Multiple vulnerabilities in Microsoft Windows

Beschreibung

Multiple serious vulnerabilities were found in PRODUCT. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Multiple vulnerabilities in Windows Kernel can be exploited locally via a specially designed application to gain sensitive information;
2. An improper handling of objects in memory of Windows Graphics can be exploited locally via a specially designed application to obtain sensitive information;
3. An improper handling of objects in memory of DirectX Graphics Kernel (DXGKRNL) driver can be exploited locally via a specially designed application to gain privileges;
4. Privilege escalation vulnerability in Microsoft Windows related to improper handling calls to Advanced Local Procedure Call (ALPC) can be exploited locally via a specially designed application;
5. An incorrect input form validation in Windows Hyper-V can be exploited locally via a specially designed application to cause denial of service;
6. Buffer overflow vulnerability in Microsoft JET Database Engine can be exploited remotely via a specially designed document to execute arbitrary code;
7. An improper handling of objects in memory of Windows Kernel API can be exploited locally via a specially designed application to gain privileges;
8. An incorrect requests handling in Microsoft Server Block Message (SMB) can be exploited remotely via a specially designed request to cause denial of service;
9. An incorrect requests handling in Microsoft Server Block Message 2.0 (SMBv2) can be exploited remotely via a specially designed request to obtain sensitive information;
10. Integer overflow vulnerability in Windows Subsystem for Linux can be exploited locally via a specially designed application to gain privileges;
11. An incorrect handling of specially crafted embedded fonts in Windows font library can be exploited locally via a specially designed request to execute arbitrary code;
12. An improper handling of objects in memory of Windows GDI can be exploited locally via a specially designed application to obtain sensitive information;
13. An incorrect handling of objects in memory of Windows bowser.sys kernel-mode driver can be exploited locally via a specially designed application to obtain sensitive information;
14. An incorrect image handling in Microsoft Windows can be exploited remotely via a specially designed image to execute arbitrary code;
15. An incorrect input form validation in Microsoft XML Core Services can be exploited remotely via a specially designed website to execute arbitrary code;
16. An incorrect untrusted file validation in Device Guard can be exploited remotely via a specially designed file to bypass security restrictions;
17. Vulnerability related to Windows Hyper-V BIOS loader can be exploited locally to bypass security restrictions;
18. An improper handling of objects in memory of Windows GDI can be exploited locally via a specially designed application to obtain sensitive information;
19. An incorrect file parsing process in Windows Sandbox can be exploited locally to gain privileges;

Ursprüngliche Informationshinweise

• CVE-2018-8336

• CVE-2018-8433
• CVE-2018-8462
• CVE-2018-8442
• CVE-2018-8440
• CVE-2018-8438
• CVE-2018-8455
• CVE-2018-8392
• CVE-2018-8410
• CVE-2018-8335
• CVE-2018-8444
• CVE-2018-8441
• CVE-2018-8332
• CVE-2018-0965
• CVE-2018-8422
• CVE-2018-8271
• CVE-2018-8437
• CVE-2018-8443
• CVE-2018-8475
• CVE-2018-8419
• CVE-2018-8434
• CVE-2018-8420
• CVE-2018-8436
• CVE-2018-8439
• CVE-2018-8449
• CVE-2018-8435
• CVE-2018-8424
• CVE-2018-8468
• CVE-2018-8393
• CVE-2018-8445
• CVE-2018-8337
• CVE-2018-8446
• ADV180022

CVE Liste

• CVE-2018-8336
  warning
• CVE-2018-8433
  warning
• CVE-2018-8462
  warning
• CVE-2018-8442
  warning
• CVE-2018-8440
  warning
• CVE-2018-8438
  warning
• CVE-2018-8455
  warning
• CVE-2018-8392
  warning
• CVE-2018-8410
  warning
• CVE-2018-8335
  warning
• CVE-2018-8444
  warning
• CVE-2018-8441
  warning
• CVE-2018-8332
  warning
• CVE-2018-0965
  warning
• CVE-2018-8422
  warning
• CVE-2018-8271
  warning
• CVE-2018-8437
  warning
• CVE-2018-8443
  warning
• CVE-2018-8475
  warning
• CVE-2018-8419
  warning
• CVE-2018-8434
  warning
• CVE-2018-8420
  warning
• CVE-2018-8436
  warning
• CVE-2018-8439
  warning
• CVE-2018-8449
  warning
• CVE-2018-8435
  warning
• CVE-2018-8424
  warning
• CVE-2018-8468
  warning
• CVE-2018-8393
  warning
• CVE-2018-8445
  warning
• CVE-2018-8337
  warning
• CVE-2018-8446
  warning

KB Liste

• 4457984
• 4458010
• 4457128
• 4457131
• 4457132
• 4457142
• 4457138
• 4457129
• 4457143
• 4457144
• 4457145
• 4457135
• 4457140

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com