
suse
suse
Security update for kernel-firmware (important)
2018-01-05 18:09:20
Security update for various KMPs (important)
2018-03-20 00:07:10
Security update for microcode_ctl (important)
2018-01-04 06:08:52
oraclelinux
oraclelinux
microcode_ctl security update
2018-01-04 00:00:00
microcode_ctl security update
2018-01-21 00:00:00
libvirt security update
2018-01-05 00:00:00
osv
osv
CVE-2017-5715
2018-01-04 13:29:00
debian
debian
[SECURITY] [DLA 2148-1] amd64-microcode security update
2020-03-20 19:55:40
[SECURITY] [DSA 4179-1] linux-tools security update
2018-04-24 13:15:06
ibm
ibm
Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to the vulnerability known as Spectre (CVE-2017-5715)
2023-04-18 18:22:18
debiancve
debiancve
CVE-2017-5715
2018-01-04 13:29:00
amazon
amazon
Important: microcode_ctl
2018-02-07 18:54:00
Important: qemu-kvm
2018-01-12 21:24:00
redhat
redhat
(RHSA-2018:0110) Important: libvirt security update
2018-01-22 10:06:03
(RHSA-2018:0060) Important: qemu-kvm-rhev security update
2018-01-05 18:11:14
(RHSA-2018:0059) Important: qemu-kvm-rhev security update
2018-01-05 18:11:09
centos
centos
microcode_ctl security update
2018-01-04 19:41:20
mageia
mageia
Updated microcode packages fix security vulnerabilities
2018-01-13 17:28:36
cloudfoundry
cloudfoundry
USN-3690-2: AMD Microcode regression | Cloud Foundry
2018-07-19 00:00:00
threatpost
threatpost
Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support
2018-04-04 15:18:47

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for KB4467700
mskb16nessus59kaspersky2openvas27qualysblog1symantec7mscve10cve10prion10checkpoint_advisories7zdi2securelist1attackerkb1cisa_kev1exploitpack1packetstorm1zdt2krebs1exploitdb1suse9oraclelinux6osv1debian2ibm1debiancve1amazon2redhat13centos1mageia1cloudfoundry1threatpost1