| Beschreibung: | Summary:
This host is missing a critical security
update according to Microsoft KB4034681
Vulnerability Insight:
Multiple flaws exist due to:
- An error in Windows when the Win32k component fails to properly handle
objects in memory.
- An error in Windows Input Method Editor (IME) when IME improperly handles
parameters in a method of a DCOM class.
- An error when Microsoft browsers improperly access objects in memory.
- An error in Windows Error Reporting (WER).
- An error in the way JavaScript engines render when handling objects in
memory in Microsoft browsers.
- An error when Windows Hyper-V on a host server fails to properly validate
input from an authenticated user on a guest operating system.
- An error in the Microsoft JET Database Engine that could allow remote code
execution on an affected system.
- An error when Windows Search handles objects in memory.
- An error in the way that Microsoft browser JavaScript engines render content
when handling objects in memory.
- An error when Microsoft Windows PDF Library improperly handles objects in
memory.
- An error when Microsoft Windows improperly handles NetBIOS packets.
- An error when the win32k component improperly provides kernel information.
- An error when the Volume Manager Extension Driver component improperly provides
kernel information.
Vulnerability Impact:
Successful exploitation will allow remote
attacker to run arbitrary code in kernel mode, gain the same user rights as
the current user, access to sensitive information and system functionality
and conduct a denial-of-service condition.
Affected Software/OS:
- Microsoft Windows Server 2012 R2
- Microsoft Windows 8.1 for 32-bit/x64
Solution:
The vendor has released updates. Please see the references for more information.
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
