103032

1040369

1040372

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0866

44153

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

The remote Windows host is missing security update 4074587 or cumulative update 4074598. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

  - An information disclosure vulnerability exists when     VBScript improperly discloses the contents of its     memory, which could provide an attacker with information     to further compromise the users computer or data.
    (CVE-2018-0847)

  - A remote code execution vulnerability exists in     StructuredQuery when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-0825)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0742, CVE-2018-0820)

  - A remote code execution vulnerability exists when     Windows improperly handles objects in memory. An     attacker who successfully exploited these     vulnerabilities could take control of an affected     system.  (CVE-2018-0842)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0844, CVE-2018-0846)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

  - An information disclosure vulnerability exists in the     way that the Microsoft Windows Embedded OpenType (EOT)     font engine parses specially crafted embedded fonts. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that while this vulnerability would not     allow an attacker to either execute code or to elevate     user rights directly, it could be used to obtain     information in an attempt to further compromise the     affected system.  (CVE-2018-0755, CVE-2018-0760,     CVE-2018-0761, CVE-2018-0855)

The remote Windows host is missing security update 4074596.
It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)


  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820)

  - An information disclosure vulnerability exists when     VBScript improperly discloses the contents of its     memory, which could provide an attacker with information     to further compromise the users computer or data.
    (CVE-2018-0847)

  - A remote code execution vulnerability exists in     StructuredQuery when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-0825)

  - An elevation of privilege vulnerability exists when NTFS     improperly handles objects. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0822)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0834,     CVE-2018-0835, CVE-2018-0837, CVE-2018-0838,     CVE-2018-0857, CVE-2018-0859, CVE-2018-0860)

  - An elevation of privilege vulnerability exists when     AppContainer improperly implements constrained     impersonation. An attacker who successfully exploited     this vulnerability could run processes in an elevated     context.  (CVE-2018-0821)

  - A remote code execution vulnerability exists when     Windows improperly handles objects in memory. An     attacker who successfully exploited these     vulnerabilities could take control of an affected     system.  (CVE-2018-0842)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0832)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0844, CVE-2018-0846)

The remote Windows host is missing security update 4074597 or cumulative update 4074594. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

  - An information disclosure vulnerability exists when     VBScript improperly discloses the contents of its     memory, which could provide an attacker with information     to further compromise the users computer or data.
    (CVE-2018-0847)

  - A remote code execution vulnerability exists in     StructuredQuery when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-0825)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0742, CVE-2018-0820)

  - A denial of service vulnerability exists in     implementations of the Microsoft Server Message Block     2.0 and 3.0 (SMBv2/SMBv3) client. The vulnerability is     due to improper handling of certain requests sent by a     malicious SMB server to the client. An attacker who     successfully exploited this vulnerability could cause     the affected system to stop responding until it is     manually restarted.  (CVE-2018-0833)

  - A remote code execution vulnerability exists when     Windows improperly handles objects in memory. An     attacker who successfully exploited these     vulnerabilities could take control of an affected     system.  (CVE-2018-0842)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0844, CVE-2018-0846)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0832)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

The remote Windows host is missing security update 4074589 or cumulative update 4074593. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

  - An information disclosure vulnerability exists when     VBScript improperly discloses the contents of its     memory, which could provide an attacker with information     to further compromise the users computer or data.
    (CVE-2018-0847)

  - A remote code execution vulnerability exists in     StructuredQuery when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-0825)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0742, CVE-2018-0820)

  - A remote code execution vulnerability exists when     Windows improperly handles objects in memory. An     attacker who successfully exploited these     vulnerabilities could take control of an affected     system.  (CVE-2018-0842)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0844, CVE-2018-0846)

  - An information disclosure vulnerability exists in the     way that the Microsoft Windows Embedded OpenType (EOT)     font engine parses specially crafted embedded fonts. An     attacker who successfully exploited this vulnerability     could potentially read data that was not intended to be     disclosed. Note that while this vulnerability would not     allow an attacker to either execute code or to elevate     user rights directly, it could be used to obtain     information in an attempt to further compromise the     affected system.  (CVE-2018-0760)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

  - An information disclosure vulnerability exists when the     Windows kernel fails to properly initialize a memory     address. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0810)

The remote Windows host is missing security update 4074592.
It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - A security feature bypass vulnerability exists in     Windows Scripting Host which could allow an attacker to     bypass Device Guard. An attacker who successfully     exploited this vulnerability could circumvent a User     Mode Code Integrity (UMCI) policy on the machine.
    (CVE-2018-0827)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0763, CVE-2018-0839)

  - An information disclosure vulnerability exists when     VBScript improperly discloses the contents of its     memory, which could provide an attacker with information     to further compromise the users computer or data.
    (CVE-2018-0847)

  - A remote code execution vulnerability exists in     StructuredQuery when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-0825)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0834,     CVE-2018-0835, CVE-2018-0836, CVE-2018-0837,     CVE-2018-0838, CVE-2018-0856, CVE-2018-0857,     CVE-2018-0859, CVE-2018-0860, CVE-2018-0861)

  - An elevation of privilege vulnerability exists when NTFS     improperly handles objects. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0822)

  - An elevation of privilege vulnerability exists when     AppContainer improperly implements constrained     impersonation. An attacker who successfully exploited     this vulnerability could run processes in an elevated     context.  (CVE-2018-0821)

  - A remote code execution vulnerability exists when     Windows improperly handles objects in memory. An     attacker who successfully exploited these     vulnerabilities could take control of an affected     system.  (CVE-2018-0842)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0844, CVE-2018-0846)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0832)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0809)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820,     CVE-2018-0831)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-0771)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

  - An elevation of privilege vulnerability exists when     Storage Services improperly handles objects in memory.
    An attacker who successfully exploited this     vulnerability could run processes in an elevated     context.  (CVE-2018-0826)

The remote Windows host is missing security update 4074591.
It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820)

  - An information disclosure vulnerability exists when     VBScript improperly discloses the contents of its     memory, which could provide an attacker with information     to further compromise the users computer or data.
    (CVE-2018-0847)

  - A remote code execution vulnerability exists in     StructuredQuery when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-0825)

  - An elevation of privilege vulnerability exists when     Storage Services improperly handles objects in memory.
    An attacker who successfully exploited this     vulnerability could run processes in an elevated     context.  (CVE-2018-0826)

  - An elevation of privilege vulnerability exists when NTFS     improperly handles objects. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0822)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0834,     CVE-2018-0835, CVE-2018-0837, CVE-2018-0838,     CVE-2018-0857, CVE-2018-0859, CVE-2018-0860)

  - An elevation of privilege vulnerability exists when     AppContainer improperly implements constrained     impersonation. An attacker who successfully exploited     this vulnerability could run processes in an elevated     context.  (CVE-2018-0821)

  - A remote code execution vulnerability exists when     Windows improperly handles objects in memory. An     attacker who successfully exploited these     vulnerabilities could take control of an affected     system.  (CVE-2018-0842)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0832)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0844, CVE-2018-0846)

The remote Windows host is missing security update 4074590. It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

  - A remote code execution vulnerability exists when     Windows improperly handles objects in memory. An     attacker who successfully exploited these     vulnerabilities could take control of an affected     system.  (CVE-2018-0842)

  - A remote code execution vulnerability exists in     StructuredQuery when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-0825)

  - An elevation of privilege vulnerability exists when     Storage Services improperly handles objects in memory.
    An attacker who successfully exploited this     vulnerability could run processes in an elevated     context.  (CVE-2018-0826)

  - An elevation of privilege vulnerability exists when NTFS     improperly handles objects. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0822)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0834,     CVE-2018-0835, CVE-2018-0837, CVE-2018-0838,     CVE-2018-0857, CVE-2018-0859, CVE-2018-0860,     CVE-2018-0861)

  - An elevation of privilege vulnerability exists when     AppContainer improperly implements constrained     impersonation. An attacker who successfully exploited     this vulnerability could run processes in an elevated     context.  (CVE-2018-0821)

  - An elevation of privilege vulnerability exists in     Microsoft Windows when the MultiPoint management account     password is improperly secured. An attacker who     successfully exploited this vulnerability could run     arbitrary code with elevated privileges.
    (CVE-2018-0828)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0832)

  - An information disclosure vulnerability exists when     VBScript improperly discloses the contents of its     memory, which could provide an attacker with information     to further compromise the users computer or data.
    (CVE-2018-0847)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0844, CVE-2018-0846)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-0771)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820,     CVE-2018-0831)

The remote Windows host is missing security update 4074588. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0866)

  - A security feature bypass vulnerability exists in     Windows Scripting Host which could allow an attacker to     bypass Device Guard. An attacker who successfully     exploited this vulnerability could circumvent a User     Mode Code Integrity (UMCI) policy on the machine.
    (CVE-2018-0827)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0834,     CVE-2018-0835, CVE-2018-0836, CVE-2018-0837,     CVE-2018-0838, CVE-2018-0856, CVE-2018-0857,     CVE-2018-0859, CVE-2018-0860)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0763)

  - An information disclosure vulnerability exists when the     Windows kernel fails to properly initialize a memory     address. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0843)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0832)

  - An information disclosure vulnerability exists when     VBScript improperly discloses the contents of its     memory, which could provide an attacker with information     to further compromise the users computer or data.
    (CVE-2018-0847)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

  - A remote code execution vulnerability exists in     StructuredQuery when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-0825)

  - An elevation of privilege vulnerability exists when     Storage Services improperly handles objects in memory.
    An attacker who successfully exploited this     vulnerability could run processes in an elevated     context.  (CVE-2018-0826)

  - An elevation of privilege vulnerability exists when NTFS     improperly handles objects. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0822)

  - An elevation of privilege vulnerability exists when     AppContainer improperly implements constrained     impersonation. An attacker who successfully exploited     this vulnerability could run processes in an elevated     context.  (CVE-2018-0821)

  - A remote code execution vulnerability exists when     Windows improperly handles objects in memory. An     attacker who successfully exploited these     vulnerabilities could take control of an affected     system.  (CVE-2018-0842)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-0844, CVE-2018-0846)

  - An elevation of privilege vulnerability exist when Named     Pipe File System improperly handles objects. An attacker     who successfully exploited this vulnerability could run     processes in an elevated context.  (CVE-2018-0823)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-0809)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0742, CVE-2018-0756, CVE-2018-0820,     CVE-2018-0831)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0840)

ID	Name	Product	Family	Severity
106804	Security Updates for Internet Explorer (February 2018)	Nessus	Windows : Microsoft Bulletins	high
106802	KB4074587: Windows 7 and Windows Server 2008 R2 February 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
106801	KB4074596: Windows 10 February 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
106800	KB4074597: Windows 8.1 and Windows Server 2012 R2 February 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
106799	KB4074589: Windows Server 2012 February 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
106798	KB4074592: Windows 10 Version 1703 February 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
106797	KB4074591: Windows 10 Version 1511 February 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
106796	KB4074590: Windows 10 Version 1607 and Windows Server 2016 February 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
106795	KB4074588: Windows 10 Version 1709 and Windows Server Version 1709 February 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2018-0866

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins