Description: | Summary: This host is missing a critical security update according to Microsoft KB4503286
Vulnerability Insight: Multiple flaws exist due to:
- Windows kernel improper initializes objects in memory.
- Chakra scripting engine improperly handles objects in memory in Microsoft Edge.
- Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system.
- ActiveX Data Objects (ADO) improperly handles objects in memory.
- Windows Common Log File System (CLFS) driver improperly handles objects in memory.
- Scripting engine does not properly handle objects in memory in Microsoft Edge.
- Windows Jet Database Engine improperly handles objects in memory.
Please see the references for more information about the vulnerabilities.
Vulnerability Impact: Successful exploitation will allow an attacker to run arbitrary code in kernel mode, cause denial of service, gain elevated privileges, delete files and folders in an elevated context, and bypass security restrictions.
Affected Software/OS: - Microsoft Windows 10 Version 1803 for 32-bit Systems
- Microsoft Windows 10 Version 1803 for x64-based Systems
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|