Multiple serious vulnerabilities in Microsoft Windows

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, obtain sensitive information, cause denial of service and execute arbitrary code. Below is a complete list of vulnerabilities:

1. Improper object handling vulnerabilities in the Windows kernel can be exploited locally to gain priveleges;
2. Information disclosure vulnerabilities in the Microsoft Windows Embedded OpenType font engine can be exploited locally to obtain sensitive information;
3. Improper object handling vulnerabilities in the Windows kernel can be exploited locally to obtain sensitive information;
4. An improper memory address initialization vulnerability in the Windows kernel can be exploited locally to obtain sensitive information;
5. An improper implementation of constrained impersonation vulnerability in AppContainer can be exploited locally to gain privileges;
6. An improper object handling vulnerability in NTFS can be exploited locally to gain priveleges;
7. An improper object handling vulnerability in Named Pipe File System can be exploited locally to gain priveleges;
8. An improper object handling vulnerability in StructuredQuery can be exploited locally to execute arbitrary code;
9. An improper object handling vulnerability in Storage Services can be exploited locally to gain priveleges;
10. A vulnerability in Windows Scripting Host can be exploited locally to bypass security restrictions;
11. An improper requests handling vulnerability in implementations of the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client can be exploited remotely to cause denial of service;
12. Improper object handling vulnerabilities in the Windows Common Log File System can be exploited locally to gain priveleges;
13. A memory corruption vulnerability in Scripting Engine can be exploited remotely to obtain sensitive information;

Ursprüngliche Informationshinweise

• CVE-2018-0742

• CVE-2018-0755
• CVE-2018-0756
• CVE-2018-0757
• CVE-2018-0760
• CVE-2018-0761
• CVE-2018-0809
• CVE-2018-0810
• CVE-2018-0820
• CVE-2018-0821
• CVE-2018-0822
• CVE-2018-0823
• CVE-2018-0825
• CVE-2018-0826
• CVE-2018-0827
• CVE-2018-0828
• CVE-2018-0829
• CVE-2018-0830
• CVE-2018-0831
• CVE-2018-0832
• CVE-2018-0833
• CVE-2018-0842
• CVE-2018-0843
• CVE-2018-0844
• CVE-2018-0846
• CVE-2018-0847
• CVE-2018-0855
• ADV180005

CVE Liste

• CVE-2018-0742
  critical
• CVE-2018-0755
  critical
• CVE-2018-0756
  critical
• CVE-2018-0757
  critical
• CVE-2018-0760
  critical
• CVE-2018-0761
  critical
• CVE-2018-0809
  critical
• CVE-2018-0810
  critical
• CVE-2018-0820
  critical
• CVE-2018-0821
  critical
• CVE-2018-0822
  critical
• CVE-2018-0823
  critical
• CVE-2018-0825
  critical
• CVE-2018-0826
  critical
• CVE-2018-0827
  critical
• CVE-2018-0828
  critical
• CVE-2018-0829
  critical
• CVE-2018-0830
  critical
• CVE-2018-0831
  critical
• CVE-2018-0832
  critical
• CVE-2018-0833
  critical
• CVE-2018-0842
  critical
• CVE-2018-0843
  critical
• CVE-2018-0844
  critical
• CVE-2018-0846
  critical
• CVE-2018-0847
  critical
• CVE-2018-0855
  critical

KB Liste

• 4074591
• 4074590
• 4074598
• 4074587
• 4074594
• 4074597
• 4074593
• 4074589
• 4074596
• 4074592
• 4074588
• 4074603
• 4073080
• 4074851
• 4058165
• 4074836
• 4073079
• 4034044

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com