Test ID:	1.3.6.1.4.1.25623.1.0.813336
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows Multiple Vulnerabilities (KB4103718)
Summary:	This host is missing a critical security; update according to Microsoft KB4103718
Description:	Summary: This host is missing a critical security update according to Microsoft KB4103718 Vulnerability Insight: Multiple flaws exist due to: - Microsoft browsers improperly access objects in memory. - The Win32k component fails to properly handle objects in memory. - Windows kernel fails to properly handle objects in memory. - The VBScript engine improperly handles objects in memory. - The scripting engine improperly handles objects in memory in Microsoft browsers. - Windows Common Log File System (CLFS) driver improperly handles objects in memory. - Chakra improperly discloses the contents of its memory. - Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. - Windows 'its://' protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. - An error in Credential Security Support Provider protocol (CredSSP). Vulnerability Impact: Successful exploitation will allow attackers to gain the same user rights as the current user, run arbitrary code, disclose sensitive information and run processes in an elevated context and it may lead to further compromise of the system. Affected Software/OS: - Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1 - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0954 BugTraq ID: 103991 http://www.securityfocus.com/bid/103991 http://www.securitytracker.com/id/1040844 Common Vulnerability Exposure (CVE) ID: CVE-2018-0955 BugTraq ID: 103993 http://www.securityfocus.com/bid/103993 http://www.securitytracker.com/id/1040846 Common Vulnerability Exposure (CVE) ID: CVE-2018-0959 BugTraq ID: 104031 http://www.securityfocus.com/bid/104031 http://www.securitytracker.com/id/1040843 Common Vulnerability Exposure (CVE) ID: CVE-2018-1022 BugTraq ID: 103978 http://www.securityfocus.com/bid/103978 Common Vulnerability Exposure (CVE) ID: CVE-2018-1025 BugTraq ID: 103984 http://www.securityfocus.com/bid/103984 Common Vulnerability Exposure (CVE) ID: CVE-2018-8114 BugTraq ID: 103994 http://www.securityfocus.com/bid/103994 Common Vulnerability Exposure (CVE) ID: CVE-2018-8120 BugTraq ID: 104034 http://www.securityfocus.com/bid/104034 https://www.exploit-db.com/exploits/45653/ http://www.securitytracker.com/id/1040849 Common Vulnerability Exposure (CVE) ID: CVE-2018-8122 BugTraq ID: 103995 http://www.securityfocus.com/bid/103995 Common Vulnerability Exposure (CVE) ID: CVE-2018-8124 BugTraq ID: 104037 http://www.securityfocus.com/bid/104037 Common Vulnerability Exposure (CVE) ID: CVE-2018-8127 BugTraq ID: 104040 http://www.securityfocus.com/bid/104040 Common Vulnerability Exposure (CVE) ID: CVE-2018-8136 BugTraq ID: 104044 http://www.securityfocus.com/bid/104044 Common Vulnerability Exposure (CVE) ID: CVE-2018-8145 BugTraq ID: 103986 http://www.securityfocus.com/bid/103986 https://www.exploit-db.com/exploits/45011/ Common Vulnerability Exposure (CVE) ID: CVE-2018-8164 BugTraq ID: 104033 http://www.securityfocus.com/bid/104033 Common Vulnerability Exposure (CVE) ID: CVE-2018-8166 BugTraq ID: 104062 http://www.securityfocus.com/bid/104062 Common Vulnerability Exposure (CVE) ID: CVE-2018-8167 BugTraq ID: 104063 http://www.securityfocus.com/bid/104063 Common Vulnerability Exposure (CVE) ID: CVE-2018-8174 BugTraq ID: 103998 http://www.securityfocus.com/bid/103998 https://www.exploit-db.com/exploits/44741/ https://blog.0patch.com/2018/05/a-single-instruction-micropatch-for.html Common Vulnerability Exposure (CVE) ID: CVE-2018-8178 BugTraq ID: 104076 http://www.securityfocus.com/bid/104076 Common Vulnerability Exposure (CVE) ID: CVE-2018-8897 BugTraq ID: 104071 http://www.securityfocus.com/bid/104071 CERT/CC vulnerability note: VU#631579 https://www.kb.cert.org/vuls/id/631579 Debian Security Information: DSA-4196 (Google Search) https://www.debian.org/security/2018/dsa-4196 Debian Security Information: DSA-4201 (Google Search) https://www.debian.org/security/2018/dsa-4201 https://www.exploit-db.com/exploits/44697/ https://www.exploit-db.com/exploits/45024/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 http://openwall.com/lists/oss-security/2018/05/08/1 http://openwall.com/lists/oss-security/2018/05/08/4 https://bugzilla.redhat.com/show_bug.cgi?id=1567074 https://github.com/can1357/CVE-2018-8897/ https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 https://patchwork.kernel.org/patch/10386677/ https://support.apple.com/HT208742 https://svnweb.freebsd.org/base?view=revision&revision=333368 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html https://xenbits.xen.org/xsa/advisory-260.html https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html RedHat Security Advisories: RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1318 RedHat Security Advisories: RHSA-2018:1319 https://access.redhat.com/errata/RHSA-2018:1319 RedHat Security Advisories: RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1345 RedHat Security Advisories: RHSA-2018:1346 https://access.redhat.com/errata/RHSA-2018:1346 RedHat Security Advisories: RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1347 RedHat Security Advisories: RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1348 RedHat Security Advisories: RHSA-2018:1349 https://access.redhat.com/errata/RHSA-2018:1349 RedHat Security Advisories: RHSA-2018:1350 https://access.redhat.com/errata/RHSA-2018:1350 RedHat Security Advisories: RHSA-2018:1351 https://access.redhat.com/errata/RHSA-2018:1351 RedHat Security Advisories: RHSA-2018:1352 https://access.redhat.com/errata/RHSA-2018:1352 RedHat Security Advisories: RHSA-2018:1353 https://access.redhat.com/errata/RHSA-2018:1353 RedHat Security Advisories: RHSA-2018:1354 https://access.redhat.com/errata/RHSA-2018:1354 RedHat Security Advisories: RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:1355 RedHat Security Advisories: RHSA-2018:1524 https://access.redhat.com/errata/RHSA-2018:1524 http://www.securitytracker.com/id/1040744 http://www.securitytracker.com/id/1040861 http://www.securitytracker.com/id/1040866 http://www.securitytracker.com/id/1040882 https://usn.ubuntu.com/3641-1/ https://usn.ubuntu.com/3641-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-0824 BugTraq ID: 104030 http://www.securityfocus.com/bid/104030 https://www.exploit-db.com/exploits/44906/ http://www.securitytracker.com/id/1040848 Common Vulnerability Exposure (CVE) ID: CVE-2017-11927 BugTraq ID: 102095 http://www.securityfocus.com/bid/102095 http://www.securitytracker.com/id/1039997 Common Vulnerability Exposure (CVE) ID: CVE-2018-0886 BugTraq ID: 103265 http://www.securityfocus.com/bid/103265 https://www.exploit-db.com/exploits/44453/ https://blog.preempt.com/security-advisory-credssp https://github.com/preempt/credssp https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03 http://www.securitytracker.com/id/1040506
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.