103978

1040844

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1022

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-1025)

  - An information disclosure vulnerability exists when     Chakra improperly discloses the contents of its memory,     which could provide an attacker with information to     further compromise the users computer or data.
    (CVE-2018-8145)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0954, CVE-2018-1022)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8178)

The remote Windows host is missing security update 4103731.
It is, therefore, affected by multiple vulnerabilities :

  - A security feature bypass vulnerability exists in .Net     Framework which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-1039)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8178)

  - A remote code execution vulnerability exists in     Microsoft COM for Windows when it fails to     properly handle serialized objects. An attacker who     successfully exploited the vulnerability could use a     specially crafted file or script to perform actions. In     an email attack scenario, an attacker could exploit the     vulnerability by sending the specially crafted file to     the user and convincing the user to open the file.
    (CVE-2018-0824)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate vSMB packet data. An attacker who successfully     exploited these vulnerabilities could execute arbitrary     code on a target operating system. To exploit these     vulnerabilities, an attacker running inside a virtual     machine could run a specially crafted application that     could cause the Hyper-V host operating system to execute     arbitrary code. The update addresses the vulnerabilities     by correcting how Windows Hyper-V validates vSMB packet     data. (CVE-2018-0961)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8167)

  - A security feature bypass vulnerability exists in     Windows which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-0958,     CVE-2018-8129, CVE-2018-8132)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8127)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-8174)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-8112)

  - A denial of service vulnerability exists when .NET and     .NET Core improperly process XML documents. An attacker     who successfully exploited this vulnerability could     cause a denial of service against a .NET application. A     remote unauthenticated attacker could exploit this     vulnerability by issuing specially crafted requests to a     .NET (or .NET core) application. The update addresses     the vulnerability by correcting how .NET and .NET Core     applications handle XML document processing.
    (CVE-2018-0765)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-8897)

  - An information disclosure vulnerability exists when     Chakra improperly discloses the contents of its memory,     which could provide an attacker with information to     further compromise the users computer or data.
    (CVE-2018-8145)

  - A security feature bypass vulnerability exists in     Windows Scripting Host which could allow an attacker to     bypass Device Guard. An attacker who successfully     exploited this vulnerability could circumvent a User     Mode Code Integrity (UMCI) policy on the machine.
    (CVE-2018-0854)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8165)

  - A remote code execution vulnerability exists in the way     that Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could execute     arbitrary code with elevated permissions on a target     system.  (CVE-2018-8136)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-0943, CVE-2018-8133)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8124, CVE-2018-8164,     CVE-2018-8166)

  - A security feature bypass vulnerability exists when     Internet Explorer fails to validate User Mode Code     Integrity (UMCI) policies. The vulnerability could allow     an attacker to bypass Device Guard UMCI policies.
    (CVE-2018-8126)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-8134)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8179)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0946,     CVE-2018-0951, CVE-2018-0953, CVE-2018-8128,     CVE-2018-8137)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0954, CVE-2018-1022)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-0959)

  - An elevation of privilege vulnerability exists in the     way that the Windows kernel image handles objects in     memory. An attacker who successfully exploited the     vulnerability could execute code with elevated     permissions.  (CVE-2018-8170)

The remote Windows host is missing security update 4103727.
It is, therefore, affected by multiple vulnerabilities :

  - A security feature bypass vulnerability exists in .Net     Framework which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-1039)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8178)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8127, CVE-2018-8141)

  - A remote code execution vulnerability exists in     Microsoft COM for Windows when it fails to     properly handle serialized objects. An attacker who     successfully exploited the vulnerability could use a     specially crafted file or script to perform actions. In     an email attack scenario, an attacker could exploit the     vulnerability by sending the specially crafted file to     the user and convincing the user to open the file.
    (CVE-2018-0824)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate vSMB packet data. An attacker who successfully     exploited these vulnerabilities could execute arbitrary     code on a target operating system. To exploit these     vulnerabilities, an attacker running inside a virtual     machine could run a specially crafted application that     could cause the Hyper-V host operating system to execute     arbitrary code. The update addresses the vulnerabilities     by correcting how Windows Hyper-V validates vSMB packet     data. (CVE-2018-0961)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8123,     CVE-2018-8179)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8167)

  - A security feature bypass vulnerability exists in     Windows which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-0958,     CVE-2018-8129, CVE-2018-8132)

  - An information disclosure vulnerability exists when     Microsoft Edge improperly handles objects in memory. An     attacker who successfully exploited the vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-1021)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-8174)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-0943, CVE-2018-8130,     CVE-2018-8133)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-8112)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-8897)

  - An information disclosure vulnerability exists when     Chakra improperly discloses the contents of its memory,     which could provide an attacker with information to     further compromise the users computer or data.
    (CVE-2018-8145)

  - A security feature bypass vulnerability exists in     Windows Scripting Host which could allow an attacker to     bypass Device Guard. An attacker who successfully     exploited this vulnerability could circumvent a User     Mode Code Integrity (UMCI) policy on the machine.
    (CVE-2018-0854)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8165)

  - A remote code execution vulnerability exists in the way     that Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could execute     arbitrary code with elevated permissions on a target     system.  (CVE-2018-8136)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-0959)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8124, CVE-2018-8164,     CVE-2018-8166)

  - A security feature bypass vulnerability exists when     Internet Explorer fails to validate User Mode Code     Integrity (UMCI) policies. The vulnerability could allow     an attacker to bypass Device Guard UMCI policies.
    (CVE-2018-8126)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-8134)

  - A denial of service vulnerability exists when .NET and     .NET Core improperly process XML documents. An attacker     who successfully exploited this vulnerability could     cause a denial of service against a .NET application. A     remote unauthenticated attacker could exploit this     vulnerability by issuing specially crafted requests to a     .NET (or .NET core) application. The update addresses     the vulnerability by correcting how .NET and .NET Core     applications handle XML document processing.
    (CVE-2018-0765)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0946,     CVE-2018-0951, CVE-2018-0953, CVE-2018-8128,     CVE-2018-8137)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0954, CVE-2018-1022)

  - An elevation of privilege vulnerability exists in the     way that the Windows kernel image handles objects in     memory. An attacker who successfully exploited the     vulnerability could execute code with elevated     permissions.  (CVE-2018-8170)

The remote Windows host is missing security update 4103715 or cumulative update 4103725. It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-8897)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8178)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0954, CVE-2018-1022)

  - A security feature bypass vulnerability exists in .Net     Framework which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-1039)

  - An information disclosure vulnerability exists when     Chakra improperly discloses the contents of its memory,     which could provide an attacker with information to     further compromise the users computer or data.
    (CVE-2018-8145)

  - A remote code execution vulnerability exists in the way     that Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could execute     arbitrary code with elevated permissions on a target     system.  (CVE-2018-8136)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8127)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8167)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-0959)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-1025)

  - A remote code execution vulnerability exists in     Microsoft COM for Windows when it fails to     properly handle serialized objects. An attacker who     successfully exploited the vulnerability could use a     specially crafted file or script to perform actions. In     an email attack scenario, an attacker could exploit the     vulnerability by sending the specially crafted file to     the user and convincing the user to open the file.
    (CVE-2018-0824)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-8174)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8124, CVE-2018-8164,     CVE-2018-8166)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-8134)

  - A denial of service vulnerability exists when .NET and     .NET Core improperly process XML documents. An attacker     who successfully exploited this vulnerability could     cause a denial of service against a .NET application. A     remote unauthenticated attacker could exploit this     vulnerability by issuing specially crafted requests to a     .NET (or .NET core) application. The update addresses     the vulnerability by correcting how .NET and .NET Core     applications handle XML document processing.
    (CVE-2018-0765)

The remote Windows host is missing security update 4103723.
It is, therefore, affected by multiple vulnerabilities :

  - A security feature bypass vulnerability exists in .Net     Framework which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-1039)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8178)

  - A remote code execution vulnerability exists in     Microsoft COM for Windows when it fails to     properly handle serialized objects. An attacker who     successfully exploited the vulnerability could use a     specially crafted file or script to perform actions. In     an email attack scenario, an attacker could exploit the     vulnerability by sending the specially crafted file to     the user and convincing the user to open the file.
    (CVE-2018-0824)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0951,     CVE-2018-0953, CVE-2018-8137)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate vSMB packet data. An attacker who successfully     exploited these vulnerabilities could execute arbitrary     code on a target operating system. To exploit these     vulnerabilities, an attacker running inside a virtual     machine could run a specially crafted application that     could cause the Hyper-V host operating system to execute     arbitrary code. The update addresses the vulnerabilities     by correcting how Windows Hyper-V validates vSMB packet     data. (CVE-2018-0961)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8167)

  - A security feature bypass vulnerability exists in     Windows which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-0958,     CVE-2018-8129, CVE-2018-8132)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8127)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-8174)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-8112)

  - A denial of service vulnerability exists when .NET and     .NET Core improperly process XML documents. An attacker     who successfully exploited this vulnerability could     cause a denial of service against a .NET application. A     remote unauthenticated attacker could exploit this     vulnerability by issuing specially crafted requests to a     .NET (or .NET core) application. The update addresses     the vulnerability by correcting how .NET and .NET Core     applications handle XML document processing.
    (CVE-2018-0765)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-8897)

  - An information disclosure vulnerability exists when     Chakra improperly discloses the contents of its memory,     which could provide an attacker with information to     further compromise the users computer or data.
    (CVE-2018-8145)

  - A security feature bypass vulnerability exists in     Windows Scripting Host which could allow an attacker to     bypass Device Guard. An attacker who successfully     exploited this vulnerability could circumvent a User     Mode Code Integrity (UMCI) policy on the machine.
    (CVE-2018-0854)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8165)

  - A remote code execution vulnerability exists in the way     that Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could execute     arbitrary code with elevated permissions on a target     system.  (CVE-2018-8136)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-0959)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8124, CVE-2018-8164,     CVE-2018-8166)

  - A security feature bypass vulnerability exists when     Internet Explorer fails to validate User Mode Code     Integrity (UMCI) policies. The vulnerability could allow     an attacker to bypass Device Guard UMCI policies.
    (CVE-2018-8126)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-8134)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0954, CVE-2018-1022)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8179)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-0943, CVE-2018-8133)

The remote Windows host is missing security update 4103721.
It is, therefore, affected by multiple vulnerabilities :

  - A security feature bypass vulnerability exists in .Net     Framework which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-1039)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8178)

  - A remote code execution vulnerability exists in     Microsoft COM for Windows when it fails to     properly handle serialized objects. An attacker who     successfully exploited the vulnerability could use a     specially crafted file or script to perform actions. In     an email attack scenario, an attacker could exploit the     vulnerability by sending the specially crafted file to     the user and convincing the user to open the file.
    (CVE-2018-0824)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate vSMB packet data. An attacker who successfully     exploited these vulnerabilities could execute arbitrary     code on a target operating system. To exploit these     vulnerabilities, an attacker running inside a virtual     machine could run a specially crafted application that     could cause the Hyper-V host operating system to execute     arbitrary code. The update addresses the vulnerabilities     by correcting how Windows Hyper-V validates vSMB packet     data. (CVE-2018-0961)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8167)

  - A security feature bypass vulnerability exists in     Windows which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-0958,     CVE-2018-8129, CVE-2018-8132)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8127)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-8174)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-0943, CVE-2018-8130,     CVE-2018-8133)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-8112)

  - A denial of service vulnerability exists when .NET and     .NET Core improperly process XML documents. An attacker     who successfully exploited this vulnerability could     cause a denial of service against a .NET application. A     remote unauthenticated attacker could exploit this     vulnerability by issuing specially crafted requests to a     .NET (or .NET core) application. The update addresses     the vulnerability by correcting how .NET and .NET Core     applications handle XML document processing.
    (CVE-2018-0765)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-8897)

  - An information disclosure vulnerability exists when     Chakra improperly discloses the contents of its memory,     which could provide an attacker with information to     further compromise the users computer or data.
    (CVE-2018-8145)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8165)

  - A remote code execution vulnerability exists in the way     that Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could execute     arbitrary code with elevated permissions on a target     system.  (CVE-2018-8136)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-0959)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8124, CVE-2018-8164,     CVE-2018-8166)

  - A security feature bypass vulnerability exists when     Internet Explorer fails to validate User Mode Code     Integrity (UMCI) policies. The vulnerability could allow     an attacker to bypass Device Guard UMCI policies.
    (CVE-2018-8126)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-8134)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0954, CVE-2018-1022)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8179)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0945,     CVE-2018-0946, CVE-2018-0953, CVE-2018-8128,     CVE-2018-8137, CVE-2018-8139)

The remote Windows host is missing security update 4103712 or cumulative update 4103718. It is, therefore, affected by multiple vulnerabilities :

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-8897)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8178)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8120, CVE-2018-8124,     CVE-2018-8164, CVE-2018-8166)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0954, CVE-2018-1022)

  - A security feature bypass vulnerability exists in .Net     Framework which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-1039)

  - An information disclosure vulnerability exists when     Chakra improperly discloses the contents of its memory,     which could provide an attacker with information to     further compromise the users computer or data.
    (CVE-2018-8145)

  - A remote code execution vulnerability exists in the way     that Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could execute     arbitrary code with elevated permissions on a target     system.  (CVE-2018-8136)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8127)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8167)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-0959)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-1025)

  - A remote code execution vulnerability exists in     Microsoft COM for Windows when it fails to     properly handle serialized objects. An attacker who     successfully exploited the vulnerability could use a     specially crafted file or script to perform actions. In     an email attack scenario, an attacker could exploit the     vulnerability by sending the specially crafted file to     the user and convincing the user to open the file.
    (CVE-2018-0824)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-8174)

  - A denial of service vulnerability exists when .NET and     .NET Core improperly process XML documents. An attacker     who successfully exploited this vulnerability could     cause a denial of service against a .NET application. A     remote unauthenticated attacker could exploit this     vulnerability by issuing specially crafted requests to a     .NET (or .NET core) application. The update addresses     the vulnerability by correcting how .NET and .NET Core     applications handle XML document processing.
    (CVE-2018-0765)

The remote Windows host is missing security update 4103716.
It is, therefore, affected by multiple vulnerabilities :

  - A security feature bypass vulnerability exists in .Net     Framework which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-1039)

  - A remote code execution vulnerability exists in the way     that Microsoft browsers access objects in memory. The     vulnerability could corrupt memory in a way that could     allow an attacker to execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8178)

  - A remote code execution vulnerability exists in     Microsoft COM for Windows when it fails to     properly handle serialized objects. An attacker who     successfully exploited the vulnerability could use a     specially crafted file or script to perform actions. In     an email attack scenario, an attacker could exploit the     vulnerability by sending the specially crafted file to     the user and convincing the user to open the file.
    (CVE-2018-0824)

  - An information disclosure vulnerability exists when     affected Microsoft browsers improperly handle objects in     memory. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-1025)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Internet Explorer. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

  - An elevation of privilege vulnerability exists when the     Windows Common Log File System (CLFS) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8167)

  - A security feature bypass vulnerability exists in     Windows which could allow an attacker to bypass Device     Guard. An attacker who successfully exploited this     vulnerability could circumvent a User Mode Code     Integrity (UMCI) policy on the machine.  (CVE-2018-0958,     CVE-2018-8129, CVE-2018-8132)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8127)

  - A remote code execution vulnerability exists in the way     that the scripting engine handles objects in memory in     Microsoft Edge. The vulnerability could corrupt memory     in such a way that an attacker could execute arbitrary     code in the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-0953,     CVE-2018-8137)

  - A remote code execution vulnerability exists in the way     that the VBScript engine handles objects in memory. The     vulnerability could corrupt memory in such a way that an     attacker could execute arbitrary code in the context of     the current user. An attacker who successfully exploited     the vulnerability could gain the same user rights as the     current user.  (CVE-2018-8174)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-8112)

  - A denial of service vulnerability exists when .NET and     .NET Core improperly process XML documents. An attacker     who successfully exploited this vulnerability could     cause a denial of service against a .NET application. A     remote unauthenticated attacker could exploit this     vulnerability by issuing specially crafted requests to a     .NET (or .NET core) application. The update addresses     the vulnerability by correcting how .NET and .NET Core     applications handle XML document processing.
    (CVE-2018-0765)

  - An elevation of privilege vulnerability exists when the     Windows kernel fails to properly handle objects in     memory. An attacker who successfully exploited this     vulnerability could run arbitrary code in kernel mode.
    An attacker could then install programs; view, change,     or delete data; or create new accounts with full user     rights.  (CVE-2018-8897)

  - An information disclosure vulnerability exists when     Chakra improperly discloses the contents of its memory,     which could provide an attacker with information to     further compromise the users computer or data.
    (CVE-2018-8145)

  - A security feature bypass vulnerability exists in     Windows Scripting Host which could allow an attacker to     bypass Device Guard. An attacker who successfully     exploited this vulnerability could circumvent a User     Mode Code Integrity (UMCI) policy on the machine.
    (CVE-2018-0854)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8165)

  - A remote code execution vulnerability exists in the way     that Windows handles objects in memory. An attacker who     successfully exploited the vulnerability could execute     arbitrary code with elevated permissions on a target     system.  (CVE-2018-8136)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-0959)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8124, CVE-2018-8164,     CVE-2018-8166)

  - A security feature bypass vulnerability exists when     Internet Explorer fails to validate User Mode Code     Integrity (UMCI) policies. The vulnerability could allow     an attacker to bypass Device Guard UMCI policies.
    (CVE-2018-8126)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel API enforces permissions. An     attacker who successfully exploited the vulnerability     could impersonate processes, interject cross-process     communication, or interrupt system functionality.
    (CVE-2018-8134)

  - A remote code execution vulnerability exists in the way     the scripting engine handles objects in memory in     Microsoft browsers. The vulnerability could corrupt     memory in such a way that an attacker could execute     arbitrary code in the context of the current user. An     attacker who successfully exploited the vulnerability     could gain the same user rights as the current user.
    (CVE-2018-0954, CVE-2018-1022)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8179)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-0943, CVE-2018-8133)

ID	Name	Product	Family	Severity
109613	Security Updates for Internet Explorer (May 2018)	Nessus	Windows : Microsoft Bulletins	high
109611	KB4103731: Windows 10 Version 1703 May 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
109608	KB4103727: Windows 10 Version 1709 and Windows Server Version 1709 May 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
109607	KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
109606	KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
109605	KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
109604	KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
109603	KB4103716: Windows 10 May 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2018-1022

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high