Beschreibung: | Summary: This host is missing a critical security update according to Microsoft KB4512516
Vulnerability Insight: Multiple flaws exist due to:
- Windows improperly handles objects in memory.
- Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
- Windows DirectX improperly handles objects in memory.
- Windows font library improperly handles specially crafted embedded fonts.
- Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
- Windows Jet Database Engine improperly handles objects in memory.
- Chakra scripting engine improperly handles objects in memory in Microsoft Edge.
- Windows GDI component improperly discloses the contents of its memory.
- Windows kernel fails to properly handle objects in memory.
Please see the references for more information about the vulnerabilities.
Vulnerability Impact: Successful exploitation will allow an attacker to run arbitrary code on the client machine, disclose sensitive information, elevate privileges and create a denial of service condition causing the target system to become unresponsive.
Affected Software/OS: - Microsoft Windows 10 Version 1709 for 64-based Systems
- Microsoft Windows 10 Version 1709 for 32-bit Systems
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|