105503

1041830

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320

The remote Windows host is missing security update 4464330.
It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8460,     CVE-2018-8491)

  - A security feature bypass vulnerability exists in DNS     Global Blocklist feature. An attacker who successfully     exploited this vulnerability could redirect traffic to     malicious DNS endpoints. The update addresses the     vulnerability by updating DNS Server Role record     additions to not bypass the Global Query Blocklist.
    (CVE-2018-8320)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8330)

  - An information disclosure vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system. An authenticated attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how DirectX handles objects in memory.
    (CVE-2018-8486)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2018-8472)

  - An Information Disclosure vulnerability exists in the     way that Microsoft Windows Codecs Library handles     objects in memory. An attacker who successfully     exploited this vulnerability could obtain information to     further compromise the users system. Exploitation of the     vulnerability requires that a program process a     specially crafted image file. The update addresses the     vulnerability by correcting how Microsoft Windows Codecs     Library handles objects in memory. (CVE-2018-8506)

  - A remote code execution vulnerability exists in the way     that Microsoft Graphics Components handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code on a target     system.  (CVE-2018-8432)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8453)

  - An elevation of privilege vulnerability exists when NTFS     improperly checks access. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8411)

  - A remote code execution vulnerability exists when the     Microsoft XML Core Services MSXML parser processes user     input. An attacker who successfully exploited the     vulnerability could run malicious code remotely to take     control of the users system.  (CVE-2018-8494)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-8489, CVE-2018-8490)

  - A security feature bypass vulnerability exists in Device     Guard that could allow an attacker to inject malicious     code into a Windows PowerShell session. An attacker who     successfully exploited this vulnerability could inject     code into a trusted PowerShell process to bypass the     Device Guard Code Integrity policy on the local machine.
    (CVE-2018-8492)

  - An information disclosure vulnerability exists when     Windows Media Player improperly discloses file     information. Successful exploitation of the     vulnerability could allow an attacker to determine the     presence of files on disk.  (CVE-2018-8481,     CVE-2018-8482)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-8503, CVE-2018-8505,     CVE-2018-8510, CVE-2018-8511, CVE-2018-8513)

  - A remote code execution vulnerability exists when     &quot;Windows Theme API&quot; does not properly     decompress files. An attacker who successfully exploited     the vulnerability could run arbitrary code in the     context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user     rights on the system could be less impacted than users     who operate with administrative user rights.
    (CVE-2018-8413)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8484)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8473)

  - A remote code execution vulnerability exists in the     Microsoft JET Database Engine. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-8423)

  - An Elevation of Privilege vulnerability exists in Filter     Manager when it improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could execute elevated code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-8333)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-8497)

The remote Windows host is missing security update 4463104 or cumulative update 4463097. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2018-8472)

  - A security feature bypass vulnerability exists in DNS     Global Blocklist feature. An attacker who successfully     exploited this vulnerability could redirect traffic to     malicious DNS endpoints. The update addresses the     vulnerability by updating DNS Server Role record     additions to not bypass the Global Query Blocklist.
    (CVE-2018-8320)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8330)

  - A remote code execution vulnerability exists in the way     that Microsoft Graphics Components handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code on a target     system.  (CVE-2018-8432)

  - An information disclosure vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system. An authenticated attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how DirectX handles objects in memory.
    (CVE-2018-8486)

  - An information disclosure vulnerability exists in the     way that Microsoft Graphics Components handle objects in     memory. An attacker who successfully exploited the     vulnerability could obtain information that could be     useful for further exploitation.  (CVE-2018-8427)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-8489)

  - An elevation of privilege vulnerability exists when NTFS     improperly checks access. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8411)

  - An information disclosure vulnerability exists when     Windows Media Player improperly discloses file     information. Successful exploitation of the     vulnerability could allow an attacker to determine the     presence of files on disk.  (CVE-2018-8481,     CVE-2018-8482)

  - A remote code execution vulnerability exists when the     Microsoft XML Core Services MSXML parser processes user     input. An attacker who successfully exploited the     vulnerability could run malicious code remotely to take     control of the users system.  (CVE-2018-8494)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8453)

  - A remote code execution vulnerability exists in the     Microsoft JET Database Engine. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-8423)

  - An Elevation of Privilege vulnerability exists in Filter     Manager when it improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could execute elevated code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-8333)

The remote Windows host is missing security update 4462931 or cumulative update 4462929. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2018-8472)

  - A security feature bypass vulnerability exists in DNS     Global Blocklist feature. An attacker who successfully     exploited this vulnerability could redirect traffic to     malicious DNS endpoints. The update addresses the     vulnerability by updating DNS Server Role record     additions to not bypass the Global Query Blocklist.
    (CVE-2018-8320)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8330)

  - An information disclosure vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system. An authenticated attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how DirectX handles objects in memory.
    (CVE-2018-8486)

  - An elevation of privilege vulnerability exists when NTFS     improperly checks access. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8411)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-8489)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8453)

  - A remote code execution vulnerability exists when the     Microsoft XML Core Services MSXML parser processes user     input. An attacker who successfully exploited the     vulnerability could run malicious code remotely to take     control of the users system.  (CVE-2018-8494)

  - An information disclosure vulnerability exists when     Windows Media Player improperly discloses file     information. Successful exploitation of the     vulnerability could allow an attacker to determine the     presence of files on disk.  (CVE-2018-8481,     CVE-2018-8482)

  - A remote code execution vulnerability exists when     &quot;Windows Theme API&quot; does not properly     decompress files. An attacker who successfully exploited     the vulnerability could run arbitrary code in the     context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user     rights on the system could be less impacted than users     who operate with administrative user rights.
    (CVE-2018-8413)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8484)

  - A remote code execution vulnerability exists in the     Microsoft JET Database Engine. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-8423)

  - An Elevation of Privilege vulnerability exists in Filter     Manager when it improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could execute elevated code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-8333)

The remote Windows host is missing security update 4462941 or cumulative update 4462926. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8460,     CVE-2018-8491)

  - A security feature bypass vulnerability exists in DNS     Global Blocklist feature. An attacker who successfully     exploited this vulnerability could redirect traffic to     malicious DNS endpoints. The update addresses the     vulnerability by updating DNS Server Role record     additions to not bypass the Global Query Blocklist.
    (CVE-2018-8320)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8330)

  - An information disclosure vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system. An authenticated attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how DirectX handles objects in memory.
    (CVE-2018-8486)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2018-8472)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-8489)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8453)

  - An information disclosure vulnerability exists when the     Windows TCP/IP stack improperly handles fragmented IP     packets. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-8493)

  - An elevation of privilege vulnerability exists when NTFS     improperly checks access. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8411)

  - A remote code execution vulnerability exists when the     Microsoft XML Core Services MSXML parser processes user     input. An attacker who successfully exploited the     vulnerability could run malicious code remotely to take     control of the users system.  (CVE-2018-8494)

  - An information disclosure vulnerability exists when     Windows Media Player improperly discloses file     information. Successful exploitation of the     vulnerability could allow an attacker to determine the     presence of files on disk.  (CVE-2018-8481,     CVE-2018-8482)

  - A remote code execution vulnerability exists when     &quot;Windows Theme API&quot; does not properly     decompress files. An attacker who successfully exploited     the vulnerability could run arbitrary code in the     context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user     rights on the system could be less impacted than users     who operate with administrative user rights.
    (CVE-2018-8413)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8484)

  - A remote code execution vulnerability exists in the     Microsoft JET Database Engine. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-8423)

  - An Elevation of Privilege vulnerability exists in Filter     Manager when it improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could execute elevated code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-8333)

The remote Windows host is missing security update 4462915 or cumulative update 4462923. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8460,     CVE-2018-8491)

  - A security feature bypass vulnerability exists in DNS     Global Blocklist feature. An attacker who successfully     exploited this vulnerability could redirect traffic to     malicious DNS endpoints. The update addresses the     vulnerability by updating DNS Server Role record     additions to not bypass the Global Query Blocklist.
    (CVE-2018-8320)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8330)

  - A remote code execution vulnerability exists in the way     that Microsoft Graphics Components handle objects in     memory. An attacker who successfully exploited the     vulnerability could execute arbitrary code on a target     system.  (CVE-2018-8432)

  - An information disclosure vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system. An authenticated attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how DirectX handles objects in memory.
    (CVE-2018-8486)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2018-8472)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-8489)

  - An elevation of privilege vulnerability exists when NTFS     improperly checks access. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8411)

  - A remote code execution vulnerability exists when the     Microsoft XML Core Services MSXML parser processes user     input. An attacker who successfully exploited the     vulnerability could run malicious code remotely to take     control of the users system.  (CVE-2018-8494)

  - An information disclosure vulnerability exists when     Windows Media Player improperly discloses file     information. Successful exploitation of the     vulnerability could allow an attacker to determine the     presence of files on disk.  (CVE-2018-8481,     CVE-2018-8482)

  - A remote code execution vulnerability exists when     &quot;Windows Theme API&quot; does not properly     decompress files. An attacker who successfully exploited     the vulnerability could run arbitrary code in the     context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user     rights on the system could be less impacted than users     who operate with administrative user rights.
    (CVE-2018-8413)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8453)

  - A remote code execution vulnerability exists in the     Microsoft JET Database Engine. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-8423)

  - An Elevation of Privilege vulnerability exists in Filter     Manager when it improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could execute elevated code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-8333)

The remote Windows host is missing security update 4462919.
It is, therefore, affected by multiple vulnerabilities :

  - A security feature bypass vulnerability exists in DNS     Global Blocklist feature. An attacker who successfully     exploited this vulnerability could redirect traffic to     malicious DNS endpoints. The update addresses the     vulnerability by updating DNS Server Role record     additions to not bypass the Global Query Blocklist.
    (CVE-2018-8320)

  - An information disclosure vulnerability exists when the     Windows TCP/IP stack improperly handles fragmented IP     packets. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-8493)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-8530)

  - An elevation of privilege vulnerability exists when NTFS     improperly checks access. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8411)

  - A security feature bypass vulnerability exists in Device     Guard that could allow an attacker to inject malicious     code into a Windows PowerShell session. An attacker who     successfully exploited this vulnerability could inject     code into a trusted PowerShell process to bypass the     Device Guard Code Integrity policy on the local machine.
    (CVE-2018-8492)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8484)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-8497)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2018-8472)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8509)

  - A remote code execution vulnerability exists when     &quot;Windows Theme API&quot; does not properly     decompress files. An attacker who successfully exploited     the vulnerability could run arbitrary code in the     context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user     rights on the system could be less impacted than users     who operate with administrative user rights.
    (CVE-2018-8413)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8453)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-8503, CVE-2018-8505)

  - A remote code execution vulnerability exists in the     Microsoft JET Database Engine. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-8423)

  - An Information Disclosure vulnerability exists in the     way that Microsoft Windows Codecs Library handles     objects in memory. An attacker who successfully     exploited this vulnerability could obtain information to     further compromise the users system. Exploitation of the     vulnerability requires that a program process a     specially crafted image file. The update addresses the     vulnerability by correcting how Microsoft Windows Codecs     Library handles objects in memory. (CVE-2018-8506)

  - An information disclosure vulnerability exists when     Windows Media Player improperly discloses file     information. Successful exploitation of the     vulnerability could allow an attacker to determine the     presence of files on disk.  (CVE-2018-8481,     CVE-2018-8482)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8460,     CVE-2018-8491)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8330)

  - An information disclosure vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system. An authenticated attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how DirectX handles objects in memory.
    (CVE-2018-8486)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-8489)

  - An Elevation of Privilege vulnerability exists in Filter     Manager when it improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could execute elevated code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-8333)

  - A remote code execution vulnerability exists when the     Microsoft XML Core Services MSXML parser processes user     input. An attacker who successfully exploited the     vulnerability could run malicious code remotely to take     control of the users system.  (CVE-2018-8494)

  - An Elevation of Privilege vulnerability exists in     Windows Subsystem for Linux when it fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could execute arbitrary     code and take control of an affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-8329)

  - A remote code execution vulnerability exists when     Windows Shell improperly handles URIs. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8495)

The remote Windows host is missing security update 4462918.
It is, therefore, affected by multiple vulnerabilities :

  - A security feature bypass vulnerability exists in DNS     Global Blocklist feature. An attacker who successfully     exploited this vulnerability could redirect traffic to     malicious DNS endpoints. The update addresses the     vulnerability by updating DNS Server Role record     additions to not bypass the Global Query Blocklist.
    (CVE-2018-8320)

  - An information disclosure vulnerability exists when the     Windows TCP/IP stack improperly handles fragmented IP     packets. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-8493)

  - A security feature bypass vulnerability exists when     Microsoft Edge improperly handles requests of different     origins. The vulnerability allows Microsoft Edge to     bypass Same-Origin Policy (SOP) restrictions, and to     allow requests that should otherwise be ignored. An     attacker who successfully exploited the vulnerability     could force the browser to send data that would     otherwise be restricted.  (CVE-2018-8530)

  - An elevation of privilege vulnerability exists when NTFS     improperly checks access. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8411)

  - A security feature bypass vulnerability exists in Device     Guard that could allow an attacker to inject malicious     code into a Windows PowerShell session. An attacker who     successfully exploited this vulnerability could inject     code into a trusted PowerShell process to bypass the     Device Guard Code Integrity policy on the local machine.
    (CVE-2018-8492)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8484)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-8497)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2018-8472)

  - A remote code execution vulnerability exists when     Microsoft Edge improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that enables an attacker to execute arbitrary code in     the context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8509)

  - A remote code execution vulnerability exists when     &quot;Windows Theme API&quot; does not properly     decompress files. An attacker who successfully exploited     the vulnerability could run arbitrary code in the     context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user     rights on the system could be less impacted than users     who operate with administrative user rights.
    (CVE-2018-8413)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8453)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-8503, CVE-2018-8505)

  - A remote code execution vulnerability exists in the     Microsoft JET Database Engine. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-8423)

  - An Information Disclosure vulnerability exists in the     way that Microsoft Windows Codecs Library handles     objects in memory. An attacker who successfully     exploited this vulnerability could obtain information to     further compromise the users system. Exploitation of the     vulnerability requires that a program process a     specially crafted image file. The update addresses the     vulnerability by correcting how Microsoft Windows Codecs     Library handles objects in memory. (CVE-2018-8506)

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8460,     CVE-2018-8491)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8330)

  - An information disclosure vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system. An authenticated attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how DirectX handles objects in memory.
    (CVE-2018-8486)

  - A security feature bypass vulnerability exists in     Microsoft Edge when the Edge Content Security Policy     (CSP) fails to properly validate certain specially     crafted documents. An attacker who exploited the bypass     could trick a user into loading a page containing     malicious content.  (CVE-2018-8512)

  - An Elevation of Privilege vulnerability exists in Filter     Manager when it improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could execute elevated code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-8333)

  - A remote code execution vulnerability exists when the     Microsoft XML Core Services MSXML parser processes user     input. An attacker who successfully exploited the     vulnerability could run malicious code remotely to take     control of the users system.  (CVE-2018-8494)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-8489, CVE-2018-8490)

  - An information disclosure vulnerability exists when     Windows Media Player improperly discloses file     information. Successful exploitation of the     vulnerability could allow an attacker to determine the     presence of files on disk.  (CVE-2018-8481,     CVE-2018-8482)

  - A remote code execution vulnerability exists when     Windows Shell improperly handles URIs. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8495)

The remote Windows host is missing security update 4462917.
It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists when     Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way     that an attacker could execute arbitrary code in the     context of the current user. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8460,     CVE-2018-8491)

  - A security feature bypass vulnerability exists in DNS     Global Blocklist feature. An attacker who successfully     exploited this vulnerability could redirect traffic to     malicious DNS endpoints. The update addresses the     vulnerability by updating DNS Server Role record     additions to not bypass the Global Query Blocklist.
    (CVE-2018-8320)

  - An information disclosure vulnerability exists when the     Windows kernel improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system.  (CVE-2018-8330)

  - An information disclosure vulnerability exists when     DirectX improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could obtain information to further compromise the users     system. An authenticated attacker could exploit this     vulnerability by running a specially crafted     application. The update addresses the vulnerability by     correcting how DirectX handles objects in memory.
    (CVE-2018-8486)

  - An information disclosure vulnerability exists in the     way that the Windows Graphics Device Interface (GDI)     handles objects in memory, allowing an attacker to     retrieve information from a targeted system. By itself,     the information disclosure does not allow arbitrary code     execution; however, it could allow arbitrary code to be     run if the attacker uses it in combination with another     vulnerability.  (CVE-2018-8472)

  - An elevation of privilege vulnerability exists in     Windows when the Win32k component fails to properly     handle objects in memory. An attacker who successfully     exploited this vulnerability could run arbitrary code in     kernel mode. An attacker could then install programs;
    view, change, or delete data; or create new accounts     with full user rights.  (CVE-2018-8453)

  - An information disclosure vulnerability exists when the     Windows TCP/IP stack improperly handles fragmented IP     packets. An attacker who successfully exploited this     vulnerability could obtain information to further     compromise the users system.  (CVE-2018-8493)

  - An elevation of privilege vulnerability exists when NTFS     improperly checks access. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8411)

  - A remote code execution vulnerability exists when the     Microsoft XML Core Services MSXML parser processes user     input. An attacker who successfully exploited the     vulnerability could run malicious code remotely to take     control of the users system.  (CVE-2018-8494)

  - A remote code execution vulnerability exists when     Windows Hyper-V on a host server fails to properly     validate input from an authenticated user on a guest     operating system.  (CVE-2018-8489, CVE-2018-8490)

  - A security feature bypass vulnerability exists in Device     Guard that could allow an attacker to inject malicious     code into a Windows PowerShell session. An attacker who     successfully exploited this vulnerability could inject     code into a trusted PowerShell process to bypass the     Device Guard Code Integrity policy on the local machine.
    (CVE-2018-8492)

  - An information disclosure vulnerability exists when     Windows Media Player improperly discloses file     information. Successful exploitation of the     vulnerability could allow an attacker to determine the     presence of files on disk.  (CVE-2018-8481,     CVE-2018-8482)

  - A remote code execution vulnerability exists when     &quot;Windows Theme API&quot; does not properly     decompress files. An attacker who successfully exploited     the vulnerability could run arbitrary code in the     context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user     rights on the system could be less impacted than users     who operate with administrative user rights.
    (CVE-2018-8413)

  - A remote code execution vulnerability exists when     Windows Shell improperly handles URIs. An attacker who     successfully exploited the vulnerability could gain the     same user rights as the current user.  (CVE-2018-8495)

  - An elevation of privilege vulnerability exists when the     DirectX Graphics Kernel (DXGKRNL) driver improperly     handles objects in memory. An attacker who successfully     exploited this vulnerability could run processes in an     elevated context.  (CVE-2018-8484)

  - A remote code execution vulnerability exists in the way     that the Chakra scripting engine handles objects in     memory in Microsoft Edge. The vulnerability could     corrupt memory in such a way that an attacker could     execute arbitrary code in the context of the current     user. An attacker who successfully exploited the     vulnerability could gain the same user rights as the     current user.  (CVE-2018-8503, CVE-2018-8505)

  - A remote code execution vulnerability exists in the     Microsoft JET Database Engine. An attacker who     successfully exploited this vulnerability could take     control of an affected system. An attacker could then     install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the     system could be less impacted than users who operate     with administrative user rights.  (CVE-2018-8423)

  - An Elevation of Privilege vulnerability exists in Filter     Manager when it improperly handles objects in memory. An     attacker who successfully exploited this vulnerability     could execute elevated code and take control of an     affected system. An attacker could then install     programs; view, change, or delete data; or create new     accounts with full user rights.  (CVE-2018-8333)

  - An elevation of privilege vulnerability exists in the     way that the Windows Kernel handles objects in memory.
    An attacker who successfully exploited the vulnerability     could execute code with elevated permissions.
    (CVE-2018-8497)

ID	Name	Product	Family	Severity
118006	KB4464330: Windows 10 Version 1809 and Windows Server 2019 October 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
118005	KB4463104: Windows Server 2008 October 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
118003	KB4462931: Windows Server 2012 October 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
118002	KB4462941: Windows 8.1 and Windows Server 2012 R2 October 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
118001	KB4462915: Windows 7 and Windows Server 2008 R2 October 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
117999	KB4462919: Windows 10 Version 1803 and Windows Server Version 1803 October 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
117998	KB4462918: Windows 10 Version 1709 and Windows Server Version 1709 October 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high
117997	KB4462917: Windows 10 Version 1607 and Windows Server 2016 October 2018 Security Update	Nessus	Windows : Microsoft Bulletins	high

CVE-2018-8320

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins