January 8, 2019—KB4480960 (Security-only update)

January 8, 2019—KB4480960 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution...

January 8, 2019—KB4480975 (Monthly Rollup)

January 8, 2019—KB4480975 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

January 8, 2019—KB4480957 (Security-only update)

January 8, 2019—KB4480957 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution...

KLA11394 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Windows Data...

KB4480116: Windows 10 Version 1809 and Windows Server 2019 January 2019 Security Update

The remote Windows host is missing security update 4480116. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...

The vulnerability of the Windows operating system is related to the insecure management of privileges, which allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Windows operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to disclose sensitive information through a specially created application...

The vulnerability of the Microsoft Windows operating system’s kernel, which allows a perpetrator to disclose protected information

The vulnerability of the Microsoft Windows operating system is related to improper handling of objects in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information through a specially created application...

The vulnerability of the Microsoft Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Microsoft Windows operating system is related to improper handling of objects in memory. Exploiting this vulnerability allows a local attacker to compromise the confidentiality of protected information through a specially created application...

Description of the security update for vulnerabilities in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: April 10, 2018

Description of the security update for vulnerabilities in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: April 10, 2018 Summary An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. To learn more about the vulnerability, go...

For more DirectX kernel vulnerability analysis-vulnerability warning-the black bar safety net

Operating systemthe kernel, is often every well-known vulnerability is the use of chain final goal. Throughout the years of Zero Day Initiative, ZDI）Pwn2Own contest relates to the vulnerability, in fact, it can be found in this law. For a long time, the Windows kernel has always been to attack th...

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack

Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant th...

Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)

Executive summary In October 2018, our AEP Automatic Exploit Prevention systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018. T...

CVE-2018-8637

An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization KASLR bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Window...

CVE-2018-8621

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622...

CVE-2018-8622

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows...

CVE-2018-8641

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019,...

CVE-2018-8637

An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization KASLR bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Window...

CVE-2018-8622

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows...

CVE-2018-8611

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server...

CVE-2018-8477

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012,...