English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 150599 CVE descriptions
and 73533 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.814180
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4467708)
Summary:This host is missing a critical security; update according to Microsoft KB4467708.
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4467708.

Vulnerability Insight:
Multiple flaw exists,

- in the way that Microsoft Edge handles cross-origin requests.

- in Windows when the Win32k component fails to properly handle objects in
memory.

- when an open source customization for Microsoft Active Directory Federation
Services (AD FS) does not properly sanitize a specially crafted web request to
an affected AD FS server.

- in the way that the Chakra scripting engine handles objects in memory in
Microsoft Edge.

- A security feature bypass exists when Windows incorrectly validates kernel
driver signatures.

- when DirectX improperly handles objects in memory.

- when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

- when VBScript improperly discloses the contents of its memory, which could
provide an attacker with information to further compromise the user's computer
or data.

- when Microsoft Edge improperly handles specific HTML content.

- in Microsoft JScript that could allow an attacker to bypass Device Guard.

- in PowerShell that could allow an attacker to execute unlogged code.

- when PowerShell improperly handles specially crafted files.

- in the way that Windows Deployment Services TFTP Server handles objects in
memory.

- in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles
objects in memory.

- An elevation of privilege exists in Windows COM Aggregate Marshaler.

- when Windows Audio Service fails to properly handle objects in memory.

- when Microsoft Edge does not properly enforce cross-domain policies, which
could allow an attacker to access information from one domain and inject it
into another domain.

- in the way that the VBScript engine handles objects in memory.

- in Windows 10 version 1809 when installed from physical media (USB, DVD, etc.

- when Kernel Remote Procedure Call Provider driver improperly
initializes objects in memory.

Vulnerability Impact:
Successful exploitation will allow an attacker
to run arbitrary code, bypass security restrictions and load improperly signed
drivers into the kernel, gain the same user rights as the current user, obtain
information to further compromise the user's system, improperly discloses file
information, trick a user into believing that the user was on a legitimate website
and escalate privileges.

Affected Software/OS:
Windows 10 Version 1809 for 32-bit Systems,

Windows 10 Version 1809 for x64-based Systems

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-8562
BugTraq ID: 105790
http://www.securityfocus.com/bid/105790
Common Vulnerability Exposure (CVE) ID: CVE-2018-8564
BugTraq ID: 105785
http://www.securityfocus.com/bid/105785
Common Vulnerability Exposure (CVE) ID: CVE-2018-8256
BugTraq ID: 105781
http://www.securityfocus.com/bid/105781
http://www.securitytracker.com/id/1042108
Common Vulnerability Exposure (CVE) ID: CVE-2018-8407
BugTraq ID: 105794
http://www.securityfocus.com/bid/105794
http://www.securitytracker.com/id/1042123
Common Vulnerability Exposure (CVE) ID: CVE-2018-8415
BugTraq ID: 105792
http://www.securityfocus.com/bid/105792
Common Vulnerability Exposure (CVE) ID: CVE-2018-8417
BugTraq ID: 105795
http://www.securityfocus.com/bid/105795
http://www.securitytracker.com/id/1042120
Common Vulnerability Exposure (CVE) ID: CVE-2018-8454
BugTraq ID: 105799
http://www.securityfocus.com/bid/105799
http://www.securitytracker.com/id/1042122
Common Vulnerability Exposure (CVE) ID: CVE-2018-8471
BugTraq ID: 105800
http://www.securityfocus.com/bid/105800
http://www.securitytracker.com/id/1042121
Common Vulnerability Exposure (CVE) ID: CVE-2018-8476
BugTraq ID: 105774
http://www.securityfocus.com/bid/105774
http://www.securitytracker.com/id/1042109
Common Vulnerability Exposure (CVE) ID: CVE-2018-8485
BugTraq ID: 105770
http://www.securityfocus.com/bid/105770
http://www.securitytracker.com/id/1042124
Common Vulnerability Exposure (CVE) ID: CVE-2018-8541
BugTraq ID: 105771
http://www.securityfocus.com/bid/105771
http://www.securitytracker.com/id/1042107
Common Vulnerability Exposure (CVE) ID: CVE-2018-8542
BugTraq ID: 105772
http://www.securityfocus.com/bid/105772
Common Vulnerability Exposure (CVE) ID: CVE-2018-8543
BugTraq ID: 105846
http://www.securityfocus.com/bid/105846
Common Vulnerability Exposure (CVE) ID: CVE-2018-8544
BugTraq ID: 105787
http://www.securityfocus.com/bid/105787
https://www.exploit-db.com/exploits/45923/
http://www.securitytracker.com/id/1042118
Common Vulnerability Exposure (CVE) ID: CVE-2018-8545
BugTraq ID: 105788
http://www.securityfocus.com/bid/105788
http://www.securitytracker.com/id/1042137
Common Vulnerability Exposure (CVE) ID: CVE-2018-8547
BugTraq ID: 105801
http://www.securityfocus.com/bid/105801
Common Vulnerability Exposure (CVE) ID: CVE-2018-8549
BugTraq ID: 105803
http://www.securityfocus.com/bid/105803
http://www.securitytracker.com/id/1042138
Common Vulnerability Exposure (CVE) ID: CVE-2018-8550
BugTraq ID: 105805
http://www.securityfocus.com/bid/105805
https://www.exploit-db.com/exploits/45893/
http://www.securitytracker.com/id/1042139
Common Vulnerability Exposure (CVE) ID: CVE-2018-8551
BugTraq ID: 105773
http://www.securityfocus.com/bid/105773
Common Vulnerability Exposure (CVE) ID: CVE-2018-8552
BugTraq ID: 105786
http://www.securityfocus.com/bid/105786
https://www.exploit-db.com/exploits/45924/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8554
BugTraq ID: 105811
http://www.securityfocus.com/bid/105811
http://www.securitytracker.com/id/1042135
Common Vulnerability Exposure (CVE) ID: CVE-2018-8555
BugTraq ID: 105775
http://www.securityfocus.com/bid/105775
Common Vulnerability Exposure (CVE) ID: CVE-2018-8556
BugTraq ID: 105779
http://www.securityfocus.com/bid/105779
Common Vulnerability Exposure (CVE) ID: CVE-2018-8557
BugTraq ID: 105780
http://www.securityfocus.com/bid/105780
Common Vulnerability Exposure (CVE) ID: CVE-2018-8561
BugTraq ID: 105813
http://www.securityfocus.com/bid/105813
Common Vulnerability Exposure (CVE) ID: CVE-2018-8567
BugTraq ID: 105784
http://www.securityfocus.com/bid/105784
Common Vulnerability Exposure (CVE) ID: CVE-2018-8584
BugTraq ID: 105808
http://www.securityfocus.com/bid/105808
https://www.exploit-db.com/exploits/46104/
http://www.securitytracker.com/id/1042119
Common Vulnerability Exposure (CVE) ID: CVE-2018-8588
BugTraq ID: 105782
http://www.securityfocus.com/bid/105782
Common Vulnerability Exposure (CVE) ID: CVE-2018-8592
BugTraq ID: 105809
http://www.securityfocus.com/bid/105809
http://www.securitytracker.com/id/1042126
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.