English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 150599 CVE descriptions
and 73533 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.814215
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4457142)
Summary:This host is missing a critical security; update according to Microsoft KB4457142
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4457142

Vulnerability Insight:
Multiple flaw exists due to,

- An error in the way that the Chakra scripting engine handles objects in memory.

- An error when Microsoft Edge PDF Reader improperly handles objects in memory.

- An error when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles
objects in memory.

- An error when Internet Explorer improperly accesses objects in memory.

- An error in Windows that allows a sandbox escape.

- An error in Microsoft Edge that could allow an attacker to escape from the
AppContainer sandbox in the browser.

- An error in Internet Explorer due to how scripts are handled that allows a
universal cross-site scripting (UXSS) condition.

- An error when Windows Hyper-V on a host server fails to properly validate input
from an authenticated user on a guest operating system.

- An error when Microsoft Hyper-V Network Switch on a host server fails to properly
validate input from a privileged user on a guest operating system.

- An error in the Microsoft JET Database Engine that could allow remote code
execution on an affected system.

- An error when the Windows Kernel API improperly handles registry objects in memory.

- An error when the Windows kernel improperly handles objects in memory.

- An error when the Windows Graphics component improperly handles objects in memory.

- An error when Windows Hyper-V BIOS loader fails to provide a high-entropy source.

- An error when Windows Hyper-V on a host operating system fails to properly
validate input from an authenticated user on a guest operating system.

- An error when the Windows kernel fails to properly initialize a memory address.

- A security feature bypass exists when Device Guard incorrectly validates an
untrusted file.

- An error when Windows does not properly handle specially crafted image files.

- An error when the scripting engine does not properly handle objects in memory in
Microsoft browsers.

- An error in the way that the Windows Kernel handles objects in memory.

- An error when Windows Subsystem for Linux improperly handles case sensitivity.

- An error in the Microsoft Server Block Message (SMB) when an attacker sends
specially crafted requests to the server.

- Microsoft is aware of a denial of service vulnerability (named FragmentSmack
CVE-2018-5391) affecting Windows systems.

- An error when the Windows font library improperly handles specially crafted
embedded fonts.

- An error when the Microsoft XML Core Services MSXML parser processes user
input.

- An error when Windows improperly handles calls to Advanced Local Procedure
Call (ALPC).

- An error when the Windows GDI component improperly discloses the contents of its
memory.

- An error when Microsoft Edge improperly handles specific HTML content.

Vulnerability Impact:
Successful exploitation will allow remote
attacker to gain the same user rights as the current user, run processes in
an elevated context, escape sandbox, access any session, execute arbitrary code,
conduct a DoS condition, take complete control of an affected system, disclose
contents of System memory, gain access to sensitive information, bypass security
restrictions, make an unsigned file appear to be signed and replace or delete
arbitrary files.

Affected Software/OS:
Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-5391
BugTraq ID: 105108
http://www.securityfocus.com/bid/105108
CERT/CC vulnerability note: VU#641765
https://www.kb.cert.org/vuls/id/641765
Debian Security Information: DSA-4272 (Google Search)
https://www.debian.org/security/2018/dsa-4272
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
RedHat Security Advisories: RHSA-2018:2785
https://access.redhat.com/errata/RHSA-2018:2785
RedHat Security Advisories: RHSA-2018:2791
https://access.redhat.com/errata/RHSA-2018:2791
RedHat Security Advisories: RHSA-2018:2846
https://access.redhat.com/errata/RHSA-2018:2846
RedHat Security Advisories: RHSA-2018:2924
https://access.redhat.com/errata/RHSA-2018:2924
RedHat Security Advisories: RHSA-2018:2925
https://access.redhat.com/errata/RHSA-2018:2925
RedHat Security Advisories: RHSA-2018:2933
https://access.redhat.com/errata/RHSA-2018:2933
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RedHat Security Advisories: RHSA-2018:3459
https://access.redhat.com/errata/RHSA-2018:3459
RedHat Security Advisories: RHSA-2018:3540
https://access.redhat.com/errata/RHSA-2018:3540
RedHat Security Advisories: RHSA-2018:3586
https://access.redhat.com/errata/RHSA-2018:3586
RedHat Security Advisories: RHSA-2018:3590
https://access.redhat.com/errata/RHSA-2018:3590
http://www.securitytracker.com/id/1041476
http://www.securitytracker.com/id/1041637
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-0965
BugTraq ID: 105229
http://www.securityfocus.com/bid/105229
http://www.securitytracker.com/id/1041624
Common Vulnerability Exposure (CVE) ID: CVE-2018-8271
BugTraq ID: 105247
http://www.securityfocus.com/bid/105247
http://www.securitytracker.com/id/1041635
Common Vulnerability Exposure (CVE) ID: CVE-2018-8315
BugTraq ID: 105251
http://www.securityfocus.com/bid/105251
http://www.securitytracker.com/id/1041623
Common Vulnerability Exposure (CVE) ID: CVE-2018-8332
BugTraq ID: 105248
http://www.securityfocus.com/bid/105248
http://www.securitytracker.com/id/1041628
Common Vulnerability Exposure (CVE) ID: CVE-2018-8335
BugTraq ID: 105224
http://www.securityfocus.com/bid/105224
http://www.securitytracker.com/id/1041634
Common Vulnerability Exposure (CVE) ID: CVE-2018-8337
BugTraq ID: 105250
http://www.securityfocus.com/bid/105250
Common Vulnerability Exposure (CVE) ID: CVE-2018-8354
BugTraq ID: 105232
http://www.securityfocus.com/bid/105232
Common Vulnerability Exposure (CVE) ID: CVE-2018-8367
BugTraq ID: 105245
http://www.securityfocus.com/bid/105245
Common Vulnerability Exposure (CVE) ID: CVE-2018-8392
BugTraq ID: 105213
http://www.securityfocus.com/bid/105213
http://www.securitytracker.com/id/1041625
Common Vulnerability Exposure (CVE) ID: CVE-2018-8393
BugTraq ID: 105214
http://www.securityfocus.com/bid/105214
Common Vulnerability Exposure (CVE) ID: CVE-2018-8410
BugTraq ID: 105256
http://www.securityfocus.com/bid/105256
https://www.exploit-db.com/exploits/45436/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8419
BugTraq ID: 105238
http://www.securityfocus.com/bid/105238
Common Vulnerability Exposure (CVE) ID: CVE-2018-8420
BugTraq ID: 105259
http://www.securityfocus.com/bid/105259
http://www.securitytracker.com/id/1041627
Common Vulnerability Exposure (CVE) ID: CVE-2018-8421
BugTraq ID: 105222
http://www.securityfocus.com/bid/105222
http://www.securitytracker.com/id/1041636
Common Vulnerability Exposure (CVE) ID: CVE-2018-8424
BugTraq ID: 105261
http://www.securityfocus.com/bid/105261
Common Vulnerability Exposure (CVE) ID: CVE-2018-8425
BugTraq ID: 105255
http://www.securityfocus.com/bid/105255
Common Vulnerability Exposure (CVE) ID: CVE-2018-8433
BugTraq ID: 105264
http://www.securityfocus.com/bid/105264
Common Vulnerability Exposure (CVE) ID: CVE-2018-8434
BugTraq ID: 105239
http://www.securityfocus.com/bid/105239
Common Vulnerability Exposure (CVE) ID: CVE-2018-8435
BugTraq ID: 105240
http://www.securityfocus.com/bid/105240
Common Vulnerability Exposure (CVE) ID: CVE-2018-8438
BugTraq ID: 105249
http://www.securityfocus.com/bid/105249
Common Vulnerability Exposure (CVE) ID: CVE-2018-8439
BugTraq ID: 105233
http://www.securityfocus.com/bid/105233
Common Vulnerability Exposure (CVE) ID: CVE-2018-8440
BugTraq ID: 105153
http://www.securityfocus.com/bid/105153
https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
http://www.securitytracker.com/id/1041578
Common Vulnerability Exposure (CVE) ID: CVE-2018-8442
BugTraq ID: 105234
http://www.securityfocus.com/bid/105234
Common Vulnerability Exposure (CVE) ID: CVE-2018-8443
BugTraq ID: 105228
http://www.securityfocus.com/bid/105228
Common Vulnerability Exposure (CVE) ID: CVE-2018-8446
BugTraq ID: 105217
http://www.securityfocus.com/bid/105217
Common Vulnerability Exposure (CVE) ID: CVE-2018-8447
BugTraq ID: 105257
http://www.securityfocus.com/bid/105257
http://www.securitytracker.com/id/1041632
Common Vulnerability Exposure (CVE) ID: CVE-2018-8449
BugTraq ID: 105272
http://www.securityfocus.com/bid/105272
https://www.exploit-db.com/exploits/45435/
http://www.securitytracker.com/id/1041642
Common Vulnerability Exposure (CVE) ID: CVE-2018-8452
BugTraq ID: 105252
http://www.securityfocus.com/bid/105252
Common Vulnerability Exposure (CVE) ID: CVE-2018-8455
BugTraq ID: 105211
http://www.securityfocus.com/bid/105211
Common Vulnerability Exposure (CVE) ID: CVE-2018-8456
BugTraq ID: 105227
http://www.securityfocus.com/bid/105227
Common Vulnerability Exposure (CVE) ID: CVE-2018-8457
BugTraq ID: 105207
http://www.securityfocus.com/bid/105207
Common Vulnerability Exposure (CVE) ID: CVE-2018-8461
BugTraq ID: 105258
http://www.securityfocus.com/bid/105258
Common Vulnerability Exposure (CVE) ID: CVE-2018-8462
BugTraq ID: 105274
http://www.securityfocus.com/bid/105274
http://www.securitytracker.com/id/1041629
Common Vulnerability Exposure (CVE) ID: CVE-2018-8464
BugTraq ID: 105265
http://www.securityfocus.com/bid/105265
Common Vulnerability Exposure (CVE) ID: CVE-2018-8465
BugTraq ID: 105242
http://www.securityfocus.com/bid/105242
Common Vulnerability Exposure (CVE) ID: CVE-2018-8466
BugTraq ID: 105243
http://www.securityfocus.com/bid/105243
https://www.exploit-db.com/exploits/45571/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8467
BugTraq ID: 105244
http://www.securityfocus.com/bid/105244
https://www.exploit-db.com/exploits/45572/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8468
BugTraq ID: 105275
http://www.securityfocus.com/bid/105275
https://www.exploit-db.com/exploits/45502/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8469
BugTraq ID: 105263
http://www.securityfocus.com/bid/105263
Common Vulnerability Exposure (CVE) ID: CVE-2018-8470
BugTraq ID: 105267
http://www.securityfocus.com/bid/105267
Common Vulnerability Exposure (CVE) ID: CVE-2018-8475
BugTraq ID: 105277
http://www.securityfocus.com/bid/105277
http://www.securitytracker.com/id/1041626
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.