Description: | Summary: This host is missing a critical security update according to Microsoft KB4487017
Vulnerability Insight: Multiple flaws exist due to:
- Microsoft Server Message Block 2 server improperly handles certain requests.
- An error in Windows which could allow an attacker to bypass Device Guard.
- Windows Graphics Device Interface (GDI) improperly handles objects in the memory.
- Microsoft Edge improperly accesses objects in memory.
- Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.
- Windows improperly discloses file information.
- Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections.
- Scripting engine handles objects in memory in Microsoft Edge.
- Windows GDI component improperly discloses the contents of its memory.
- Windows kernel fails to properly handle objects in memory.
- Microsoft browsers improperly handles specific redirects.
- The scripting engine does not properly handle objects in memory in Microsoft Edge.
- The storage Service improperly handles file operations.
- Windows Jet Database Engine improperly handles objects in memory.
- Internet Explorer improperly handles objects in memory.
- Windows Server DHCP service improperly validate specially crafted packets to a DHCP server.
- The Win32k component fails to properly handle objects in memory.
- Windows kernel improperly handles objects in memory.
- The Human Interface Devices (HID) component improperly handles objects in memory.
- Internet Explorer improperly accesses objects in memory.
- The win32k component improperly provides kernel information.
- Microsoft Edge improperly handles whitelisting.
Vulnerability Impact: Successful exploitation will allow an attacker to execute code on the target server, gain elevated privileges on the victim system and take control of the affected system.
Affected Software/OS: - Microsoft Windows 10 Version 1803 for 32-bit Systems
- Microsoft Windows 10 Version 1803 for x64-based Systems
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|