Beschreibung
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious user can exploit these vulnerabilities to cause denial of service, privilege escalation and obtain sensitive information.
Below is a complete list of vulnerabilities:
- Improper handling objects in memory in Windows Adobe Type Manager Font Driver (ATMFD.dll) can be exploited locally to gain privileges;
- Improper handling objects in memory in Windows Adobe Type Manager Font Driver (ATMFD.dll) can be exploited locally to obtain sensitive information;
- Windows IPSec vulnerability can be exploited remotely to cause denial of service;
- Multiple elevation of privilege vulnerabilities in the way that the Windows Kernel API enforces permissions can be exploited locally to gain privileges;
- A Win32k information disclosure vulnerability in the Windows GDI component can be exploited locally to obtain sensitive information;
- A vulnerability in the Microsoft Server Message Block can be exploited locally to gain privileges;
- Multiple information disclosure vulnerabilities in the Windows kernel can be exploited locally to obtain sensitive information;
- Improper handling objects in memory in the Windows kernel can be exploited locally to gain privileges;
- An integer overflow in Windows Subsystem for Linux can be exploited locally to gain privileges;
- Improper handling objects in memory in the Color Management Module (ICM32.dll) can be exploited locally to obtain sensitive information;
All Kaspersky Lab business and consumer products are compatible with the update. Our database update on 28th December enables the compatibility flag, recommended by Microsoft, to allow devices to apply the update from 3rd January.Further details of Kaspersky Lab compatibility with Microsoft security updates are on our Support page.Our recommendation remains that for optimum protection against vulnerabilities, software and operating system updates should be installed as soon as possible.More about the CPU vulnerabilities can be found on the Kaspersky Lab blog here and on the announcement website here.
Ursprüngliche Informationshinweise
- CVE-2018-0741
- CVE-2018-0743
- CVE-2018-0744
- CVE-2018-0745
- CVE-2018-0746
- CVE-2018-0747
- CVE-2018-0748
- CVE-2018-0749
- CVE-2018-0750
- CVE-2018-0751
- CVE-2018-0752
- CVE-2018-0753
- CVE-2018-0754
- CVE-2018-0788
CVE Liste
- CVE-2018-0741 critical
- CVE-2018-0743 critical
- CVE-2018-0744 critical
- CVE-2018-0745 critical
- CVE-2018-0746 critical
- CVE-2018-0747 critical
- CVE-2018-0748 critical
- CVE-2018-0749 critical
- CVE-2018-0750 critical
- CVE-2018-0751 critical
- CVE-2018-0752 critical
- CVE-2018-0753 critical
- CVE-2018-0754 critical
- CVE-2018-0788 critical
KB Liste
- 4093112
- 4056894
- 4056897
- 4056898
- 4056888
- 4056890
- 4056893
- 4056891
- 4056892
- 4056942
- 4056896
- 4056899
- 4056613
- 4056615
- 4056759
- 4056944
- 4056941
- 4074591
- 4056895
- 4074590
- 4103723
- 4284867
- 4284860
- 4284874
- 4284826
- 4338824
- 4338830
- 4338820
- 4338815
- 4340583
- 4338816
- 4338831
- 4345424
- 4345425
- 4457128
- 4467708
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com