Windows : Microsoft Bulletins : Microsoft Windows Multiple Vulnerabilities (KB4467697)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.814174
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Multiple Vulnerabilities (KB4467697)
Resumen:	This host is missing a critical security; update according to Microsoft KB4467697.
Descripción:	Summary: This host is missing a critical security update according to Microsoft KB4467697. Vulnerability Insight: Multiple flaws exist: - when DirectX improperly handles objects in memory. - in Windows when the Win32k component fails to properly handle objects in memory. - when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. - when Windows Search handles objects in memory. - in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory. - An elevation of privilege exists in Windows COM Aggregate Marshaler. - when the win32k component improperly provides kernel information. - in the way that the VBScript engine handles objects in memory. - A security feature bypass exists when Windows incorrectly validates kernel driver signatures. - in PowerShell that could allow an attacker to execute unlogged code. - in the way that Windows Deployment Services TFTP Server handles objects in memory. - in the way that Microsoft Graphics Components handle objects in memory. - when Kernel Remote Procedure Call Provider driver improperly initializes objects in memory. - when the Windows kernel improperly initializes objects in memory. - when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. - when PowerShell improperly handles specially crafted files. Vulnerability Impact: Successful exploitation will allow an attacker to run arbitrary code, bypass security restrictions and load improperly signed drivers into the kernel, gain the same user rights as the current user, obtain information to further compromise the user's system, improperly discloses file information and escalate privileges. Affected Software/OS: - Microsoft Windows 8.1 for 32-bit/x64 - Microsoft Windows Server 2012 R2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-8562 BugTraq ID: 105790 http://www.securityfocus.com/bid/105790 Common Vulnerability Exposure (CVE) ID: CVE-2018-8563 BugTraq ID: 105778 http://www.securityfocus.com/bid/105778 http://www.securitytracker.com/id/1042135 Common Vulnerability Exposure (CVE) ID: CVE-2018-8565 BugTraq ID: 105791 http://www.securityfocus.com/bid/105791 Common Vulnerability Exposure (CVE) ID: CVE-2018-8256 BugTraq ID: 105781 http://www.securityfocus.com/bid/105781 http://www.securitytracker.com/id/1042108 Common Vulnerability Exposure (CVE) ID: CVE-2018-8407 BugTraq ID: 105794 http://www.securityfocus.com/bid/105794 http://www.securitytracker.com/id/1042123 Common Vulnerability Exposure (CVE) ID: CVE-2018-8408 BugTraq ID: 105789 http://www.securityfocus.com/bid/105789 http://www.securitytracker.com/id/1042127 Common Vulnerability Exposure (CVE) ID: CVE-2018-8415 BugTraq ID: 105792 http://www.securityfocus.com/bid/105792 Common Vulnerability Exposure (CVE) ID: CVE-2018-8450 BugTraq ID: 105797 http://www.securityfocus.com/bid/105797 http://www.securitytracker.com/id/1042117 Common Vulnerability Exposure (CVE) ID: CVE-2018-8471 BugTraq ID: 105800 http://www.securityfocus.com/bid/105800 http://www.securitytracker.com/id/1042121 Common Vulnerability Exposure (CVE) ID: CVE-2018-8476 BugTraq ID: 105774 http://www.securityfocus.com/bid/105774 https://research.checkpoint.com/2019/pxe-dust-finding-a-vulnerability-in-windows-servers-deployment-services/ http://www.securitytracker.com/id/1042109 Common Vulnerability Exposure (CVE) ID: CVE-2018-8485 BugTraq ID: 105770 http://www.securityfocus.com/bid/105770 http://www.securitytracker.com/id/1042124 Common Vulnerability Exposure (CVE) ID: CVE-2018-8544 BugTraq ID: 105787 http://www.securityfocus.com/bid/105787 https://www.exploit-db.com/exploits/45923/ http://www.securitytracker.com/id/1042118 Common Vulnerability Exposure (CVE) ID: CVE-2018-8547 BugTraq ID: 105801 http://www.securityfocus.com/bid/105801 Common Vulnerability Exposure (CVE) ID: CVE-2018-8549 BugTraq ID: 105803 http://www.securityfocus.com/bid/105803 http://www.securitytracker.com/id/1042138 Common Vulnerability Exposure (CVE) ID: CVE-2018-8550 BugTraq ID: 105805 http://www.securityfocus.com/bid/105805 https://www.exploit-db.com/exploits/45893/ http://www.securitytracker.com/id/1042139 Common Vulnerability Exposure (CVE) ID: CVE-2018-8552 BugTraq ID: 105786 http://www.securityfocus.com/bid/105786 https://www.exploit-db.com/exploits/45924/ Common Vulnerability Exposure (CVE) ID: CVE-2018-8553 BugTraq ID: 105777 http://www.securityfocus.com/bid/105777 http://www.securitytracker.com/id/1042113 Common Vulnerability Exposure (CVE) ID: CVE-2018-8561 BugTraq ID: 105813 http://www.securityfocus.com/bid/105813
Copyright	Copyright (C) 2018 Greenbone AG