| Beschreibung: | Summary:
This host is missing a critical security
update according to Microsoft KB4489872
Vulnerability Insight:
Multiple flaws exist due to:
- The scripting engine improperly handles objects in memory in Microsoft Edge.
- Windows Jet Database Engine improperly handles objects in memory.
- Windows GDI component improperly discloses the contents of its memory.
- Windows kernel improperly handles objects in memory.
- The win32k component improperly provides kernel information.
- The Microsoft XML Core Services MSXML parser processes user input.
- Windows improperly handles objects in memory.
- The Win32k component fails to properly handle objects in memory.
- Windows Print Spooler does not properly handle objects in memory.
- Microsoft Hyper-V Network Switch on a host server fails to properly
validate input from a privileged user on a guest operating system.
- Windows SMB Server does not properly handles certain requests.
- Windows kernel improperly initializes objects in memory.
- Internet Explorer improperly accesses objects in memory.
- Internet Explorer fails to validate the correct Security Zone of requests
for specific URLs.
- Microsoft browsers improperly access objects in memory.
- The ActiveX Data objects (ADO) improperly handles objects in memory.
Vulnerability Impact:
Successful exploitation will allow
an attacker to execute arbitrary code on a victim system, obtain information
to further compromise the user's system, gain elevated privileges, cause the
host server to crash and bypass security restrictions.
Affected Software/OS:
- Microsoft Windows 10 for 32-bit Systems and
- Microsoft Windows 10 for x64-based Systems
Solution:
The vendor has released updates. Please see the references for more information.
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
