Test ID:	1.3.6.1.4.1.25623.1.0.812289
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Internet Explorer Multiple Vulnerabilities (KB4056568)
Summary:	This host is missing a critical security; update according to Microsoft security updates KB4056568
Description:	Summary: This host is missing a critical security update according to Microsoft security updates KB4056568 Vulnerability Insight: Multiple flaws exist due to: - A new publicly disclosed class of vulnerabilities referred to as 'speculative execution side-channel attacks' that affect many modern processors and operating systems including Intel, AMD, and ARM. - Multiple errors exist in the way the scripting engine handles objects in memory in Microsoft browsers. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code in the context of the current user, gain the same user rights as the current user, take control of an affected system and can read the content of memory therefore lead to information disclosure, conduct bounds check bypass, branch target injection and rogue data cache load, and some unspecified impacts too. Affected Software/OS: Microsoft Internet Explorer version 9.x, 10.x and 11.x. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0762 BugTraq ID: 102408 http://www.securityfocus.com/bid/102408 http://www.securitytracker.com/id/1040099 http://www.securitytracker.com/id/1040100 Common Vulnerability Exposure (CVE) ID: CVE-2018-0772 BugTraq ID: 102409 http://www.securityfocus.com/bid/102409 Common Vulnerability Exposure (CVE) ID: CVE-2017-5753 BugTraq ID: 102371 http://www.securityfocus.com/bid/102371 Bugtraq: 20190624 [SECURITY] [DSA 4469-1] libvirt security update (Google Search) https://seclists.org/bugtraq/2019/Jun/36 CERT/CC vulnerability note: VU#180049 https://www.kb.cert.org/vuls/id/180049 CERT/CC vulnerability note: VU#584653 http://www.kb.cert.org/vuls/id/584653 Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel Debian Security Information: DSA-4187 (Google Search) https://www.debian.org/security/2018/dsa-4187 Debian Security Information: DSA-4188 (Google Search) https://www.debian.org/security/2018/dsa-4188 https://www.exploit-db.com/exploits/43427/ https://security.gentoo.org/glsa/201810-06 http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html https://spectreattack.com/ https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html RedHat Security Advisories: RHSA-2018:0292 https://access.redhat.com/errata/RHSA-2018:0292 http://www.securitytracker.com/id/1040071 SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html https://usn.ubuntu.com/usn/usn-3516-1/ https://usn.ubuntu.com/3540-1/ https://usn.ubuntu.com/3540-2/ https://usn.ubuntu.com/3541-1/ https://usn.ubuntu.com/3541-2/ https://usn.ubuntu.com/3542-1/ https://usn.ubuntu.com/3542-2/ https://usn.ubuntu.com/3549-1/ https://usn.ubuntu.com/3580-1/ https://usn.ubuntu.com/3597-1/ https://usn.ubuntu.com/3597-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5715 BugTraq ID: 102376 http://www.securityfocus.com/bid/102376 Bugtraq: 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu (Google Search) https://seclists.org/bugtraq/2019/Nov/16 Debian Security Information: DSA-4120 (Google Search) https://www.debian.org/security/2018/dsa-4120 Debian Security Information: DSA-4213 (Google Search) https://www.debian.org/security/2018/dsa-4213 FreeBSD Security Advisory: FreeBSD-SA-18:03 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html SuSE Security Announcement: SUSE-SU-2018:0006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html SuSE Security Announcement: SUSE-SU-2018:0007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html SuSE Security Announcement: SUSE-SU-2018:0008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html SuSE Security Announcement: SUSE-SU-2018:0009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html SuSE Security Announcement: SUSE-SU-2018:0019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html SuSE Security Announcement: SUSE-SU-2018:0020 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html SuSE Security Announcement: openSUSE-SU-2018:0013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html https://usn.ubuntu.com/3531-1/ https://usn.ubuntu.com/3531-3/ https://usn.ubuntu.com/3560-1/ https://usn.ubuntu.com/3561-1/ https://usn.ubuntu.com/3581-1/ https://usn.ubuntu.com/3581-2/ https://usn.ubuntu.com/3582-1/ https://usn.ubuntu.com/3582-2/ https://usn.ubuntu.com/3594-1/ https://usn.ubuntu.com/3620-2/ https://usn.ubuntu.com/3690-1/ https://usn.ubuntu.com/3777-3/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5754 BugTraq ID: 102378 http://www.securityfocus.com/bid/102378 BugTraq ID: 106128 http://www.securityfocus.com/bid/106128 Debian Security Information: DSA-4078 (Google Search) https://www.debian.org/security/2018/dsa-4078 Debian Security Information: DSA-4082 (Google Search) https://www.debian.org/security/2018/dsa-4082 https://meltdownattack.com/ https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/usn/usn-3522-2/ https://usn.ubuntu.com/3522-3/ https://usn.ubuntu.com/3522-4/ https://usn.ubuntu.com/3523-1/ https://usn.ubuntu.com/usn/usn-3523-2/ https://usn.ubuntu.com/usn/usn-3524-2/ https://usn.ubuntu.com/usn/usn-3525-1/ https://usn.ubuntu.com/3583-1/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.