English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.813842
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4343897)
Summary:This host is missing a critical security; update according to Microsoft KB4343897.
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4343897.

Vulnerability Insight:
Multiple flaws exist due to:

- A new speculative execution side channel vulnerability known as L1 Terminal
Fault.

- Diagnostics Hub Standard Collector allows file creation in arbitrary locations.

- Multiple security bypass vulnerabilities exist in Device Guard.

- Microsoft Windows PDF Library improperly handles objects in memory.

- Chakra scripting engine improperly handles objects in memory in Microsoft Edge.

- Internet Explorer improperly validates hyperlinks before loading executable
libraries.

- Windows Installer fails to properly sanitize input leading to an insecure library
loading behavior.

- Active Directory Federation Services (AD FS) improperly handles multi-factor
authentication requests.

- Windows kernel, DirectX Graphics Kernel (DXGKRNL) driver and Win32k component
improperly handles objects in memory.

- NDIS fails to check the length of a buffer prior to copying memory to it.

- Windows font library improperly handles specially crafted embedded fonts.

- An improper processing for a .LNK file.

- Windows kernel fails to properly handle parsing of certain symbolic links.

- 'Microsoft COM for Windows' fails to properly handle serialized objects.

- Microsoft browsers improperly allow cross-frame interaction.

- Microsoft browsers allowing sandbox escape.

- Microsoft Edge improperly handles redirect requests and specific HTML content.

- Microsoft .NET Framework improperly access information in multi-tenant environments.

- WebAudio Library improperly handles audio requests.

- Windows GDI component improperly discloses the contents of its memory.

- Microsoft Edge improperly accesses objects in memory.

- Windows Shell does not properly validate file paths.

Vulnerability Impact:
Successful exploitation will allow an attacker
to execute arbitrary code, run processes in an elevated context, obtain
information to further compromise the user's system, trick a user into believing
that the user was on a legitimate website, read privileged data across trust
boundaries and also bypass certain security restrictions.

Affected Software/OS:
- Microsoft Windows 10 Version 1709 for 32-bit Systems

- Microsoft Windows 10 Version 1709 for 64-based Systems

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-3615
BugTraq ID: 105080
http://www.securityfocus.com/bid/105080
CERT/CC vulnerability note: VU#982149
https://www.kb.cert.org/vuls/id/982149
Cisco Security Advisory: 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
https://foreshadowattack.eu/
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
http://www.securitytracker.com/id/1041451
Common Vulnerability Exposure (CVE) ID: CVE-2018-3620
http://support.lenovo.com/us/en/solutions/LEN-24163
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
http://www.vmware.com/security/advisories/VMSA-2018-0021.html
http://xenbits.xen.org/xsa/advisory-273.html
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009
https://security.netapp.com/advisory/ntap-20180815-0001/
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://support.f5.com/csp/article/K95275140
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://www.synology.com/support/security/Synology_SA_18_45
Debian Security Information: DSA-4274 (Google Search)
https://www.debian.org/security/2018/dsa-4274
Debian Security Information: DSA-4279 (Google Search)
https://www.debian.org/security/2018/dsa-4279
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
FreeBSD Security Advisory: FreeBSD-SA-18:09
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
https://security.gentoo.org/glsa/201810-06
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
RedHat Security Advisories: RHSA-2018:2384
https://access.redhat.com/errata/RHSA-2018:2384
RedHat Security Advisories: RHSA-2018:2387
https://access.redhat.com/errata/RHSA-2018:2387
RedHat Security Advisories: RHSA-2018:2388
https://access.redhat.com/errata/RHSA-2018:2388
RedHat Security Advisories: RHSA-2018:2389
https://access.redhat.com/errata/RHSA-2018:2389
RedHat Security Advisories: RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2390
RedHat Security Advisories: RHSA-2018:2391
https://access.redhat.com/errata/RHSA-2018:2391
RedHat Security Advisories: RHSA-2018:2392
https://access.redhat.com/errata/RHSA-2018:2392
RedHat Security Advisories: RHSA-2018:2393
https://access.redhat.com/errata/RHSA-2018:2393
RedHat Security Advisories: RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2394
RedHat Security Advisories: RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2395
RedHat Security Advisories: RHSA-2018:2396
https://access.redhat.com/errata/RHSA-2018:2396
RedHat Security Advisories: RHSA-2018:2402
https://access.redhat.com/errata/RHSA-2018:2402
RedHat Security Advisories: RHSA-2018:2403
https://access.redhat.com/errata/RHSA-2018:2403
RedHat Security Advisories: RHSA-2018:2404
https://access.redhat.com/errata/RHSA-2018:2404
RedHat Security Advisories: RHSA-2018:2602
https://access.redhat.com/errata/RHSA-2018:2602
RedHat Security Advisories: RHSA-2018:2603
https://access.redhat.com/errata/RHSA-2018:2603
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
https://usn.ubuntu.com/3823-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-3646
http://www.vmware.com/security/advisories/VMSA-2018-0020.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010
https://support.f5.com/csp/article/K31300402
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
http://www.securitytracker.com/id/1042004
https://usn.ubuntu.com/3756-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-0952
BugTraq ID: 105048
http://www.securityfocus.com/bid/105048
https://www.exploit-db.com/exploits/45244/
http://www.securitytracker.com/id/1041466
Common Vulnerability Exposure (CVE) ID: CVE-2018-8200
BugTraq ID: 105007
http://www.securityfocus.com/bid/105007
http://www.securitytracker.com/id/1041459
Common Vulnerability Exposure (CVE) ID: CVE-2018-8204
BugTraq ID: 105008
http://www.securityfocus.com/bid/105008
Common Vulnerability Exposure (CVE) ID: CVE-2018-8266
BugTraq ID: 104977
http://www.securityfocus.com/bid/104977
http://www.securitytracker.com/id/1041457
Common Vulnerability Exposure (CVE) ID: CVE-2018-8350
BugTraq ID: 104985
http://www.securityfocus.com/bid/104985
http://www.securitytracker.com/id/1041465
Common Vulnerability Exposure (CVE) ID: CVE-2018-8316
BugTraq ID: 105013
http://www.securityfocus.com/bid/105013
http://www.securitytracker.com/id/1041483
Common Vulnerability Exposure (CVE) ID: CVE-2018-8339
BugTraq ID: 105030
http://www.securityfocus.com/bid/105030
Common Vulnerability Exposure (CVE) ID: CVE-2018-8340
BugTraq ID: 105029
http://www.securityfocus.com/bid/105029
http://www.securitytracker.com/id/1041474
Common Vulnerability Exposure (CVE) ID: CVE-2018-8341
BugTraq ID: 104987
http://www.securityfocus.com/bid/104987
Common Vulnerability Exposure (CVE) ID: CVE-2018-8343
BugTraq ID: 104982
http://www.securityfocus.com/bid/104982
Common Vulnerability Exposure (CVE) ID: CVE-2018-8344
BugTraq ID: 104983
http://www.securityfocus.com/bid/104983
http://www.securitytracker.com/id/1041475
Common Vulnerability Exposure (CVE) ID: CVE-2018-8345
BugTraq ID: 105027
http://www.securityfocus.com/bid/105027
http://www.securitytracker.com/id/1041473
Common Vulnerability Exposure (CVE) ID: CVE-2018-8347
BugTraq ID: 104988
http://www.securityfocus.com/bid/104988
Common Vulnerability Exposure (CVE) ID: CVE-2018-8348
BugTraq ID: 104992
http://www.securityfocus.com/bid/104992
Common Vulnerability Exposure (CVE) ID: CVE-2018-8349
BugTraq ID: 104984
http://www.securityfocus.com/bid/104984
Common Vulnerability Exposure (CVE) ID: CVE-2018-8351
BugTraq ID: 105015
http://www.securityfocus.com/bid/105015
Common Vulnerability Exposure (CVE) ID: CVE-2018-8353
BugTraq ID: 105034
http://www.securityfocus.com/bid/105034
https://www.exploit-db.com/exploits/45279/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8355
BugTraq ID: 104978
http://www.securityfocus.com/bid/104978
https://www.exploit-db.com/exploits/45432/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8357
BugTraq ID: 105022
http://www.securityfocus.com/bid/105022
Common Vulnerability Exposure (CVE) ID: CVE-2018-8377
BugTraq ID: 105020
http://www.securityfocus.com/bid/105020
Common Vulnerability Exposure (CVE) ID: CVE-2018-8360
BugTraq ID: 104986
http://www.securityfocus.com/bid/104986
http://www.securitytracker.com/id/1041462
Common Vulnerability Exposure (CVE) ID: CVE-2018-8370
BugTraq ID: 105019
http://www.securityfocus.com/bid/105019
Common Vulnerability Exposure (CVE) ID: CVE-2018-8371
BugTraq ID: 105035
http://www.securityfocus.com/bid/105035
Common Vulnerability Exposure (CVE) ID: CVE-2018-8372
BugTraq ID: 105038
http://www.securityfocus.com/bid/105038
Common Vulnerability Exposure (CVE) ID: CVE-2018-8373
BugTraq ID: 105037
http://www.securityfocus.com/bid/105037
Common Vulnerability Exposure (CVE) ID: CVE-2018-8381
BugTraq ID: 104980
http://www.securityfocus.com/bid/104980
Common Vulnerability Exposure (CVE) ID: CVE-2018-8385
BugTraq ID: 105039
http://www.securityfocus.com/bid/105039
Common Vulnerability Exposure (CVE) ID: CVE-2018-8390
BugTraq ID: 105041
http://www.securityfocus.com/bid/105041
Common Vulnerability Exposure (CVE) ID: CVE-2018-8389
BugTraq ID: 105036
http://www.securityfocus.com/bid/105036
Common Vulnerability Exposure (CVE) ID: CVE-2018-8394
BugTraq ID: 105001
http://www.securityfocus.com/bid/105001
http://www.securitytracker.com/id/1041460
Common Vulnerability Exposure (CVE) ID: CVE-2018-8398
BugTraq ID: 104995
http://www.securityfocus.com/bid/104995
Common Vulnerability Exposure (CVE) ID: CVE-2018-8401
BugTraq ID: 105006
http://www.securityfocus.com/bid/105006
http://www.securitytracker.com/id/1041461
Common Vulnerability Exposure (CVE) ID: CVE-2018-8403
BugTraq ID: 105033
http://www.securityfocus.com/bid/105033
Common Vulnerability Exposure (CVE) ID: CVE-2018-8399
BugTraq ID: 104998
http://www.securityfocus.com/bid/104998
Common Vulnerability Exposure (CVE) ID: CVE-2018-8400
BugTraq ID: 105005
http://www.securityfocus.com/bid/105005
Common Vulnerability Exposure (CVE) ID: CVE-2018-8404
BugTraq ID: 104999
http://www.securityfocus.com/bid/104999
Common Vulnerability Exposure (CVE) ID: CVE-2018-8405
BugTraq ID: 105011
http://www.securityfocus.com/bid/105011
Common Vulnerability Exposure (CVE) ID: CVE-2018-8406
BugTraq ID: 105012
http://www.securityfocus.com/bid/105012
Common Vulnerability Exposure (CVE) ID: CVE-2018-8414
BugTraq ID: 105016
http://www.securityfocus.com/bid/105016
http://www.securitytracker.com/id/1041458
Common Vulnerability Exposure (CVE) ID: CVE-2018-8388
BugTraq ID: 105025
http://www.securityfocus.com/bid/105025
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.