English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.814084
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4462923)
Summary:This host is missing a critical security; update according to Microsoft KB4462923
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4462923

Vulnerability Insight:
Multiple flaws exist due to:

- Windows Win32k component fails to properly handle objects in memory.

- Windows Hyper-V on a host server fails to properly validate input from an
authenticated user on a guest operating system.

- Microsoft XML Core Services MSXML parser improperly processes user input.

- Internet Explorer improperly accesses objects in memory.

- Filter Manager improperly handles objects in memory.

- Windows TCP/IP stack improperly handles fragmented IP packets.

- Windows Media Player improperly discloses file information.

- Windows Graphics Device Interface (GDI) improperly handles objects in memory.

- DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

- Windows kernel improperly handles objects in memory.

- Windows Theme API does not properly decompress files.

- NTFS improperly checks access.

Vulnerability Impact:
Successful exploitation will allow an attacker
to run arbitrary code, bypass security restrictions, gain the same user rights
as the current user, obtain information to further compromise the user's system,
improperly discloses file information and escalate privileges.

Affected Software/OS:
- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1

- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-8320
BugTraq ID: 105503
http://www.securityfocus.com/bid/105503
http://www.securitytracker.com/id/1041830
Common Vulnerability Exposure (CVE) ID: CVE-2018-8330
BugTraq ID: 105477
http://www.securityfocus.com/bid/105477
Common Vulnerability Exposure (CVE) ID: CVE-2018-8333
BugTraq ID: 105507
http://www.securityfocus.com/bid/105507
http://www.securitytracker.com/id/1041831
Common Vulnerability Exposure (CVE) ID: CVE-2018-8411
BugTraq ID: 105508
http://www.securityfocus.com/bid/105508
https://www.exploit-db.com/exploits/45624/
http://www.securitytracker.com/id/1041832
Common Vulnerability Exposure (CVE) ID: CVE-2018-8413
BugTraq ID: 105448
http://www.securityfocus.com/bid/105448
http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html
http://www.securitytracker.com/id/1041824
Common Vulnerability Exposure (CVE) ID: CVE-2018-8423
https://blog.0patch.com/2018/09/outrunning-attackers-on-jet-database.html
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
http://www.securitytracker.com/id/1041837
Common Vulnerability Exposure (CVE) ID: CVE-2018-8432
BugTraq ID: 105458
http://www.securityfocus.com/bid/105458
http://www.securitytracker.com/id/1041823
Common Vulnerability Exposure (CVE) ID: CVE-2018-8453
BugTraq ID: 105467
http://www.securityfocus.com/bid/105467
http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html
https://securelist.com/cve-2018-8453-used-in-targeted-attack
http://www.securitytracker.com/id/1041828
Common Vulnerability Exposure (CVE) ID: CVE-2018-8460
BugTraq ID: 105449
http://www.securityfocus.com/bid/105449
http://www.securitytracker.com/id/1041841
Common Vulnerability Exposure (CVE) ID: CVE-2018-8472
BugTraq ID: 105488
http://www.securityfocus.com/bid/105488
Common Vulnerability Exposure (CVE) ID: CVE-2018-8481
BugTraq ID: 105452
http://www.securityfocus.com/bid/105452
http://www.securitytracker.com/id/1041829
Common Vulnerability Exposure (CVE) ID: CVE-2018-8482
BugTraq ID: 105469
http://www.securityfocus.com/bid/105469
Common Vulnerability Exposure (CVE) ID: CVE-2018-8486
BugTraq ID: 105501
http://www.securityfocus.com/bid/105501
Common Vulnerability Exposure (CVE) ID: CVE-2018-8489
BugTraq ID: 105479
http://www.securityfocus.com/bid/105479
http://www.securitytracker.com/id/1041834
Common Vulnerability Exposure (CVE) ID: CVE-2018-8491
BugTraq ID: 105454
http://www.securityfocus.com/bid/105454
Common Vulnerability Exposure (CVE) ID: CVE-2018-8494
BugTraq ID: 105457
http://www.securityfocus.com/bid/105457
http://www.securitytracker.com/id/1041844
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.