English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.814082
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4462937)
Summary:This host is missing a critical security; update according to Microsoft KB4462937
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4462937

Vulnerability Insight:
Multiple flaw exists due to,

- Windows Hyper-V on a host server fails to properly validate input from an
authenticated user on a guest operating system.

- Internet Explorer improperly accesses objects in memory.

- Windows Media Player improperly discloses file information.

- DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

- Microsoft Edge improperly handles requests of different origins.

- Windows Theme API does not properly decompress files.

- NTFS improperly checks access.

- Edge Content Security Policy (CSP) fails to properly validate certain specially
crafted documents.

- Windows Win32k component fails to properly handle objects in memory.

- Windows Graphics Device Interface (GDI) improperly handles objects in memory.

- Windows Kernel improperly handles objects in memory.

- Windows Shell improperly handles URIs.

- Microsoft XML Core Services MSXML parser improperly processes user input.

- Windows TCP/IP stack improperly handles fragmented IP packets.

- An input validation error in Device Guard.

- Filter Manager improperly handles objects in memory.


- Windows kernel improperly handles objects in memory.

- Chakra scripting engine improperly handles objects in memory in Microsoft Edge.

Vulnerability Impact:
Successful exploitation will allow an attacker
to run arbitrary code, bypass security restrictions, gain the same user rights as
the current user, obtain information to further compromise the user's system,
improperly discloses file information and escalate privileges.

Affected Software/OS:
Microsoft Windows 10 Version 1703 x32/x64

Solution:
Run Windows Update and update the
listed hotfixes or download and update mentioned hotfixes in the advisory
from the Reference link.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-8495
https://leucosite.com/Microsoft-Edge-RCE/
BugTraq ID: 105461
http://www.securityfocus.com/bid/105461
Common Vulnerability Exposure (CVE) ID: CVE-2018-8497
BugTraq ID: 105478
http://www.securityfocus.com/bid/105478
http://www.securitytracker.com/id/1041828
Common Vulnerability Exposure (CVE) ID: CVE-2018-8503
BugTraq ID: 105464
http://www.securityfocus.com/bid/105464
http://www.securitytracker.com/id/1041825
Common Vulnerability Exposure (CVE) ID: CVE-2018-8505
BugTraq ID: 105468
http://www.securityfocus.com/bid/105468
Common Vulnerability Exposure (CVE) ID: CVE-2018-8330
BugTraq ID: 105477
http://www.securityfocus.com/bid/105477
Common Vulnerability Exposure (CVE) ID: CVE-2018-8333
BugTraq ID: 105507
http://www.securityfocus.com/bid/105507
http://www.securitytracker.com/id/1041831
Common Vulnerability Exposure (CVE) ID: CVE-2018-8411
https://www.exploit-db.com/exploits/45624/
BugTraq ID: 105508
http://www.securityfocus.com/bid/105508
http://www.securitytracker.com/id/1041832
Common Vulnerability Exposure (CVE) ID: CVE-2018-8413
BugTraq ID: 105448
http://www.securityfocus.com/bid/105448
http://www.securitytracker.com/id/1041824
Common Vulnerability Exposure (CVE) ID: CVE-2018-8423
https://blog.0patch.com/2018/09/outrunning-attackers-on-jet-database.html
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
http://www.securitytracker.com/id/1041837
Common Vulnerability Exposure (CVE) ID: CVE-2018-8453
https://securelist.com/cve-2018-8453-used-in-targeted-attack
BugTraq ID: 105467
http://www.securityfocus.com/bid/105467
Common Vulnerability Exposure (CVE) ID: CVE-2018-8460
BugTraq ID: 105449
http://www.securityfocus.com/bid/105449
http://www.securitytracker.com/id/1041841
Common Vulnerability Exposure (CVE) ID: CVE-2018-8472
BugTraq ID: 105488
http://www.securityfocus.com/bid/105488
http://www.securitytracker.com/id/1041823
Common Vulnerability Exposure (CVE) ID: CVE-2018-8481
BugTraq ID: 105452
http://www.securityfocus.com/bid/105452
http://www.securitytracker.com/id/1041829
Common Vulnerability Exposure (CVE) ID: CVE-2018-8482
BugTraq ID: 105469
http://www.securityfocus.com/bid/105469
Common Vulnerability Exposure (CVE) ID: CVE-2018-8484
BugTraq ID: 105500
http://www.securityfocus.com/bid/105500
Common Vulnerability Exposure (CVE) ID: CVE-2018-8486
BugTraq ID: 105501
http://www.securityfocus.com/bid/105501
Common Vulnerability Exposure (CVE) ID: CVE-2018-8489
BugTraq ID: 105479
http://www.securityfocus.com/bid/105479
http://www.securitytracker.com/id/1041834
Common Vulnerability Exposure (CVE) ID: CVE-2018-8490
BugTraq ID: 105480
http://www.securityfocus.com/bid/105480
Common Vulnerability Exposure (CVE) ID: CVE-2018-8491
BugTraq ID: 105454
http://www.securityfocus.com/bid/105454
Common Vulnerability Exposure (CVE) ID: CVE-2018-8492
BugTraq ID: 105455
http://www.securityfocus.com/bid/105455
http://www.securitytracker.com/id/1041842
Common Vulnerability Exposure (CVE) ID: CVE-2018-8493
BugTraq ID: 105456
http://www.securityfocus.com/bid/105456
http://www.securitytracker.com/id/1041843
Common Vulnerability Exposure (CVE) ID: CVE-2018-8494
BugTraq ID: 105457
http://www.securityfocus.com/bid/105457
http://www.securitytracker.com/id/1041844
Common Vulnerability Exposure (CVE) ID: CVE-2018-8512
BugTraq ID: 105486
http://www.securityfocus.com/bid/105486
Common Vulnerability Exposure (CVE) ID: CVE-2018-8530
BugTraq ID: 105487
http://www.securityfocus.com/bid/105487
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.