English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.811757
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4038781)
Summary:This host is missing a critical security; update according to Microsoft KB4038781
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4038781

Vulnerability Insight:
Multiple flaws exist due to:

- When Windows Hyper-V on a host operating system fails to properly validate
input from an authenticated user on a guest operating system.

- An error in Windows Error Reporting (WER) when WER handles and executes files.

- When the Windows kernel fails to properly initialize a memory address,
allowing an attacker to retrieve information that could lead to a Kernel Address
Space Layout Randomization (KASLR) bypass.

- When the Windows kernel improperly handles objects in memory.

- When Microsoft Edge improperly handles clipboard events.

- An error in Microsoft's implementation of the Bluetooth stack.

- An error in the way that Microsoft browser JavaScript engines render content when
handling objects in memory.

- When Microsoft Edge improperly accesses objects in memory.

- An error due to the way Windows Uniscribe handles objects in memory.

- When the Microsoft Windows Graphics Component improperly handles objects in
memory.

- When Microsoft browsers improperly access objects in memory.

- An error in the way that the scripting engine handles objects in memory in
Microsoft Edge.

- A security feature bypass exists in Microsoft Edge when the Edge Content
Security Policy (CSP) fails to properly validate certain specially crafted
documents.

- An error in the way Microsoft Edge handles objects in memory.

- When Internet Explorer improperly handles specific HTML content.

- When Microsoft Windows PDF Library improperly handles objects in memory.

- An error in Microsoft browsers due to improper parent domain verification in
certain functionality.

- When Microsoft Edge does not properly parse HTTP content.

- An error in the way that the Windows Graphics Device Interface (GDI) handles
objects in memory, allowing an attacker to retrieve information from a targeted
system.

- When the Windows GDI+ component improperly discloses kernel memory addresses.

- An error in Windows when the Windows kernel-mode driver fails to properly handle
objects in memory.

- An error in the way that the Windows Graphics Device Interface+ (GDI+) handles
objects in memory, allowing an attacker to retrieve information from a targeted
system.

- An error when Windows Shell does not properly validate file copy destinations.

- When Windows Uniscribe improperly discloses the contents of its memory.

- An error in Windows kernel that could allow an attacker to retrieve information
that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.

- When Internet Explorer improperly accesses objects in memory.

- When the Windows font library improperly handles specially crafted embedded
fonts.

- An error in Windows when the Win32k component fails to properly handle objects in
memory.

Vulnerability Impact:
Successful exploitation will allow attacker to
gain access to potentially sensitive information, perform a man-in-the-middle
attack and force a user's computer to unknowingly route traffic through the
attacker's computer, embed an ActiveX control, execute arbitrary code, take control
of the affected system, gain the same user rights as the current user, conduct
phishing attack and conduct redirect attacks.

Affected Software/OS:
- Microsoft Windows 10 for 32-bit Systems

- Microsoft Windows 10 for x64-based Systems

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-0161
BugTraq ID: 100728
http://www.securityfocus.com/bid/100728
http://www.securitytracker.com/id/1039318
Common Vulnerability Exposure (CVE) ID: CVE-2017-8719
BugTraq ID: 100803
http://www.securityfocus.com/bid/100803
http://www.securitytracker.com/id/1039325
Common Vulnerability Exposure (CVE) ID: CVE-2017-8720
BugTraq ID: 100804
http://www.securityfocus.com/bid/100804
Common Vulnerability Exposure (CVE) ID: CVE-2017-8723
BugTraq ID: 100768
http://www.securityfocus.com/bid/100768
http://www.securitytracker.com/id/1039326
Common Vulnerability Exposure (CVE) ID: CVE-2017-8728
BugTraq ID: 100739
http://www.securityfocus.com/bid/100739
http://www.securitytracker.com/id/1039327
Common Vulnerability Exposure (CVE) ID: CVE-2017-8628
BugTraq ID: 100744
http://www.securityfocus.com/bid/100744
http://www.securitytracker.com/id/1039339
Common Vulnerability Exposure (CVE) ID: CVE-2017-8643
BugTraq ID: 100747
http://www.securityfocus.com/bid/100747
Common Vulnerability Exposure (CVE) ID: CVE-2017-8733
BugTraq ID: 100737
http://www.securityfocus.com/bid/100737
http://www.securitytracker.com/id/1039328
Common Vulnerability Exposure (CVE) ID: CVE-2017-8734
BugTraq ID: 100738
http://www.securityfocus.com/bid/100738
https://www.exploit-db.com/exploits/42759/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8735
BugTraq ID: 100740
http://www.securityfocus.com/bid/100740
Common Vulnerability Exposure (CVE) ID: CVE-2017-8736
BugTraq ID: 100743
http://www.securityfocus.com/bid/100743
http://www.securitytracker.com/id/1039342
http://www.securitytracker.com/id/1039343
Common Vulnerability Exposure (CVE) ID: CVE-2017-8675
BugTraq ID: 100752
http://www.securityfocus.com/bid/100752
Common Vulnerability Exposure (CVE) ID: CVE-2017-8676
BugTraq ID: 100755
http://www.securityfocus.com/bid/100755
http://www.securitytracker.com/id/1039333
Common Vulnerability Exposure (CVE) ID: CVE-2017-8737
BugTraq ID: 100749
http://www.securityfocus.com/bid/100749
Common Vulnerability Exposure (CVE) ID: CVE-2017-8738
BugTraq ID: 100759
http://www.securityfocus.com/bid/100759
Common Vulnerability Exposure (CVE) ID: CVE-2017-8741
BugTraq ID: 100764
http://www.securityfocus.com/bid/100764
Common Vulnerability Exposure (CVE) ID: CVE-2017-8677
BugTraq ID: 100767
http://www.securityfocus.com/bid/100767
http://www.securitytracker.com/id/1039338
Common Vulnerability Exposure (CVE) ID: CVE-2017-8747
BugTraq ID: 100765
http://www.securityfocus.com/bid/100765
Common Vulnerability Exposure (CVE) ID: CVE-2017-8748
BugTraq ID: 100766
http://www.securityfocus.com/bid/100766
Common Vulnerability Exposure (CVE) ID: CVE-2017-8678
BugTraq ID: 100769
http://www.securityfocus.com/bid/100769
https://www.exploit-db.com/exploits/42750/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8679
BugTraq ID: 100720
http://www.securityfocus.com/bid/100720
Common Vulnerability Exposure (CVE) ID: CVE-2017-8749
BugTraq ID: 100770
http://www.securityfocus.com/bid/100770
Common Vulnerability Exposure (CVE) ID: CVE-2017-8750
BugTraq ID: 100771
http://www.securityfocus.com/bid/100771
Common Vulnerability Exposure (CVE) ID: CVE-2017-8753
BugTraq ID: 100776
http://www.securityfocus.com/bid/100776
Common Vulnerability Exposure (CVE) ID: CVE-2017-8681
BugTraq ID: 100727
http://www.securityfocus.com/bid/100727
https://www.exploit-db.com/exploits/42742/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8682
BugTraq ID: 100772
http://www.securityfocus.com/bid/100772
https://www.exploit-db.com/exploits/42744/
http://www.securitytracker.com/id/1039352
Common Vulnerability Exposure (CVE) ID: CVE-2017-8754
BugTraq ID: 100779
http://www.securityfocus.com/bid/100779
Common Vulnerability Exposure (CVE) ID: CVE-2017-8756
BugTraq ID: 100718
http://www.securityfocus.com/bid/100718
Common Vulnerability Exposure (CVE) ID: CVE-2017-8757
BugTraq ID: 100721
http://www.securityfocus.com/bid/100721
Common Vulnerability Exposure (CVE) ID: CVE-2017-8759
BugTraq ID: 100742
http://www.securityfocus.com/bid/100742
https://www.exploit-db.com/exploits/42711/
https://github.com/GitHubAssessments/CVE_Assessments_01_2020
https://github.com/bhdresh/CVE-2017-8759
https://github.com/nccgroup/CVE-2017-8759
http://www.securitytracker.com/id/1039324
Common Vulnerability Exposure (CVE) ID: CVE-2017-8683
BugTraq ID: 100781
http://www.securityfocus.com/bid/100781
https://www.exploit-db.com/exploits/42746/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8687
BugTraq ID: 100736
http://www.securityfocus.com/bid/100736
https://www.exploit-db.com/exploits/42749/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8688
BugTraq ID: 100756
http://www.securityfocus.com/bid/100756
Common Vulnerability Exposure (CVE) ID: CVE-2017-8699
BugTraq ID: 100783
http://www.securityfocus.com/bid/100783
http://www.securitytracker.com/id/1039331
Common Vulnerability Exposure (CVE) ID: CVE-2017-8702
BugTraq ID: 100785
http://www.securityfocus.com/bid/100785
http://www.securitytracker.com/id/1039353
Common Vulnerability Exposure (CVE) ID: CVE-2017-8706
BugTraq ID: 100789
http://www.securityfocus.com/bid/100789
http://www.securitytracker.com/id/1039317
Common Vulnerability Exposure (CVE) ID: CVE-2017-8707
BugTraq ID: 100790
http://www.securityfocus.com/bid/100790
Common Vulnerability Exposure (CVE) ID: CVE-2017-8708
BugTraq ID: 100791
http://www.securityfocus.com/bid/100791
https://www.exploit-db.com/exploits/42743/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8709
BugTraq ID: 100792
http://www.securityfocus.com/bid/100792
Common Vulnerability Exposure (CVE) ID: CVE-2017-8713
BugTraq ID: 100796
http://www.securityfocus.com/bid/100796
Common Vulnerability Exposure (CVE) ID: CVE-2017-8692
BugTraq ID: 100762
http://www.securityfocus.com/bid/100762
http://www.securitytracker.com/id/1039344
Common Vulnerability Exposure (CVE) ID: CVE-2017-8695
BugTraq ID: 100773
http://www.securityfocus.com/bid/100773
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2024 E-Soft Inc. All rights reserved.