102364

1040092

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0788

The remote Windows host is missing security update 4056899 or cumulative update 4056896. It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could execute arbitrary code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-0788)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0746,     CVE-2018-0747)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

The remote Windows host is missing security update 4056898 or cumulative update 4056895. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could execute arbitrary code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-0788)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0744)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0746,     CVE-2018-0747)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-0753)

The remote Windows host is missing security update 4056897 or cumulative update 4056894. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could execute arbitrary code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-0788)

  - An information disclosure vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that this vulnerability would not allow     an attacker to execute code or to elevate their user     rights directly, but it could be used to obtain     information that could be used to try to further     compromise the affected system.  (CVE-2018-0754)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0762, CVE-2018-0772)

  - An information disclosure vulnerability exists in the     way that the Color Management Module (ICM32.dll) handles     objects in memory. This vulnerability allows an attacker     to retrieve information to bypass usermode ASLR (Address     Space Layout Randomization) on a targeted system. By     itself, the information disclosure does not allow     arbitrary code execution; however, it could allow     arbitrary code to be run if the attacker uses it in     combination with another vulnerability.  (CVE-2018-0741)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0747)

  - An elevation of privilege vulnerability exists in the     Microsoft Server Message Block (SMB) Server when an     attacker with valid credentials attempts to open a     specially crafted file over the SMB protocol on the same     machine. An attacker who successfully exploited this     vulnerability could bypass certain security checks in     the operating system.  (CVE-2018-0749)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-0748)

  - A Win32k information disclosure vulnerability exists     when the Windows GDI component improperly discloses     kernel memory addresses. An attacker who successfully     exploited the vulnerability could obtain information to     further compromise the users system.  (CVE-2018-0750)

ID	Name	Product	Family	Severity
105554	KB4056899: Windows Server 2012 January 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
105553	KB4056898: Windows 8.1 and Windows Server 2012 R2 January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
105552	KB4056897: Windows 7 and Windows Server 2008 R2 January 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high

CVE-2018-0788

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high