103646

1040662

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964

The remote Windows host is missing security update 4093112.
It is, therefore, affected by multiple vulnerabilities :

  - An vulnerability exists within microprocessors utilizing     speculative execution and indirect branch prediction,     which may allow an attacker with local user access to     disclose information via a side-channel analysis.
    (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

  - An elevation of privilege vulnerability exists when     Windows improperly handles objects in memory and     incorrectly maps kernel memory.  (CVE-2018-1009)

  - A security feature bypass exists when Device Guard     incorrectly validates an untrusted file. An attacker who     successfully exploited this vulnerability could make an     unsigned file appear to be signed. Because Device Guard     relies on the signature to determine the file is non-     malicious, Device Guard could then allow a malicious     file to execute. In an attack scenario, an attacker     could make an untrusted file appear to be a trusted     file. The update addresses the vulnerability by     correcting how Device Guard handles untrusted files.
    (CVE-2018-0966, CVE-2018-1035)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-0979, CVE-2018-0980,     CVE-2018-0990, CVE-2018-0993, CVE-2018-0994,     CVE-2018-0995, CVE-2018-1019)

  - A denial of service vulnerability exists in the way that     Windows SNMP Service handles malformed SNMP traps. An     attacker who successfully exploited the vulnerability     could cause a target system to stop responding. Note     that the denial of service condition would not allow an     attacker to execute code or to elevate user privileges.
    However, the denial of service condition could prevent     authorized users from using system resources. The     security update addresses the vulnerability by     correcting how Windows SNMP Service processes SNMP     traps. (CVE-2018-0967)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0960)

  - An elevation of privilege vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could execute arbitrary code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-1008)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Internet Explorer. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.
    (CVE-2018-0987)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-1003)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0963)

  - A denial of service vulnerability exists in Remote     Desktop Protocol (RDP) when an attacker connects to the     target system using RDP and sends specially crafted     requests. An attacker who successfully exploited this     vulnerability could cause the RDP service on the target     system to stop responding.  (CVE-2018-0976)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0988, CVE-2018-0996, CVE-2018-1001)

  - A security feature bypass vulnerability exists when     Active Directory incorrectly applies Network Isolation     settings.  (CVE-2018-0890)

  - A remote code execution vulnerability exists when the     Windows font library improperly handles specially     crafted embedded fonts. An attacker who successfully     exploited the vulnerability could take control of the     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-1010,     CVE-2018-1012, CVE-2018-1013, CVE-2018-1015,     CVE-2018-1016)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0870,     CVE-2018-0991, CVE-2018-0997, CVE-2018-1018,     CVE-2018-1020)

  - An information disclosure vulnerability exists when     Microsoft Edge PDF Reader improperly handles objects in     memory. An attacker who successfully exploited the     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0998)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0968,     CVE-2018-0969, CVE-2018-0970, CVE-2018-0971,     CVE-2018-0972, CVE-2018-0973, CVE-2018-0974,     CVE-2018-0975)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0892)

  - An information disclosure vulnerability exists when     Windows Hyper-V on a host operating system fails to     properly validate input from an authenticated user on a     guest operating system.  (CVE-2018-0957, CVE-2018-0964)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-1023)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-8116)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-1004)

  - An information disclosure vulnerability exists in the     way that the scripting engine handles objects in memory     in Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could provide an     attacker with information to further compromise the     user's computer or data.  (CVE-2018-0981, CVE-2018-0989,     CVE-2018-1000)

  - A denial of service vulnerability exists in the HTTP 2.0     protocol stack (HTTP.sys) when HTTP.sys improperly     parses specially crafted HTTP 2.0 requests. An attacker     who successfully exploited the vulnerability could     create a denial of service condition, causing the target     system to become unresponsive.  (CVE-2018-0956)

  - An information disclosure vulnerability exists when the     Windows kernel fails to properly initialize a memory     address. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0887)

The remote Windows host is missing security update 4093107.
It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when     Windows improperly handles objects in memory and     incorrectly maps kernel memory.  (CVE-2018-1009)

  - A security feature bypass exists when Device Guard     incorrectly validates an untrusted file. An attacker who     successfully exploited this vulnerability could make an     unsigned file appear to be signed. Because Device Guard     relies on the signature to determine the file is non-     malicious, Device Guard could then allow a malicious     file to execute. In an attack scenario, an attacker     could make an untrusted file appear to be a trusted     file. The update addresses the vulnerability by     correcting how Device Guard handles untrusted files.
    (CVE-2018-0966)

  - A denial of service vulnerability exists in the way that     Windows SNMP Service handles malformed SNMP traps. An     attacker who successfully exploited the vulnerability     could cause a target system to stop responding. Note     that the denial of service condition would not allow an     attacker to execute code or to elevate user privileges.
    However, the denial of service condition could prevent     authorized users from using system resources. The     security update addresses the vulnerability by     correcting how Windows SNMP Service processes SNMP     traps. (CVE-2018-0967)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0960)

  - An elevation of privilege vulnerability exists in     Windows Adobe Type Manager Font Driver (ATMFD.dll) when     it fails to properly handle objects in memory. An     attacker who successfully exploited this vulnerability     could execute arbitrary code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-1008)

  - An information disclosure vulnerability exists when the     scripting engine does not properly handle objects in     memory in Internet Explorer. An attacker who     successfully exploited the vulnerability could obtain     information to further compromise the users system.
    (CVE-2018-0987)

  - A buffer overflow vulnerability exists in the Microsoft     JET Database Engine that could allow remote code     execution on an affected system. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-1003)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-0963)

  - A denial of service vulnerability exists in Remote     Desktop Protocol (RDP) when an attacker connects to the     target system using RDP and sends specially crafted     requests. An attacker who successfully exploited this     vulnerability could cause the RDP service on the target     system to stop responding.  (CVE-2018-0976)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0988, CVE-2018-0996, CVE-2018-1001)

  - A security feature bypass vulnerability exists when     Active Directory incorrectly applies Network Isolation     settings.  (CVE-2018-0890)

  - A remote code execution vulnerability exists when the     Windows font library improperly handles specially     crafted embedded fonts. An attacker who successfully     exploited the vulnerability could take control of the     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-1010,     CVE-2018-1012, CVE-2018-1013, CVE-2018-1015,     CVE-2018-1016)

  - An information disclosure vulnerability exists in the     way that the scripting engine handles objects in memory     in Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could provide an     attacker with information to further compromise the     user's computer or data.  (CVE-2018-0981, CVE-2018-0989,     CVE-2018-1000)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0870,     CVE-2018-0991, CVE-2018-0997, CVE-2018-1018,     CVE-2018-1020)

  - An information disclosure vulnerability exists when     Microsoft Edge PDF Reader improperly handles objects in     memory. An attacker who successfully exploited the     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0998)

  - An information disclosure vulnerability exists in the     Windows kernel that could allow an attacker to retrieve     information that could lead to a Kernel Address Space     Layout Randomization (ASLR) bypass. An attacker who     successfully exploited the vulnerability could retrieve     the memory address of a kernel object.  (CVE-2018-0968,     CVE-2018-0969, CVE-2018-0970, CVE-2018-0971,     CVE-2018-0972, CVE-2018-0973, CVE-2018-0974,     CVE-2018-0975)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-0892)

  - An information disclosure vulnerability exists when     Windows Hyper-V on a host operating system fails to     properly validate input from an authenticated user on a     guest operating system.  (CVE-2018-0957, CVE-2018-0964)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-1023)

  - A denial of service vulnerability exists in the way that     Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could cause a     target system to stop responding. Note that the denial     of service condition would not allow an attacker to     execute code or to elevate user privileges. However, the     denial of service condition could prevent authorized     users from using system resources. The security update     addresses the vulnerability by correcting how Windows     handles objects in memory. (CVE-2018-8116)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-1004)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-0979, CVE-2018-0980,     CVE-2018-0990, CVE-2018-0993, CVE-2018-0994,     CVE-2018-0995)

  - A denial of service vulnerability exists in the HTTP 2.0     protocol stack (HTTP.sys) when HTTP.sys improperly     parses specially crafted HTTP 2.0 requests. An attacker     who successfully exploited the vulnerability could     create a denial of service condition, causing the target     system to become unresponsive.  (CVE-2018-0956)

  - An information disclosure vulnerability exists when the     Windows kernel fails to properly initialize a memory     address. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-0887)

ID	Name	Product	Family	Severity
108964	KB4093112: Windows 10 Version 1709 and Windows Server Version 1709 April 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high
108960	KB4093107: Windows 10 Version 1703 April 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2018-0964

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins