{"id": "SMNTC-103288", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Edge CVE-2018-0893 Remote Memory Corruption Vulnerability", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2018-03-13T00:00:00", "modified": "2018-03-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103288", "reporter": "Symantec Security Response", "references": ["https://github.com/Microsoft/ChakraCore"], "cvelist": ["CVE-2018-0893"], "lastseen": "2018-03-14T22:41:58", "viewCount": 0, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2018-03-14T22:41:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-0893"]}, {"type": "kaspersky", "idList": ["KLA11209"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_MAR_4088786.NASL", "SMB_NT_MS18_MAR_4088779.NASL", "SMB_NT_MS18_MAR_4088776.NASL", "SMB_NT_MS18_MAR_4088787.NASL", "SMB_NT_MS18_MAR_4088782.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812830", "OPENVAS:1361412562310812833", "OPENVAS:1361412562310812831"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:3C0A31CB90B8DCA65E7AB99FD0F23858"]}, {"type": "talosblog", "idList": ["TALOSBLOG:826AA3C41E62C22CF612479CB5D49D8B"]}], "modified": "2018-03-14T22:41:58", "rev": 2}, "vulnersScore": 7.8}, "affectedSoftware": []}

{"cve": [{"lastseen": "2021-02-02T06:52:22", "description": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-14T17:29:00", "title": "CVE-2018-0893", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0893"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2018-0893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0893", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2020-09-02T11:48:35", "bulletinFamily": "info", "cvelist": ["CVE-2018-0891", "CVE-2018-0925", "CVE-2018-0930", "CVE-2018-0931", "CVE-2018-0936", "CVE-2018-0879", "CVE-2018-0934", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0942", "CVE-2018-0889", "CVE-2018-0939", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0932", "CVE-2018-0876", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0929", "CVE-2018-0937"], "description": "### *Detect date*:\n03/13/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.\n\n### *Affected products*:\nChakraCore \nMicrosoft Edge (EdgeHTML-based) \nInternet Explorer 10 \nInternet Explorer 9 \nInternet Explorer 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-0872](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0872>) \n[CVE-2018-0873](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0873>) \n[CVE-2018-0874](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0874>) \n[CVE-2018-0876](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0876>) \n[CVE-2018-0879](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0879>) \n[CVE-2018-0889](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0889>) \n[CVE-2018-0891](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0891>) \n[CVE-2018-0893](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0893>) \n[CVE-2018-0927](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0927>) \n[CVE-2018-0929](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0929>) \n[CVE-2018-0930](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0930>) \n[CVE-2018-0931](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0931>) \n[CVE-2018-0932](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0932>) \n[CVE-2018-0933](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0933>) \n[CVE-2018-0934](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0934>) \n[CVE-2018-0935](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0935>) \n[CVE-2018-0936](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0936>) \n[CVE-2018-0937](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0937>) \n[CVE-2018-0939](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0939>) \n[CVE-2018-0942](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0942>) \n[CVE-2018-0925](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0925>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2018-0872](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0872>)0.0Unknown \n[CVE-2018-0873](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0873>)0.0Unknown \n[CVE-2018-0874](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0874>)0.0Unknown \n[CVE-2018-0876](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0876>)0.0Unknown \n[CVE-2018-0879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0879>)0.0Unknown \n[CVE-2018-0889](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0889>)0.0Unknown \n[CVE-2018-0891](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0891>)0.0Unknown \n[CVE-2018-0893](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0893>)0.0Unknown \n[CVE-2018-0927](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0927>)0.0Unknown \n[CVE-2018-0929](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0929>)0.0Unknown \n[CVE-2018-0930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0930>)0.0Unknown \n[CVE-2018-0931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0931>)0.0Unknown \n[CVE-2018-0932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0932>)0.0Unknown \n[CVE-2018-0933](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0933>)0.0Unknown \n[CVE-2018-0934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0934>)0.0Unknown \n[CVE-2018-0935](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0935>)0.0Unknown \n[CVE-2018-0936](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0936>)0.0Unknown \n[CVE-2018-0937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0937>)0.0Unknown \n[CVE-2018-0939](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0939>)0.0Unknown \n[CVE-2018-0942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0942>)0.0Unknown \n[CVE-2018-0925](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0925>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4088782](<http://support.microsoft.com/kb/4088782>) \n[4088787](<http://support.microsoft.com/kb/4088787>) \n[4088786](<http://support.microsoft.com/kb/4088786>) \n[4088779](<http://support.microsoft.com/kb/4088779>) \n[4089187](<http://support.microsoft.com/kb/4089187>) \n[4088877](<http://support.microsoft.com/kb/4088877>) \n[4088875](<http://support.microsoft.com/kb/4088875>) \n[4088776](<http://support.microsoft.com/kb/4088776>) \n[4088876](<http://support.microsoft.com/kb/4088876>) \n[4096040](<http://support.microsoft.com/kb/4096040>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 36, "modified": "2020-06-18T00:00:00", "published": "2018-03-13T00:00:00", "id": "KLA11209", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11209", "title": "\r KLA11209Multiple vulnerabilities in Microsoft Internet Explorer and Edge ", "type": "kaspersky", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-08-19T05:13:15", "description": "The remote Windows host is missing security update 4088786.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An elevation of privilege vulnerability exists when\n Internet Explorer fails a check, allowing sandbox\n escape. An attacker who successfully exploited the\n vulnerability could use the sandbox escape to elevate\n privileges on an affected system. This vulnerability by\n itself does not allow arbitrary code execution; however,\n it could allow arbitrary code to be run if the attacker\n uses it in combination with another vulnerability (such\n as a remote code execution vulnerability or another\n elevation of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. The update addresses the vulnerability by\n correcting how Internet Explorer handles zone and\n integrity settings. (CVE-2018-0942)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0874,\n CVE-2018-0931, CVE-2018-0933, CVE-2018-0934)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0816, CVE-2018-0817)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-13T00:00:00", "title": "KB4088786: Windows 10 March 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0891", "CVE-2018-0813", "CVE-2018-0931", "CVE-2018-0811", "CVE-2018-0881", "CVE-2018-0884", "CVE-2018-0814", "CVE-2018-0817", "CVE-2018-0934", "CVE-2018-0896", "CVE-2018-0894", "CVE-2018-0899", "CVE-2018-0888", "CVE-2018-0900", "CVE-2018-0895", "CVE-2018-0885", "CVE-2018-0901", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0883", "CVE-2018-0942", "CVE-2018-0889", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0898", "CVE-2018-0932", "CVE-2018-0897", "CVE-2018-0868", "CVE-2018-0878", "CVE-2018-0886", "CVE-2018-0876", "CVE-2018-0902", "CVE-2018-0977", "CVE-2018-0904", "CVE-2018-0816", "CVE-2018-0874", "CVE-2018-0929"], "modified": "2018-03-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_MAR_4088786.NASL", "href": "https://www.tenable.com/plugins/nessus/108288", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108288);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0811\",\n \"CVE-2018-0813\",\n \"CVE-2018-0814\",\n \"CVE-2018-0816\",\n \"CVE-2018-0817\",\n \"CVE-2018-0868\",\n \"CVE-2018-0872\",\n \"CVE-2018-0874\",\n \"CVE-2018-0876\",\n \"CVE-2018-0878\",\n \"CVE-2018-0881\",\n \"CVE-2018-0883\",\n \"CVE-2018-0884\",\n \"CVE-2018-0885\",\n \"CVE-2018-0886\",\n \"CVE-2018-0888\",\n \"CVE-2018-0889\",\n \"CVE-2018-0891\",\n \"CVE-2018-0894\",\n \"CVE-2018-0895\",\n \"CVE-2018-0896\",\n \"CVE-2018-0897\",\n \"CVE-2018-0898\",\n \"CVE-2018-0899\",\n \"CVE-2018-0900\",\n \"CVE-2018-0901\",\n \"CVE-2018-0902\",\n \"CVE-2018-0904\",\n \"CVE-2018-0927\",\n \"CVE-2018-0929\",\n \"CVE-2018-0931\",\n \"CVE-2018-0932\",\n \"CVE-2018-0933\",\n \"CVE-2018-0934\",\n \"CVE-2018-0935\",\n \"CVE-2018-0942\",\n \"CVE-2018-0977\"\n );\n script_bugtraq_id(\n 103230,\n 103231,\n 103232,\n 103236,\n 103238,\n 103240,\n 103241,\n 103242,\n 103243,\n 103244,\n 103245,\n 103246,\n 103248,\n 103249,\n 103250,\n 103251,\n 103256,\n 103259,\n 103260,\n 103261,\n 103262,\n 103265,\n 103266,\n 103267,\n 103269,\n 103273,\n 103274,\n 103275,\n 103289,\n 103295,\n 103298,\n 103299,\n 103307,\n 103309,\n 103310,\n 103312,\n 103380\n );\n script_xref(name:\"MSKB\", value:\"4088786\");\n script_xref(name:\"MSFT\", value:\"MS18-4088786\");\n\n script_name(english:\"KB4088786: Windows 10 March 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4088786.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An elevation of privilege vulnerability exists when\n Internet Explorer fails a check, allowing sandbox\n escape. An attacker who successfully exploited the\n vulnerability could use the sandbox escape to elevate\n privileges on an affected system. This vulnerability by\n itself does not allow arbitrary code execution; however,\n it could allow arbitrary code to be run if the attacker\n uses it in combination with another vulnerability (such\n as a remote code execution vulnerability or another\n elevation of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. The update addresses the vulnerability by\n correcting how Internet Explorer handles zone and\n integrity settings. (CVE-2018-0942)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0874,\n CVE-2018-0931, CVE-2018-0933, CVE-2018-0934)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0816, CVE-2018-0817)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)\");\n # https://support.microsoft.com/en-us/help/4088786/windows-10-update-kb4088786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7565bb39\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4088786.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0893\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-03\";\nkbs = make_list('4088786');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"03_2018_2\",\n bulletin:bulletin,\n rollup_kb_list:[4088786])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:15", "description": "The remote Windows host is missing security update 4088779.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An elevation of privilege vulnerability exists when\n Internet Explorer fails a check, allowing sandbox\n escape. An attacker who successfully exploited the\n vulnerability could use the sandbox escape to elevate\n privileges on an affected system. This vulnerability by\n itself does not allow arbitrary code execution; however,\n it could allow arbitrary code to be run if the attacker\n uses it in combination with another vulnerability (such\n as a remote code execution vulnerability or another\n elevation of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. The update addresses the vulnerability by\n correcting how Internet Explorer handles zone and\n integrity settings. (CVE-2018-0942)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0983)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0816, CVE-2018-0817)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876,\n CVE-2018-0893)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0873,\n CVE-2018-0874, CVE-2018-0931, CVE-2018-0933,\n CVE-2018-0934)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-13T00:00:00", "title": "KB4088779: Windows 10 Version 1511 March 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0891", "CVE-2018-0813", "CVE-2018-0931", "CVE-2018-0811", "CVE-2018-0881", "CVE-2018-0884", "CVE-2018-0814", "CVE-2018-0817", "CVE-2018-0934", "CVE-2018-0896", "CVE-2018-0894", "CVE-2018-0899", "CVE-2018-0888", "CVE-2018-0900", "CVE-2018-0895", "CVE-2018-0885", "CVE-2018-0901", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0883", "CVE-2018-0942", "CVE-2018-0889", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0898", "CVE-2018-0932", "CVE-2018-0897", "CVE-2018-0868", "CVE-2018-0878", "CVE-2018-0886", "CVE-2018-0983", "CVE-2018-0876", "CVE-2018-0902", "CVE-2018-0977", "CVE-2018-0904", "CVE-2018-0816", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0929"], "modified": "2018-03-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_MAR_4088779.NASL", "href": "https://www.tenable.com/plugins/nessus/108285", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108285);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0811\",\n \"CVE-2018-0813\",\n \"CVE-2018-0814\",\n \"CVE-2018-0816\",\n \"CVE-2018-0817\",\n \"CVE-2018-0868\",\n \"CVE-2018-0872\",\n \"CVE-2018-0873\",\n \"CVE-2018-0874\",\n \"CVE-2018-0876\",\n \"CVE-2018-0878\",\n \"CVE-2018-0881\",\n \"CVE-2018-0883\",\n \"CVE-2018-0884\",\n \"CVE-2018-0885\",\n \"CVE-2018-0886\",\n \"CVE-2018-0888\",\n \"CVE-2018-0889\",\n \"CVE-2018-0891\",\n \"CVE-2018-0893\",\n \"CVE-2018-0894\",\n \"CVE-2018-0895\",\n \"CVE-2018-0896\",\n \"CVE-2018-0897\",\n \"CVE-2018-0898\",\n \"CVE-2018-0899\",\n \"CVE-2018-0900\",\n \"CVE-2018-0901\",\n \"CVE-2018-0902\",\n \"CVE-2018-0904\",\n \"CVE-2018-0927\",\n \"CVE-2018-0929\",\n \"CVE-2018-0931\",\n \"CVE-2018-0932\",\n \"CVE-2018-0933\",\n \"CVE-2018-0934\",\n \"CVE-2018-0935\",\n \"CVE-2018-0942\",\n \"CVE-2018-0977\",\n \"CVE-2018-0983\"\n );\n script_bugtraq_id(\n 103230,\n 103231,\n 103232,\n 103236,\n 103238,\n 103240,\n 103241,\n 103242,\n 103243,\n 103244,\n 103245,\n 103246,\n 103248,\n 103249,\n 103250,\n 103251,\n 103256,\n 103259,\n 103260,\n 103261,\n 103262,\n 103265,\n 103266,\n 103267,\n 103268,\n 103269,\n 103273,\n 103274,\n 103275,\n 103288,\n 103289,\n 103295,\n 103298,\n 103299,\n 103307,\n 103309,\n 103310,\n 103312,\n 103380,\n 103381\n );\n script_xref(name:\"MSKB\", value:\"4088779\");\n script_xref(name:\"MSFT\", value:\"MS18-4088779\");\n\n script_name(english:\"KB4088779: Windows 10 Version 1511 March 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4088779.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An elevation of privilege vulnerability exists when\n Internet Explorer fails a check, allowing sandbox\n escape. An attacker who successfully exploited the\n vulnerability could use the sandbox escape to elevate\n privileges on an affected system. This vulnerability by\n itself does not allow arbitrary code execution; however,\n it could allow arbitrary code to be run if the attacker\n uses it in combination with another vulnerability (such\n as a remote code execution vulnerability or another\n elevation of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. The update addresses the vulnerability by\n correcting how Internet Explorer handles zone and\n integrity settings. (CVE-2018-0942)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0983)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0816, CVE-2018-0817)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876,\n CVE-2018-0893)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0873,\n CVE-2018-0874, CVE-2018-0931, CVE-2018-0933,\n CVE-2018-0934)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)\");\n # https://support.microsoft.com/en-us/help/4088779/windows-10-update-kb4088779\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c820f0dc\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4088779.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0893\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-03\";\nkbs = make_list('4088779');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"03_2018_2\",\n bulletin:bulletin,\n rollup_kb_list:[4088779])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:15", "description": "The remote Windows host is missing security update 4088782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-0880, CVE-2018-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0873,\n CVE-2018-0874, CVE-2018-0931, CVE-2018-0933,\n CVE-2018-0934, CVE-2018-0937)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0983)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0939)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - An elevation of privilege vulnerability exists when\n Internet Explorer fails a check, allowing sandbox\n escape. An attacker who successfully exploited the\n vulnerability could use the sandbox escape to elevate\n privileges on an affected system. This vulnerability by\n itself does not allow arbitrary code execution; however,\n it could allow arbitrary code to be run if the attacker\n uses it in combination with another vulnerability (such\n as a remote code execution vulnerability or another\n elevation of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. The update addresses the vulnerability by\n correcting how Internet Explorer handles zone and\n integrity settings. (CVE-2018-0942)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876,\n CVE-2018-0893)\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Desktop Bridge VFS does not take into\n acccount user/kernel mode when managing file paths. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0877)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0817)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814,\n CVE-2018-0926)", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-13T00:00:00", "title": "KB4088782: Windows 10 Version 1703 March 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0882", "CVE-2018-0877", "CVE-2018-0926", "CVE-2018-0891", "CVE-2018-0813", "CVE-2018-0931", "CVE-2018-0811", "CVE-2018-0881", "CVE-2018-0884", "CVE-2018-0814", "CVE-2018-0817", "CVE-2018-0934", "CVE-2018-0896", "CVE-2018-0894", "CVE-2018-0899", "CVE-2018-0880", "CVE-2018-0888", "CVE-2018-0900", "CVE-2018-0895", "CVE-2018-0885", "CVE-2018-0901", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0883", "CVE-2018-0942", "CVE-2018-0889", "CVE-2018-0939", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0898", "CVE-2018-0932", "CVE-2018-0897", "CVE-2018-0868", "CVE-2018-0878", "CVE-2018-0886", "CVE-2018-0983", "CVE-2018-0876", "CVE-2018-0902", "CVE-2018-0977", "CVE-2018-0904", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0929", "CVE-2018-0937"], "modified": "2018-03-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_MAR_4088782.NASL", "href": "https://www.tenable.com/plugins/nessus/108286", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108286);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0811\",\n \"CVE-2018-0813\",\n \"CVE-2018-0814\",\n \"CVE-2018-0817\",\n \"CVE-2018-0868\",\n \"CVE-2018-0872\",\n \"CVE-2018-0873\",\n \"CVE-2018-0874\",\n \"CVE-2018-0876\",\n \"CVE-2018-0877\",\n \"CVE-2018-0878\",\n \"CVE-2018-0880\",\n \"CVE-2018-0881\",\n \"CVE-2018-0882\",\n \"CVE-2018-0883\",\n \"CVE-2018-0884\",\n \"CVE-2018-0885\",\n \"CVE-2018-0886\",\n \"CVE-2018-0888\",\n \"CVE-2018-0889\",\n \"CVE-2018-0891\",\n \"CVE-2018-0893\",\n \"CVE-2018-0894\",\n \"CVE-2018-0895\",\n \"CVE-2018-0896\",\n \"CVE-2018-0897\",\n \"CVE-2018-0898\",\n \"CVE-2018-0899\",\n \"CVE-2018-0900\",\n \"CVE-2018-0901\",\n \"CVE-2018-0902\",\n \"CVE-2018-0904\",\n \"CVE-2018-0926\",\n \"CVE-2018-0927\",\n \"CVE-2018-0929\",\n \"CVE-2018-0931\",\n \"CVE-2018-0932\",\n \"CVE-2018-0933\",\n \"CVE-2018-0934\",\n \"CVE-2018-0935\",\n \"CVE-2018-0937\",\n \"CVE-2018-0939\",\n \"CVE-2018-0942\",\n \"CVE-2018-0977\",\n \"CVE-2018-0983\"\n );\n script_bugtraq_id(\n 103227,\n 103230,\n 103231,\n 103232,\n 103236,\n 103238,\n 103239,\n 103240,\n 103241,\n 103242,\n 103243,\n 103244,\n 103245,\n 103246,\n 103247,\n 103249,\n 103250,\n 103251,\n 103256,\n 103257,\n 103259,\n 103260,\n 103261,\n 103262,\n 103265,\n 103266,\n 103267,\n 103268,\n 103269,\n 103271,\n 103273,\n 103274,\n 103275,\n 103288,\n 103289,\n 103295,\n 103298,\n 103299,\n 103305,\n 103307,\n 103309,\n 103310,\n 103312,\n 103380,\n 103381\n );\n script_xref(name:\"MSKB\", value:\"4088782\");\n script_xref(name:\"MSFT\", value:\"MS18-4088782\");\n\n script_name(english:\"KB4088782: Windows 10 Version 1703 March 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4088782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-0880, CVE-2018-0882)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0873,\n CVE-2018-0874, CVE-2018-0931, CVE-2018-0933,\n CVE-2018-0934, CVE-2018-0937)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0983)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0939)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - An elevation of privilege vulnerability exists when\n Internet Explorer fails a check, allowing sandbox\n escape. An attacker who successfully exploited the\n vulnerability could use the sandbox escape to elevate\n privileges on an affected system. This vulnerability by\n itself does not allow arbitrary code execution; however,\n it could allow arbitrary code to be run if the attacker\n uses it in combination with another vulnerability (such\n as a remote code execution vulnerability or another\n elevation of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. The update addresses the vulnerability by\n correcting how Internet Explorer handles zone and\n integrity settings. (CVE-2018-0942)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876,\n CVE-2018-0893)\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Desktop Bridge VFS does not take into\n acccount user/kernel mode when managing file paths. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0877)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0817)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814,\n CVE-2018-0926)\");\n # https://support.microsoft.com/en-us/help/4088782/windows-10-update-kb4088782\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d131006c\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4088782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0893\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-03\";\nkbs = make_list('4088782');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"03_2018_2\",\n bulletin:bulletin,\n rollup_kb_list:[4088782])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:15", "description": "The remote Windows host is missing security update 4088787.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-0880, CVE-2018-0882)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0983)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0816, CVE-2018-0817)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - An elevation of privilege vulnerability exists when\n Internet Explorer fails a check, allowing sandbox\n escape. An attacker who successfully exploited the\n vulnerability could use the sandbox escape to elevate\n privileges on an affected system. This vulnerability by\n itself does not allow arbitrary code execution; however,\n it could allow arbitrary code to be run if the attacker\n uses it in combination with another vulnerability (such\n as a remote code execution vulnerability or another\n elevation of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. The update addresses the vulnerability by\n correcting how Internet Explorer handles zone and\n integrity settings. (CVE-2018-0942)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876,\n CVE-2018-0893)\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Desktop Bridge VFS does not take into\n acccount user/kernel mode when managing file paths. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0877)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814,\n CVE-2018-0926)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0873,\n CVE-2018-0874, CVE-2018-0931, CVE-2018-0933,\n CVE-2018-0934)", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-13T00:00:00", "title": "KB4088787: Windows 10 Version 1607 and Windows Server 2016 March 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0882", "CVE-2018-0877", "CVE-2018-0926", "CVE-2018-0891", "CVE-2018-0813", "CVE-2018-0931", "CVE-2018-0811", "CVE-2018-0881", "CVE-2018-0884", "CVE-2018-0814", "CVE-2018-0817", "CVE-2018-0934", "CVE-2018-0896", "CVE-2018-0894", "CVE-2018-0899", "CVE-2018-0880", "CVE-2018-0888", "CVE-2018-0900", "CVE-2018-0895", "CVE-2018-0885", "CVE-2018-0901", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0883", "CVE-2018-0942", "CVE-2018-0889", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0898", "CVE-2018-0932", "CVE-2018-0897", "CVE-2018-0868", "CVE-2018-0878", "CVE-2018-0886", "CVE-2018-0983", "CVE-2018-0876", "CVE-2018-0902", "CVE-2018-0977", "CVE-2018-0904", "CVE-2018-0816", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0929"], "modified": "2018-03-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_MAR_4088787.NASL", "href": "https://www.tenable.com/plugins/nessus/108289", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108289);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0811\",\n \"CVE-2018-0813\",\n \"CVE-2018-0814\",\n \"CVE-2018-0816\",\n \"CVE-2018-0817\",\n \"CVE-2018-0868\",\n \"CVE-2018-0872\",\n \"CVE-2018-0873\",\n \"CVE-2018-0874\",\n \"CVE-2018-0876\",\n \"CVE-2018-0877\",\n \"CVE-2018-0878\",\n \"CVE-2018-0880\",\n \"CVE-2018-0881\",\n \"CVE-2018-0882\",\n \"CVE-2018-0883\",\n \"CVE-2018-0884\",\n \"CVE-2018-0885\",\n \"CVE-2018-0886\",\n \"CVE-2018-0888\",\n \"CVE-2018-0889\",\n \"CVE-2018-0891\",\n \"CVE-2018-0893\",\n \"CVE-2018-0894\",\n \"CVE-2018-0895\",\n \"CVE-2018-0896\",\n \"CVE-2018-0897\",\n \"CVE-2018-0898\",\n \"CVE-2018-0899\",\n \"CVE-2018-0900\",\n \"CVE-2018-0901\",\n \"CVE-2018-0902\",\n \"CVE-2018-0904\",\n \"CVE-2018-0926\",\n \"CVE-2018-0927\",\n \"CVE-2018-0929\",\n \"CVE-2018-0931\",\n \"CVE-2018-0932\",\n \"CVE-2018-0933\",\n \"CVE-2018-0934\",\n \"CVE-2018-0935\",\n \"CVE-2018-0942\",\n \"CVE-2018-0977\",\n \"CVE-2018-0983\"\n );\n script_bugtraq_id(\n 103227,\n 103230,\n 103231,\n 103232,\n 103236,\n 103238,\n 103239,\n 103240,\n 103241,\n 103242,\n 103243,\n 103244,\n 103245,\n 103246,\n 103247,\n 103248,\n 103249,\n 103250,\n 103251,\n 103256,\n 103257,\n 103259,\n 103260,\n 103261,\n 103262,\n 103265,\n 103266,\n 103267,\n 103268,\n 103269,\n 103273,\n 103274,\n 103275,\n 103288,\n 103289,\n 103295,\n 103298,\n 103299,\n 103307,\n 103309,\n 103310,\n 103312,\n 103380,\n 103381\n );\n script_xref(name:\"MSKB\", value:\"4088787\");\n script_xref(name:\"MSFT\", value:\"MS18-4088787\");\n\n script_name(english:\"KB4088787: Windows 10 Version 1607 and Windows Server 2016 March 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4088787.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-0880, CVE-2018-0882)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0983)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0816, CVE-2018-0817)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - An elevation of privilege vulnerability exists when\n Internet Explorer fails a check, allowing sandbox\n escape. An attacker who successfully exploited the\n vulnerability could use the sandbox escape to elevate\n privileges on an affected system. This vulnerability by\n itself does not allow arbitrary code execution; however,\n it could allow arbitrary code to be run if the attacker\n uses it in combination with another vulnerability (such\n as a remote code execution vulnerability or another\n elevation of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. The update addresses the vulnerability by\n correcting how Internet Explorer handles zone and\n integrity settings. (CVE-2018-0942)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876,\n CVE-2018-0893)\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Desktop Bridge VFS does not take into\n acccount user/kernel mode when managing file paths. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0877)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814,\n CVE-2018-0926)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0873,\n CVE-2018-0874, CVE-2018-0931, CVE-2018-0933,\n CVE-2018-0934)\");\n # https://support.microsoft.com/en-us/help/4088787/windows-10-update-kb4088787\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a4c76068\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4088787.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0893\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-03\";\nkbs = make_list('4088787');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"03_2018_2\",\n bulletin:bulletin,\n rollup_kb_list:[4088787])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:15", "description": "The remote Windows host is missing security update 4088776.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0879)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0983)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0939)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0873,\n CVE-2018-0874, CVE-2018-0930, CVE-2018-0931,\n CVE-2018-0933, CVE-2018-0934, CVE-2018-0936,\n CVE-2018-0937)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876,\n CVE-2018-0893)\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-0880)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Desktop Bridge VFS does not take into\n acccount user/kernel mode when managing file paths. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0877)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0817)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814,\n CVE-2018-0926)", "edition": 27, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-13T00:00:00", "title": "KB4088776: Windows 10 Version 1709 and Windows Server Version 1709 March 2018 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0877", "CVE-2018-0926", "CVE-2018-0891", "CVE-2018-0813", "CVE-2018-0930", "CVE-2018-0931", "CVE-2018-0811", "CVE-2018-0936", "CVE-2018-0881", "CVE-2018-0884", "CVE-2018-0814", "CVE-2018-0817", "CVE-2018-0879", "CVE-2018-0934", "CVE-2018-0896", "CVE-2018-0894", "CVE-2018-0899", "CVE-2018-0880", "CVE-2018-0888", "CVE-2018-0900", "CVE-2018-0895", "CVE-2018-0885", "CVE-2018-0901", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0883", "CVE-2018-0889", "CVE-2018-0939", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0898", "CVE-2018-0932", "CVE-2018-0897", "CVE-2018-0868", "CVE-2018-0878", "CVE-2018-0886", "CVE-2018-0983", "CVE-2018-0876", "CVE-2018-0902", "CVE-2018-0977", "CVE-2018-0904", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0929", "CVE-2018-0937"], "modified": "2018-03-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_MAR_4088776.NASL", "href": "https://www.tenable.com/plugins/nessus/108284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108284);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-0811\",\n \"CVE-2018-0813\",\n \"CVE-2018-0814\",\n \"CVE-2018-0817\",\n \"CVE-2018-0868\",\n \"CVE-2018-0872\",\n \"CVE-2018-0873\",\n \"CVE-2018-0874\",\n \"CVE-2018-0876\",\n \"CVE-2018-0877\",\n \"CVE-2018-0878\",\n \"CVE-2018-0879\",\n \"CVE-2018-0880\",\n \"CVE-2018-0881\",\n \"CVE-2018-0883\",\n \"CVE-2018-0884\",\n \"CVE-2018-0885\",\n \"CVE-2018-0886\",\n \"CVE-2018-0888\",\n \"CVE-2018-0889\",\n \"CVE-2018-0891\",\n \"CVE-2018-0893\",\n \"CVE-2018-0894\",\n \"CVE-2018-0895\",\n \"CVE-2018-0896\",\n \"CVE-2018-0897\",\n \"CVE-2018-0898\",\n \"CVE-2018-0899\",\n \"CVE-2018-0900\",\n \"CVE-2018-0901\",\n \"CVE-2018-0902\",\n \"CVE-2018-0904\",\n \"CVE-2018-0926\",\n \"CVE-2018-0927\",\n \"CVE-2018-0929\",\n \"CVE-2018-0930\",\n \"CVE-2018-0931\",\n \"CVE-2018-0932\",\n \"CVE-2018-0933\",\n \"CVE-2018-0934\",\n \"CVE-2018-0935\",\n \"CVE-2018-0936\",\n \"CVE-2018-0937\",\n \"CVE-2018-0939\",\n \"CVE-2018-0977\",\n \"CVE-2018-0983\"\n );\n script_bugtraq_id(\n 103227,\n 103230,\n 103231,\n 103232,\n 103236,\n 103238,\n 103239,\n 103240,\n 103241,\n 103242,\n 103243,\n 103244,\n 103245,\n 103246,\n 103247,\n 103249,\n 103250,\n 103251,\n 103256,\n 103259,\n 103260,\n 103261,\n 103262,\n 103265,\n 103266,\n 103267,\n 103268,\n 103269,\n 103270,\n 103271,\n 103272,\n 103273,\n 103274,\n 103275,\n 103288,\n 103289,\n 103295,\n 103298,\n 103299,\n 103303,\n 103305,\n 103307,\n 103309,\n 103310,\n 103380,\n 103381\n );\n script_xref(name:\"MSKB\", value:\"4088776\");\n script_xref(name:\"MSFT\", value:\"MS18-4088776\");\n\n script_name(english:\"KB4088776: Windows 10 Version 1709 and Windows Server Version 1709 March 2018 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4088776.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0879)\n\n - An elevation of privilege vulnerability exists when\n Storage Services improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2018-0983)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0894,\n CVE-2018-0895, CVE-2018-0896, CVE-2018-0897,\n CVE-2018-0898, CVE-2018-0899, CVE-2018-0900,\n CVE-2018-0901, CVE-2018-0904)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2018-0977)\n\n - A security feature bypass vulnerability exists in\n Windows Scripting Host which could allow an attacker to\n bypass Device Guard. An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2018-0884)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0939)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Microsoft Video Control mishandles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n system mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0881)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2018-0872, CVE-2018-0873,\n CVE-2018-0874, CVE-2018-0930, CVE-2018-0931,\n CVE-2018-0933, CVE-2018-0934, CVE-2018-0936,\n CVE-2018-0937)\n\n - A remote code execution vulnerability exists in the\n Credential Security Support Provider protocol (CredSSP).\n An attacker who successfully exploited this\n vulnerability could relay user credentials and use them\n to execute code on the target system. CredSSP is an\n authentication provider which processes authentication\n requests for other applications; any application which\n depends on CredSSP for authentication may be vulnerable\n to this type of attack. As an example of how an attacker\n would exploit this vulnerability against Remote Desktop\n Protocol, the attacker would need to run a specially\n crafted application and perform a man-in-the-middle\n attack against a Remote Desktop Protocol session. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting how Credential Security Support Provider\n protocol (CredSSP) validates requests during the\n authentication process. To be fully protected against\n this vulnerability users must enable Group Policy\n settings on their systems and update their Remote\n Desktop clients. The Group Policy settings are disabled\n by default to prevent connectivity problems and users\n must follow the instructions documented HERE to be fully\n protected. (CVE-2018-0886)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2018-0891)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2018-0883)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0927,\n CVE-2018-0932)\n\n - A security feature bypass vulnerability exists in the\n Cryptography Next Generation (CNG) kernel-mode driver\n (cng.sys) when it fails to properly validate and enforce\n impersonation levels. An attacker could exploit this\n vulnerability by convincing a user to run a specially\n crafted application that is designed to cause CNG to\n improperly validate impersonation levels, potentially\n allowing the attacker to gain access to information\n beyond the access level of the local user. The security\n update addresses the vulnerability by correcting how the\n kernel-mode driver validates and enforces impersonation\n levels. (CVE-2018-0902)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2018-0888)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0876,\n CVE-2018-0893)\n\n - An information disclosure vulnerability exists when\n Windows Remote Assistance incorrectly processes XML\n External Entities (XXE). An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0878)\n\n - An elevation of privilege vulnerability exists in\n Windows when Desktop Bridge does not properly manage the\n virtual registry. An attacker who successfully exploited\n this vulnerability could run arbitrary code in kernel\n mode. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-0880)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2018-0929)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Desktop Bridge VFS does not take into\n acccount user/kernel mode when managing file paths. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2018-0877)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2018-0817)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2018-0868)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2018-0885)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0889, CVE-2018-0935)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2018-0811, CVE-2018-0813, CVE-2018-0814,\n CVE-2018-0926)\");\n # https://support.microsoft.com/en-us/help/4088776/windows-10-update-kb4088776\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a874f76d\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4088776.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0935\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-03\";\nkbs = make_list('4088776');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"03_2018_2\",\n bulletin:bulletin,\n rollup_kb_list:[4088776])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:06:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0882", "CVE-2018-0877", "CVE-2018-0926", "CVE-2018-0891", "CVE-2018-0813", "CVE-2018-0931", "CVE-2018-0811", "CVE-2018-0881", "CVE-2018-0884", "CVE-2018-0814", "CVE-2018-0817", "CVE-2018-0934", "CVE-2018-0896", "CVE-2018-0894", "CVE-2018-0899", "CVE-2018-0880", "CVE-2018-0888", "CVE-2018-0900", "CVE-2018-0895", "CVE-2018-0885", "CVE-2018-0901", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0883", "CVE-2018-0942", "CVE-2018-0889", "CVE-2018-0939", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0898", "CVE-2018-0932", "CVE-2018-0897", "CVE-2018-0868", "CVE-2018-0878", "CVE-2018-0886", "CVE-2018-0983", "CVE-2018-0876", "CVE-2018-0902", "CVE-2018-0977", "CVE-2018-0904", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0929", "CVE-2018-0937"], "description": "This host is missing a critical security\n update according to Microsoft KB4088782", "modified": "2020-06-04T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310812830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812830", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4088782)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4088782)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812830\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0811\", \"CVE-2018-0813\", \"CVE-2018-0814\", \"CVE-2018-0886\",\n \"CVE-2018-0888\", \"CVE-2018-0889\", \"CVE-2018-0891\", \"CVE-2018-0893\",\n \"CVE-2018-0894\", \"CVE-2018-0895\", \"CVE-2018-0896\", \"CVE-2018-0897\",\n \"CVE-2018-0898\", \"CVE-2018-0899\", \"CVE-2018-0900\", \"CVE-2018-0901\",\n \"CVE-2018-0902\", \"CVE-2018-0904\", \"CVE-2018-0926\", \"CVE-2018-0927\",\n \"CVE-2018-0929\", \"CVE-2018-0931\", \"CVE-2018-0932\", \"CVE-2018-0933\",\n \"CVE-2018-0934\", \"CVE-2018-0935\", \"CVE-2018-0937\", \"CVE-2018-0939\",\n \"CVE-2018-0942\", \"CVE-2018-0977\", \"CVE-2018-0983\", \"CVE-2018-0817\",\n \"CVE-2018-0868\", \"CVE-2018-0872\", \"CVE-2018-0873\", \"CVE-2018-0874\",\n \"CVE-2018-0876\", \"CVE-2018-0877\", \"CVE-2018-0878\", \"CVE-2018-0880\",\n \"CVE-2018-0881\", \"CVE-2018-0882\", \"CVE-2018-0883\", \"CVE-2018-0884\",\n \"CVE-2018-0885\");\n script_bugtraq_id(103232, 103250, 103251, 103265, 103262, 103295, 103309, 103288,\n 103231, 103238, 103240, 103241, 103242, 103243, 103244, 103245,\n 103266, 103246, 103247, 103310, 103299, 103273, 103307, 103274,\n 103275, 103298, 103271, 103305, 103312, 103380, 103381, 103236,\n 103267, 103268, 103269, 103289, 103227, 103230, 103303, 103256,\n 103256, 103257, 103259, 103260, 103261);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 09:56:32 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4088782)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4088782\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way that the scripting engine handles objects in memory in Microsoft\n Edge and Internet Explorer.\n\n - Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - Windows Scripting Host which could allow an attacker to bypass Device\n Guard.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - The Credential Security Support Provider protocol (CredSSP).\n\n - Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - Windows Desktop Bridge does not properly manage the virtual registry.\n\n - Microsoft Video Control mishandles objects in memory.\n\n - Windows Shell does not properly validate file copy destinations.\n\n - Storage Services improperly handles objects in memory.\n\n - Internet Explorer fails a check, allowing sandbox escape.\n\n - The Windows kernel that could allow an attacker to retrieve information\n that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass.\n\n - The Windows Installer when the Windows Installer fails to properly sanitize\n input leading to an insecure library loading behavior.\n\n - The Cryptography Next Generation (CNG) kernel-mode driver.\n\n - Windows Desktop Bridge VFS does not take into account user/kernel\n mode when managing file paths.\n\n - Windows Remote Assistance incorrectly processes XML External Entities\n (XXE).\n\n - Windows Graphics Device Interface (GDI) handles objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to gain access to information, crash server and run arbitrary code in system\n mode.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4088782\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.965\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.965\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T17:07:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0882", "CVE-2018-0877", "CVE-2018-0926", "CVE-2018-0891", "CVE-2018-0813", "CVE-2018-0931", "CVE-2018-0811", "CVE-2018-0881", "CVE-2018-0884", "CVE-2018-0814", "CVE-2018-0817", "CVE-2018-0934", "CVE-2018-0896", "CVE-2018-0894", "CVE-2018-0899", "CVE-2018-0880", "CVE-2018-0888", "CVE-2018-0900", "CVE-2018-0895", "CVE-2018-0885", "CVE-2018-0901", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0883", "CVE-2018-0942", "CVE-2018-0889", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0898", "CVE-2018-0932", "CVE-2018-0897", "CVE-2018-0868", "CVE-2018-0878", "CVE-2018-0886", "CVE-2018-0983", "CVE-2018-0876", "CVE-2018-0902", "CVE-2018-0977", "CVE-2018-0904", "CVE-2018-0816", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0929"], "description": "This host is missing a critical security\n update according to Microsoft KB4088787", "modified": "2020-06-09T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310812831", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812831", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4088787)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4088787)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812831\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_cve_id(\"CVE-2018-0811\", \"CVE-2018-0813\", \"CVE-2018-0814\", \"CVE-2018-0886\",\n \"CVE-2018-0888\", \"CVE-2018-0889\", \"CVE-2018-0891\", \"CVE-2018-0893\",\n \"CVE-2018-0894\", \"CVE-2018-0895\", \"CVE-2018-0896\", \"CVE-2018-0897\",\n \"CVE-2018-0898\", \"CVE-2018-0899\", \"CVE-2018-0900\", \"CVE-2018-0901\",\n \"CVE-2018-0902\", \"CVE-2018-0904\", \"CVE-2018-0926\", \"CVE-2018-0927\",\n \"CVE-2018-0929\", \"CVE-2018-0931\", \"CVE-2018-0932\", \"CVE-2018-0933\",\n \"CVE-2018-0934\", \"CVE-2018-0935\", \"CVE-2018-0942\", \"CVE-2018-0977\",\n \"CVE-2018-0983\", \"CVE-2018-0816\", \"CVE-2018-0817\", \"CVE-2018-0868\",\n \"CVE-2018-0872\", \"CVE-2018-0873\", \"CVE-2018-0874\", \"CVE-2018-0876\",\n \"CVE-2018-0877\", \"CVE-2018-0878\", \"CVE-2018-0880\", \"CVE-2018-0881\",\n \"CVE-2018-0882\", \"CVE-2018-0883\", \"CVE-2018-0884\", \"CVE-2018-0885\");\n script_bugtraq_id(103232, 103250, 103251, 103265, 103262, 103295, 103309, 103288,\n 103231, 103238, 103240, 103241, 103242, 103243, 103244, 103245,\n 103266, 103246, 103247, 103310, 103299, 103273, 103307, 103274,\n 103275, 103298, 103312, 103380, 103381, 103248, 103249, 103236,\n 103267, 103268, 103269, 103289, 103227, 103230, 103239, 103256,\n 103257, 103259, 103260, 103261);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 09:57:59 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4088787)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4088787\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way that the scripting engine handles objects in memory in Microsoft\n Edge and Internet Explorer.\n\n - Windows Hyper-V on a host operating system fails to properly validate\n Input from an authenticated user on a guest operating system.\n\n - Windows Scripting Host which could allow an attacker to bypass Device\n Guard.\n\n - When Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - The Credential Security Support Provider protocol (CredSSP).\n\n - Windows when the Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - Windows when Desktop Bridge does not properly manage the virtual registry.\n\n - When Windows when the Microsoft Video Control mishandles objects in memory.\n\n - When Windows Shell does not properly validate file copy destinations.\n\n - When Storage Services improperly handles objects in memory.\n\n - When Internet Explorer fails a check, allowing sandbox escape.\n\n - The Windows kernel that could allow an attacker to retrieve information\n that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass.\n\n - The Windows Installer when the Windows Installer fails to properly sanitize\n input leading to an insecure library loading behavior.\n\n - When the Windows kernel improperly initializes objects in memory.\n\n - The Cryptography Next Generation (CNG) kernel-mode driver (cng.\n\n - Windows when the Desktop Bridge VFS does not take into account user/kernel\n mode when managing file paths.\n\n - When Windows Remote Assistance incorrectly processes XML External Entities\n (XXE).\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to gain access to information, crash server and run arbitrary code in system\n mode.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4088787\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2124\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2124\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0877", "CVE-2018-0926", "CVE-2018-0891", "CVE-2018-0813", "CVE-2018-0930", "CVE-2018-0931", "CVE-2018-0811", "CVE-2018-0936", "CVE-2018-0881", "CVE-2018-0884", "CVE-2018-0814", "CVE-2018-0817", "CVE-2018-0879", "CVE-2018-0934", "CVE-2018-0896", "CVE-2018-0894", "CVE-2018-0899", "CVE-2018-0880", "CVE-2018-0888", "CVE-2018-0900", "CVE-2018-0895", "CVE-2018-0885", "CVE-2018-0901", "CVE-2018-0927", "CVE-2018-0893", "CVE-2018-0883", "CVE-2018-0889", "CVE-2018-0939", "CVE-2018-0771", "CVE-2018-0933", "CVE-2018-0872", "CVE-2018-0935", "CVE-2018-0898", "CVE-2018-0932", "CVE-2018-0897", "CVE-2018-0868", "CVE-2018-0878", "CVE-2018-0886", "CVE-2018-0983", "CVE-2018-0876", "CVE-2018-0902", "CVE-2018-0977", "CVE-2018-0904", "CVE-2018-0816", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0929", "CVE-2018-0937"], "description": "This host is missing a critical security\n update according to Microsoft KB4088776", "modified": "2020-06-04T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310812833", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812833", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4088776)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4088776)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812833\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0811\", \"CVE-2018-0813\", \"CVE-2018-0814\", \"CVE-2018-0886\",\n \"CVE-2018-0888\", \"CVE-2018-0889\", \"CVE-2018-0891\", \"CVE-2018-0893\",\n \"CVE-2018-0894\", \"CVE-2018-0895\", \"CVE-2018-0896\", \"CVE-2018-0897\",\n \"CVE-2018-0898\", \"CVE-2018-0899\", \"CVE-2018-0900\", \"CVE-2018-0901\",\n \"CVE-2018-0902\", \"CVE-2018-0904\", \"CVE-2018-0926\", \"CVE-2018-0927\",\n \"CVE-2018-0929\", \"CVE-2018-0930\", \"CVE-2018-0931\", \"CVE-2018-0932\",\n \"CVE-2018-0933\", \"CVE-2018-0934\", \"CVE-2018-0935\", \"CVE-2018-0936\",\n \"CVE-2018-0937\", \"CVE-2018-0939\", \"CVE-2018-0977\", \"CVE-2018-0983\",\n \"CVE-2018-0816\", \"CVE-2018-0817\", \"CVE-2018-0868\", \"CVE-2018-0872\",\n \"CVE-2018-0873\", \"CVE-2018-0874\", \"CVE-2018-0876\", \"CVE-2018-0877\",\n \"CVE-2018-0878\", \"CVE-2018-0879\", \"CVE-2018-0880\", \"CVE-2018-0881\",\n \"CVE-2018-0883\", \"CVE-2018-0884\", \"CVE-2018-0885\", \"CVE-2018-0771\");\n script_bugtraq_id(103232, 103250, 103251, 103265, 103262, 103295, 103309, 103288,\n 103231, 103238, 103240, 103241, 103242, 103243, 103244, 103245,\n 103266, 103246, 103247, 103310, 103299, 103272, 103273, 103307,\n 103274, 103275, 103298, 103270, 103271, 103305, 103380, 103381,\n 103248, 103249, 103236, 103267, 103268, 103269, 103289, 103227,\n 103230, 103303, 103239, 103256, 103259, 103260, 103261, 102857);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 10:01:51 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4088776)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4088776\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way that the scripting engine handles objects in memory in Microsoft\n Edge and Internet Explorer.\n\n - Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user or privileged user on a guest operating system.\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects in\n memory.\n\n - Windows Scripting Host which could allow an attacker to bypass Device\n Guard.\n\n - The Credential Security Support Provider protocol (CredSSP).\n\n - Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - Desktop Bridge does not properly manage the virtual registry.\n\n - Windows when the Microsoft Video Control mishandles objects in memory.\n\n - Windows Shell does not properly validate file copy destinations.\n\n - Storage Services improperly handles objects in memory.\n\n - Kernel Address Space Layout Randomization (ASLR) bypass error.\n\n - Windows Installer fails to properly sanitize input leading to an insecure\n library loading behavior.\n\n - Microsoft Edge improperly handles requests of different origins.\n\n - Desktop Bridge VFS does not take into account user/kernel\n mode when managing file paths.\n\n - Windows Remote Assistance incorrectly processes XML External Entities\n (XXE).\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to gain access to information, crash server and run arbitrary code in system\n mode.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4088776\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.308\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.308\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2018-04-17T08:23:43", "bulletinFamily": "blog", "cvelist": ["CVE-2018-0787", "CVE-2018-0808", "CVE-2018-0811", "CVE-2018-0813", "CVE-2018-0814", "CVE-2018-0815", "CVE-2018-0816", "CVE-2018-0817", "CVE-2018-0868", "CVE-2018-0872", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0875", "CVE-2018-0876", "CVE-2018-0877", "CVE-2018-0878", "CVE-2018-0879", "CVE-2018-0880", "CVE-2018-0881", "CVE-2018-0882", "CVE-2018-0883", "CVE-2018-0884", "CVE-2018-0885", "CVE-2018-0886", "CVE-2018-0888", "CVE-2018-0889", "CVE-2018-0891", "CVE-2018-0893", "CVE-2018-0894", "CVE-2018-0895", "CVE-2018-0896", "CVE-2018-0897", "CVE-2018-0898", "CVE-2018-0899", "CVE-2018-0900", "CVE-2018-0901", "CVE-2018-0902", "CVE-2018-0903", "CVE-2018-0904", "CVE-2018-0907", "CVE-2018-0909", "CVE-2018-0910", "CVE-2018-0911", "CVE-2018-0912", "CVE-2018-0913", "CVE-2018-0914", "CVE-2018-0915", "CVE-2018-0916", "CVE-2018-0917", "CVE-2018-0919", "CVE-2018-0921", "CVE-2018-0922", "CVE-2018-0923", "CVE-2018-0924", "CVE-2018-0925", "CVE-2018-0926", "CVE-2018-0927", "CVE-2018-0929", "CVE-2018-0930", "CVE-2018-0931", "CVE-2018-0932", "CVE-2018-0933", "CVE-2018-0934", "CVE-2018-0935", "CVE-2018-0936", "CVE-2018-0937", "CVE-2018-0939", "CVE-2018-0940", "CVE-2018-0941", "CVE-2018-0942", "CVE-2018-0944", "CVE-2018-0947", "CVE-2018-0977", "CVE-2018-0983"], "description": "\n\nThis week marked the 11th annual Pwn2Own contest held during the CanSecWest conference in Vancouver and while the contest had fewer entries compared to previous years, it was still an exciting event filled with a little drama. Over the course of two days, the Zero Day Initiative awarded $267,000 for vulnerabilities covering Apple (5), Microsoft (4), Oracle (2) and Mozilla (1) and named a new Master of Pwn: Richard Zhu ([fluorescence](<https://twitter.com/rz_fluorescence>)). Congratulations go out to Richard and all of the other contestants, with a special thank you to our partner Microsoft and sponsor VMware. For a sneak peek of our upcoming coverage, [click here](<https://blog.trendmicro.com/a-view-of-upcoming-threat-coverage-from-pwn2own-2018/>). You can also catch up on the results of each day at the following links below:\n\n| \n\n * [PWN2OWN 2018 \u2013 Results from Day 1](<https://www.zerodayinitiative.com/blog/2018/3/14/pwn2own-2018-results-from-day-one>)\n * [PWN2OWN 2018 \u2013 Day Two Results and Master of Pwn](<https://www.zerodayinitiative.com/blog/2018/3/15/pwn2own-2018-day-two-results-and-master-of-pwn>) \n---|--- \n| \n \n**Microsoft Security Updates**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before March 13, 2018. Just a day before the Pwn2Own contest, Microsoft released 75 security patches covering Internet Explorer (IE), Edge, ChakraCore, Microsoft Windows, Microsoft Office, and ASP.NET Core. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [March 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0787 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0808 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0811 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0813 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0814 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0815 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0816 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0817 | 30687 | \nCVE-2018-0868 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0872 | 30553 | \nCVE-2018-0873 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0874 | 30555 | \nCVE-2018-0875 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0876 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0877 | 30689 | \nCVE-2018-0878 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0879 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0880 | 30690 | \nCVE-2018-0881 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0882 | 30691 | \nCVE-2018-0883 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0884 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0885 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0886 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0888 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0889 | 30514 | \nCVE-2018-0891 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0893 | 30517 | \nCVE-2018-0894 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0895 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0896 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0897 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0898 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0899 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0900 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0901 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0902 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0903 | 30688 | \nCVE-2018-0904 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0907 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0909 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0910 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0911 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0912 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0913 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0914 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0915 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0916 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0917 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0919 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0921 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0922 | 30554 | \nCVE-2018-0923 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0924 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0925 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0926 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0927 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0929 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0930 | 30547 | \nCVE-2018-0931 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0932 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0933 | 30508 | \nCVE-2018-0934 | 30509 | \nCVE-2018-0935 | 30552 | \nCVE-2018-0936 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0937 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0939 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0940 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0941 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0942 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0944 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0947 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0977 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0983 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Zero-Day Filters**\n\nThere are four new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Advantech (1)_**\n\n| \n\n * 30693: ZDI-CAN-5519: Zero Day Initiative Vulnerability (Advantech WebAccess Node) \n---|--- \n| \n \n**_EMC (1)_**\n\n| \n\n * 30433: HTTP: EMC Unisphere For VMAX vApp Manager ORBServlet Authentication Bypass (ZDI-17-919) \n---|--- \n| \n \n**_GE (1)_**\n\n| \n\n * 30692: ZDI-CAN-5518: Zero Day Initiative Vulnerability (GE MDS PulseNET) \n---|--- \n| \n \n**_Microsoft (1)_**\n\n| \n\n * 30549: ZDI-CAN-5499: Zero Day Initiative Vulnerability (Microsoft Chakra) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-march-5-2018/>).\n\nThe post [TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of March 12, 2018](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-march-12-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "modified": "2018-03-16T15:14:43", "published": "2018-03-16T15:14:43", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-march-12-2018/", "id": "TRENDMICROBLOG:3C0A31CB90B8DCA65E7AB99FD0F23858", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of March 12, 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "talosblog": [{"lastseen": "2018-04-17T08:23:37", "bulletinFamily": "blog", "cvelist": ["CVE-2018-0787", "CVE-2018-0808", "CVE-2018-0811", "CVE-2018-0813", "CVE-2018-0814", "CVE-2018-0815", "CVE-2018-0816", "CVE-2018-0817", "CVE-2018-0868", "CVE-2018-0872", "CVE-2018-0873", "CVE-2018-0874", "CVE-2018-0875", "CVE-2018-0876", "CVE-2018-0877", "CVE-2018-0878", "CVE-2018-0879", "CVE-2018-0880", "CVE-2018-0881", "CVE-2018-0882", "CVE-2018-0883", "CVE-2018-0884", "CVE-2018-0885", "CVE-2018-0886", "CVE-2018-0888", "CVE-2018-0889", "CVE-2018-0891", "CVE-2018-0893", "CVE-2018-0894", "CVE-2018-0895", "CVE-2018-0896", "CVE-2018-0897", "CVE-2018-0898", "CVE-2018-0899", "CVE-2018-0900", "CVE-2018-0901", "CVE-2018-0902", "CVE-2018-0903", "CVE-2018-0904", "CVE-2018-0907", "CVE-2018-0909", "CVE-2018-0910", "CVE-2018-0911", "CVE-2018-0912", "CVE-2018-0913", "CVE-2018-0914", "CVE-2018-0915", "CVE-2018-0916", "CVE-2018-0917", "CVE-2018-0919", "CVE-2018-0921", "CVE-2018-0922", "CVE-2018-0923", "CVE-2018-0925", "CVE-2018-0926", "CVE-2018-0927", "CVE-2018-0929", "CVE-2018-0930", "CVE-2018-0931", "CVE-2018-0932", "CVE-2018-0933", "CVE-2018-0934", "CVE-2018-0935", "CVE-2018-0936", "CVE-2018-0937", "CVE-2018-0939", "CVE-2018-0940", "CVE-2018-0941", "CVE-2018-0942", "CVE-2018-0944", "CVE-2018-0947", "CVE-2018-0977", "CVE-2018-0983"], "description": "### Microsoft Patch Tuesday - March 2018\n\nToday, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them rated important. These vulnerabilities impact Internet Explorer, Edge, Exchange, Scripting Engine, Windows Shell and more. \n \n\n\n#### Critical Vulnerabilities\n\nThis month, Microsoft is addressing 14 vulnerabilities that are rated as critical. \n \nThe vulnerabilities rated as critical are listed below: \n \n[CVE-2018-0872 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0872>) \n[CVE-2018-0874 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0874>) \n[CVE-2018-0876 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0876>) \n[CVE-2018-0889 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0889>) \n[CVE-2018-0893 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0893>) \n[CVE-2018-0925 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0925>) \n[CVE-2018-0930 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0930>) \n[CVE-2018-0931 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0931>) \n[CVE-2018-0932 - Microsoft Browser Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0932>) \n[CVE-2018-0933 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933>) \n[CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934>) \n[CVE-2018-0936 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0936>) \n[CVE-2018-0937 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0937>) \n[CVE-2018-0939 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0939>) \n \n\n\n#### Important Vulnerabilities\n\nThis month, Microsoft is addressing 59 vulnerabilities that are rated as important. Talos believes one of these is notable and should be called out. \n \n[CVE-2018-0883 - Windows Shell Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0883>) \n \nA remote code execution vulnerability has been identified in Windows Shell. This vulnerability could be exploited by an attacker convincing a user to open a specially crafted file via email, messaging, or other means. An attacker exploiting this vulnerability could execute arbitrary code in context of the current user. \n \nOther vulnerabilities rated as important are listed below: \n \n[CVE-2018-0877 - Windows Desktop Bridge VFS Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877>) \n[CVE-2018-0878 - Windows Remote Assistance Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878>) \n[CVE-2018-0879 - Microsoft Edge Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879>) \n[CVE-2018-0880 - Windows Desktop Bridge Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0880>) \n[CVE-2018-0881 - Microsoft Video Control Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0881>) \n[CVE-2018-0882 - Windows Desktop Bridge Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0882>) \n[CVE-2018-0787 - ASP.NET Core Elevation Of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787>) \n[CVE-2018-0808 - ASP.NET Core Denial Of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808>) \n[CVE-2018-0811 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0811>) \n[CVE-2018-0813 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0813>) \n[CVE-2018-0814 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0814>) \n[CVE-2018-0815 - Windows GDI Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0815>) \n[CVE-2018-0816 - Windows GDI Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0816>) \n[CVE-2018-0817 - Windows GDI Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0817>) \n[CVE-2018-0868 - Windows Installer Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0868>) \n[CVE-2018-0873 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0873>) \n[CVE-2018-0875 - ASP.NET Core Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875>) \n[CVE-2018-0884 - Windows Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0884>) \n[CVE-2018-0885 - Windows Hyper-V Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0885>) \n[CVE-2018-0886 - CredSSP Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886>) \n[CVE-2018-0888 - Hyper-V Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0888>) \n[CVE-2018-0891 - Microsoft Browser Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0891>) \n[CVE-2018-0894 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0894>) \n[CVE-2018-0895 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0895>) \n[CVE-2018-0896 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0896>) \n[CVE-2018-0897 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0897>) \n[CVE-2018-0898 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0898>) \n[CVE-2018-0899 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0899>) \n[CVE-2018-0900 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0900>) \n[CVE-2018-0901 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0901>) \n[CVE-2018-0902 - CNG Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902>) \n[CVE-2018-0903 - Microsoft Access Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0903>) \n[CVE-2018-0904 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0904>) \n[CVE-2018-0907 - Microsoft Office Excel Security Feature Bypass](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0907>) \n[CVE-2018-0909 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0909>) \n[CVE-2018-0910 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0910>) \n[CVE-2018-0911 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0911>) \n[CVE-2018-0912 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0912>) \n[CVE-2018-0913 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0913>) \n[CVE-2018-0914 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0914>) \n[CVE-2018-0915 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0915>) \n[CVE-2018-0916 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0916>) \n[CVE-2018-0917 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0917>) \n[CVE-2018-0919 - Microsoft Office Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919>) \n[CVE-2018-0921 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0921>) \n[CVE-2018-0922 - Microsoft Office Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922>) \n[CVE-2018-0923 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0923>) \n[CVE-2018-0926 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0926>) \n[CVE-2018-0927 - Microsoft Browser Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0927>) \n[CVE-2018-0929 - Internet Explorer Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0929>) \n[CVE-2018-0935 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0935>) \n[CVE-2018-0940 - Microsoft Exchange Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940>) \n[CVE-2018-0941 - Microsoft Exchange Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0941>) \n[CVE-2018-0942 - Internet Explorer Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0942>) \n[CVE-2018-0944 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0944>) \n[CVE-2018-0947 - Microsoft Sharepoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0947>) \n[CVE-2018-0977 - Win32k Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0977>) \n[CVE-2018-0983 - Windows Storage Services Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0983>) \n\n\n### Coverage\n\nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort Rules: \n45873-45884 \n45887-45890 \n45892-45895 \n45900-45903 \n \n\n\n[](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=D_HBMMr1y0I:VevXyh0qhEM:yIl2AUoC8zA>)\n\n", "modified": "2018-03-13T21:45:18", "published": "2018-03-13T14:38:00", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/D_HBMMr1y0I/ms-tuesday.html", "id": "TALOSBLOG:826AA3C41E62C22CF612479CB5D49D8B", "type": "talosblog", "title": "Microsoft Patch Tuesday - March 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}