102355

1040096

https://95cnsec.com/windows-smb-cve-2018-0749-exploit.html

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749

43517

The remote Windows host is missing multiple security updates released on 2018/01/03. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerabilities exists in the way that     the Color Management Module (ICM32.dll) handles objects in     memory. This vulnerability allows an attacker to retrieve     information to bypass usermode ASLR (Address Space Layout     Randomization) on a targeted system. By itself, the information     disclosure does not allow arbitrary code execution. However, it     could allow arbitrary code to be run if the attacker uses it in     combination with another vulnerability. (CVE-2018-0741)

  - An information disclosure vulnerability exists in the Windows     kernel that could allow an attacker to retrieve information that     could lead to a Kernel Address Space Layout Randomization (ASLR)     bypass. (CVE-2018-0747)

  - An elevation of privilege vulnerability exists in the way that     the Windows Kernel API enforces permissions. An attacker who     successfully exploits the vulnerability could impersonate     processes, interject cross-process communication, or interrupt     system functionality. (CVE-2018-0748)

  - An elevation of privilege vulnerability exists in the Microsoft     Server Message Block (SMB) server when an attacker who has valid     credentials attempts to open a specially crafted file over the     SMB protocol on the same machine. An attacker who successfully     exploits this vulnerability could bypass certain security checks     in the operating system. (CVE-2018-0749)

  - A Win32k information disclosure vulnerability exists when the     Windows GDI component improperly discloses kernel memory     addresses. An attacker who successfully exploits the     vulnerability could obtain information to further compromise the     user's system. (CVE-2018-0750)

  - An information disclosure vulnerability exists in Adobe Type     Manager Font Driver (ATMFD.dll) when it fails to properly handle     objects in memory. An attacker who successfully exploits the     vulnerability could obtain information to enable the attacker to     further compromise the user's system.

The remote Windows host is missing security update 4056899 or cumulative update 4056896. It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could execute arbitrary code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-0788)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0746,     CVE-2018-0747)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

The remote Windows host is missing security update 4056898 or cumulative update 4056895. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could execute arbitrary code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-0788)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0746,     CVE-2018-0747)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

The remote Windows host is missing security update 4056897 or cumulative update 4056894. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could execute arbitrary code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-0788)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An information disclosure vulnerability exists in the     way that the Color Management Module (ICM32.dll) handles     objects in memory. This vulnerability allows an attacker     to retrieve information to bypass usermode ASLR (Address     Space Layout Randomization) on a targeted system. By     itself, the information disclosure does not allow     arbitrary code execution; however, it could allow     arbitrary code to be run if the attacker uses it in     combination with another vulnerability.  (CVE-2018-0741)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0747)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748)

  - A Win32k information disclosure vulnerability exists     when the Windows GDI component improperly discloses     kernel memory addresses. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2018-0750)

The remote Windows host is missing security update 4056893 or 4075199. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0758,     CVE-2018-0769, CVE-2018-0770, CVE-2018-0776,     CVE-2018-0777)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0746,     CVE-2018-0747)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2018-0780)

  - An elevation of privilege vulnerability exists when     Microsoft Edge does not properly enforce cross-domain     policies, which could allow an attacker to access     information from one domain and inject it into another     domain.  (CVE-2018-0803)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An information disclosure vulnerability exists when     Microsoft Edge PDF Reader improperly handles objects in     memory. An attacker who successfully exploited the     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0766)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

The remote Windows host is missing security update 4056892 or 4073291. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2018-0767,     CVE-2018-0780, CVE-2018-0800)

  - An elevation of privilege vulnerability exists when     Microsoft Edge does not properly enforce cross-domain     policies, which could allow an attacker to access     information from one domain and inject it into another     domain.  (CVE-2018-0803)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An information disclosure vulnerability exists when     Microsoft Edge PDF Reader improperly handles objects in     memory. An attacker who successfully exploited the     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0766)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0758,     CVE-2018-0768, CVE-2018-0769, CVE-2018-0770,     CVE-2018-0773, CVE-2018-0774, CVE-2018-0775,     CVE-2018-0776, CVE-2018-0777, CVE-2018-0778,     CVE-2018-0781)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0745,     CVE-2018-0746, CVE-2018-0747)

  - An elevation of privilege vulnerability exists due to an     integer overflow in Windows Subsystem for Linux. An     attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0743)

The remote Windows host is missing security update 4056891 or 4057144. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0758,     CVE-2018-0769, CVE-2018-0770, CVE-2018-0776,     CVE-2018-0777, CVE-2018-0781)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - An elevation of privilege vulnerability exists when     Microsoft Edge does not properly enforce cross-domain     policies, which could allow an attacker to access     information from one domain and inject it into another     domain.  (CVE-2018-0803)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An information disclosure vulnerability exists when     Microsoft Edge PDF Reader improperly handles objects in     memory. An attacker who successfully exploited the     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0766)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2018-0767,     CVE-2018-0780)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0745,     CVE-2018-0746, CVE-2018-0747)

  - An elevation of privilege vulnerability exists due to an     integer overflow in Windows Subsystem for Linux. An     attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0743)

The remote Windows host is missing security update 4056890 or 4057142. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0758,     CVE-2018-0769, CVE-2018-0770, CVE-2018-0776,     CVE-2018-0777, CVE-2018-0781)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0746,     CVE-2018-0747)

  - An elevation of privilege vulnerability exists when     Microsoft Edge does not properly enforce cross-domain     policies, which could allow an attacker to access     information from one domain and inject it into another     domain.  (CVE-2018-0803)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An information disclosure vulnerability exists when     Microsoft Edge PDF Reader improperly handles objects in     memory. An attacker who successfully exploited the     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0766)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2018-0767,     CVE-2018-0780)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

The remote Windows host is missing security update 4056888 or 4075200. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0758,     CVE-2018-0769, CVE-2018-0770, CVE-2018-0776,     CVE-2018-0777, CVE-2018-0781)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0746,     CVE-2018-0747)

  - An elevation of privilege vulnerability exists when     Microsoft Edge does not properly enforce cross-domain     policies, which could allow an attacker to access     information from one domain and inject it into another     domain.  (CVE-2018-0803)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An information disclosure vulnerability exists when     Microsoft Edge PDF Reader improperly handles objects in     memory. An attacker who successfully exploited the     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0766)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Microsoft Edge. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2018-0767,     CVE-2018-0780)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

ID	Name	Product	Family	Severity
105585	Windows 2008 January 3 2018 Multiple Security Updates	Nessus	Windows : Microsoft Bulletins	medium
105554	KB4056899: Windows Server 2012 January 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
105553	KB4056898: Windows 8.1 and Windows Server 2012 R2 January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
105552	KB4056897: Windows 7 and Windows Server 2008 R2 January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
105551	KB4056893: Windows 10 LTSB January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
105550	KB4056892: Windows 10 Version 1709 and Windows Server Version 1709 January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
105549	KB4056891: Windows 10 Version 1703 January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
105548	KB4056890: Windows 10 Version 1607 and Windows Server 2016 January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
105547	KB4056888: Windows 10 Version 1511 January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high

CVE-2018-0749

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins