Multiple vulnerabilities in Microsoft Windows

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions and execute arbitrary code.

Below is a complete list of vulnerabilities:

1. An improper handling of serialized objects in Microsoft COM for Windows can be exploited remotely via specially designed website or possibly via specially crafted e-mail message to execute arbitrary code;
2. Multiple vulnerabilities in Device Guard (component of Windows Scripting Host) can be exploited locally via a specially designed script to bypass security restrictions;
3. An incorrect input form validation in Windows Hyper-V can be exploited locally via a specially designed application to execute arbitrary code;
4. An improper vSMB packets validation process in Windows Hyper-V can be exploited locally via a specially designed application to execute arbitrary code;
5. Multiple vulnerabilities in Win32k can be exploited locally via a specially designed application to execute arbitrary code or gain privileges;
6. An improper handling of object in memory in Windows Kernel can be exploited locally via a specially designed application to obtain sensitive information;
7. An incorrect permissions enforcing in Windows Kernel API can be exploited locally via a specially designed application to gain privileges;
8. An improper handling of object in memory in Windows Kernel can be exploited locally via a specially designed application to execute arbitrary code;
9. An incorrect validation of kernel driver signatures in Windows can be exploited to bypass security restrictions;
10. An improper handling of object in memory in DirectX Graphics Kernel can be exploited locally via a specially designed application to gain privileges;
11. An improper handling of object in memory in Windows Common Log File System (CLFS) can be exploited locally via a specially designed application to gain privileges;
12. An incorrect handling of object in memory in VBScript engine can be exploited locally via a specially designed script to execute arbitrary code.

Ursprüngliche Informationshinweise

• CVE-2018-8167

• CVE-2018-8166
• CVE-2018-8165
• CVE-2018-8164
• CVE-2018-8897
• CVE-2018-8141
• CVE-2018-8129
• CVE-2018-8142
• CVE-2018-8120
• CVE-2018-8127
• CVE-2018-8124
• CVE-2018-0961
• CVE-2018-0824
• CVE-2018-8170
• CVE-2018-8174
• CVE-2018-8134
• CVE-2018-8136
• CVE-2018-8132
• CVE-2018-0854
• CVE-2018-0958
• CVE-2018-0959

CVE Liste

• CVE-2018-8167
  critical
• CVE-2018-8166
  critical
• CVE-2018-8165
  critical
• CVE-2018-8164
  critical
• CVE-2018-8897
  critical
• CVE-2018-8141
  critical
• CVE-2018-8129
  critical
• CVE-2018-8142
  critical
• CVE-2018-8120
  critical
• CVE-2018-8127
  critical
• CVE-2018-8124
  critical
• CVE-2018-0961
  critical
• CVE-2018-0824
  critical
• CVE-2018-8170
  critical
• CVE-2018-8174
  critical
• CVE-2018-8134
  critical
• CVE-2018-8136
  critical
• CVE-2018-8132
  critical
• CVE-2018-0854
  critical
• CVE-2018-0958
  critical
• CVE-2018-0959
  critical

KB Liste

• 4093112
• 4103723
• 4103716
• 4103731
• 4103715
• 4103721
• 4103712
• 4103730
• 4103726
• 4103718
• 4103727
• 4103725
• 4093107
• 4093119
• 4134651
• 4131188
• 4094079
• 4130944
• 4101477
• 4103728
• 4130956

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com