Windows : Microsoft Bulletins : Microsoft Windows Multiple Vulnerabilities (KB4467708)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.814180
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows Multiple Vulnerabilities (KB4467708)
Summary:	This host is missing a critical security; update according to Microsoft KB4467708.
Description:	Summary: This host is missing a critical security update according to Microsoft KB4467708. Vulnerability Insight: Multiple flaws exist: - in the way that Microsoft Edge handles cross-origin requests. - in Windows when the Win32k component fails to properly handle objects in memory. - when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. - in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. - A security feature bypass exists when Windows incorrectly validates kernel driver signatures. - when DirectX improperly handles objects in memory. - when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). - when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. - when Microsoft Edge improperly handles specific HTML content. - in Microsoft JScript that could allow an attacker to bypass Device Guard. - in PowerShell that could allow an attacker to execute unlogged code. - when PowerShell improperly handles specially crafted files. - in the way that Windows Deployment Services TFTP Server handles objects in memory. - in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory. - An elevation of privilege exists in Windows COM Aggregate Marshaler. - when Windows Audio Service fails to properly handle objects in memory. - when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. - in the way that the VBScript engine handles objects in memory. - in Windows 10 version 1809 when installed from physical media (USB, DVD, etc. - when Kernel Remote Procedure Call Provider driver improperly initializes objects in memory. Vulnerability Impact: Successful exploitation will allow an attacker to run arbitrary code, bypass security restrictions and load improperly signed drivers into the kernel, gain the same user rights as the current user, obtain information to further compromise the user's system, improperly discloses file information, trick a user into believing that the user was on a legitimate website and escalate privileges. Affected Software/OS: - Microsoft Windows 10 Version 1809 for 32-bit Systems - Microsoft Windows 10 Version 1809 for x64-based Systems Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-8562 BugTraq ID: 105790 http://www.securityfocus.com/bid/105790 Common Vulnerability Exposure (CVE) ID: CVE-2018-8564 BugTraq ID: 105785 http://www.securityfocus.com/bid/105785 Common Vulnerability Exposure (CVE) ID: CVE-2018-8256 BugTraq ID: 105781 http://www.securityfocus.com/bid/105781 http://www.securitytracker.com/id/1042108 Common Vulnerability Exposure (CVE) ID: CVE-2018-8407 BugTraq ID: 105794 http://www.securityfocus.com/bid/105794 http://www.securitytracker.com/id/1042123 Common Vulnerability Exposure (CVE) ID: CVE-2018-8415 BugTraq ID: 105792 http://www.securityfocus.com/bid/105792 Common Vulnerability Exposure (CVE) ID: CVE-2018-8417 BugTraq ID: 105795 http://www.securityfocus.com/bid/105795 http://www.securitytracker.com/id/1042120 Common Vulnerability Exposure (CVE) ID: CVE-2018-8454 BugTraq ID: 105799 http://www.securityfocus.com/bid/105799 http://www.securitytracker.com/id/1042122 Common Vulnerability Exposure (CVE) ID: CVE-2018-8471 BugTraq ID: 105800 http://www.securityfocus.com/bid/105800 http://www.securitytracker.com/id/1042121 Common Vulnerability Exposure (CVE) ID: CVE-2018-8476 BugTraq ID: 105774 http://www.securityfocus.com/bid/105774 https://research.checkpoint.com/2019/pxe-dust-finding-a-vulnerability-in-windows-servers-deployment-services/ http://www.securitytracker.com/id/1042109 Common Vulnerability Exposure (CVE) ID: CVE-2018-8485 BugTraq ID: 105770 http://www.securityfocus.com/bid/105770 http://www.securitytracker.com/id/1042124 Common Vulnerability Exposure (CVE) ID: CVE-2018-8541 BugTraq ID: 105771 http://www.securityfocus.com/bid/105771 http://www.securitytracker.com/id/1042107 Common Vulnerability Exposure (CVE) ID: CVE-2018-8542 BugTraq ID: 105772 http://www.securityfocus.com/bid/105772 Common Vulnerability Exposure (CVE) ID: CVE-2018-8543 BugTraq ID: 105846 http://www.securityfocus.com/bid/105846 Common Vulnerability Exposure (CVE) ID: CVE-2018-8544 BugTraq ID: 105787 http://www.securityfocus.com/bid/105787 https://www.exploit-db.com/exploits/45923/ http://www.securitytracker.com/id/1042118 Common Vulnerability Exposure (CVE) ID: CVE-2018-8545 BugTraq ID: 105788 http://www.securityfocus.com/bid/105788 http://www.securitytracker.com/id/1042137 Common Vulnerability Exposure (CVE) ID: CVE-2018-8547 BugTraq ID: 105801 http://www.securityfocus.com/bid/105801 Common Vulnerability Exposure (CVE) ID: CVE-2018-8549 BugTraq ID: 105803 http://www.securityfocus.com/bid/105803 http://www.securitytracker.com/id/1042138 Common Vulnerability Exposure (CVE) ID: CVE-2018-8550 BugTraq ID: 105805 http://www.securityfocus.com/bid/105805 https://www.exploit-db.com/exploits/45893/ http://www.securitytracker.com/id/1042139 Common Vulnerability Exposure (CVE) ID: CVE-2018-8551 BugTraq ID: 105773 http://www.securityfocus.com/bid/105773 Common Vulnerability Exposure (CVE) ID: CVE-2018-8552 BugTraq ID: 105786 http://www.securityfocus.com/bid/105786 https://www.exploit-db.com/exploits/45924/ Common Vulnerability Exposure (CVE) ID: CVE-2018-8554 BugTraq ID: 105811 http://www.securityfocus.com/bid/105811 http://www.securitytracker.com/id/1042135 Common Vulnerability Exposure (CVE) ID: CVE-2018-8555 BugTraq ID: 105775 http://www.securityfocus.com/bid/105775 Common Vulnerability Exposure (CVE) ID: CVE-2018-8556 BugTraq ID: 105779 http://www.securityfocus.com/bid/105779 Common Vulnerability Exposure (CVE) ID: CVE-2018-8557 BugTraq ID: 105780 http://www.securityfocus.com/bid/105780 Common Vulnerability Exposure (CVE) ID: CVE-2018-8561 BugTraq ID: 105813 http://www.securityfocus.com/bid/105813 Common Vulnerability Exposure (CVE) ID: CVE-2018-8567 BugTraq ID: 105784 http://www.securityfocus.com/bid/105784 Common Vulnerability Exposure (CVE) ID: CVE-2018-8584 BugTraq ID: 105808 http://www.securityfocus.com/bid/105808 https://www.exploit-db.com/exploits/46104/ http://www.securitytracker.com/id/1042119 Common Vulnerability Exposure (CVE) ID: CVE-2018-8588 BugTraq ID: 105782 http://www.securityfocus.com/bid/105782 Common Vulnerability Exposure (CVE) ID: CVE-2018-8592 BugTraq ID: 105809 http://www.securityfocus.com/bid/105809 http://www.securitytracker.com/id/1042126
Copyright	Copyright (C) 2018 Greenbone AG