Kaspersky Threats

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Cortana can be exploited remotely to gain privileges.
A denial of service vulnerability in HTTP.sys can be exploited remotely via specially crafted to cause denial of service.
A denial of service vulnerability in Windows Code Integrity Module can be exploited remotely via specially crafted file to cause denial of service.
A security feature bypass vulnerability in Device Guard Code Integrity Policy can be exploited remotely to bypass security restrictions.
A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service.
A remote code execution vulnerability in Windows can be exploited remotely via specially crafted application to execute arbitrary code.
An elevation of privilege vulnerability in Hypervisor Code Integrity can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
An elevation of privilege vulnerability in HIDParser can be exploited remotely via specially crafted application to gain privileges.
An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
An elevation of privilege vulnerability in NTFS can be exploited remotely via specially crafted application to gain privileges.
An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
A remote code execution vulnerability in HTTP Protocol Stack can be exploited remotely via specially crafted packet to execute arbitrary code.
A memory corruption vulnerability in Media Foundation can be exploited remotely via specially crafted document to execute arbitrary code.
An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
An elevation of privilege vulnerability in Windows Desktop Bridge can be exploited remotely via specially crafted application to gain privileges.
A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
A remote code execution vulnerability in Windows DNSAPI can be exploited remotely to execute arbitrary code.
An information disclosure vulnerability in Windows Wireless Network Profile can be exploited remotely to obtain sensitive information.
A denial of service vulnerability in WEBDAV can be exploited remotely via specially crafted website to execute arbitrary code.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

CVE list

CVE-2018-8140
warning
CVE-2018-8226
critical
CVE-2018-1040
high
CVE-2018-8212
warning
CVE-2018-8201
warning
CVE-2018-8205
warning
CVE-2018-8221
warning
CVE-2018-8213
high
CVE-2018-8219
warning
CVE-2018-8217
warning
CVE-2018-8210
high
CVE-2018-8233
high
CVE-2018-8169
high
CVE-2018-8239
warning
CVE-2018-1036
high
CVE-2018-8121
warning
CVE-2018-8231
critical
CVE-2018-8207
warning
CVE-2018-8251
critical
CVE-2018-0982
high
CVE-2018-8215
warning
CVE-2018-8211
warning
CVE-2018-8214
high
CVE-2018-8218
high
CVE-2018-8225
critical
CVE-2018-8209
warning
CVE-2018-8208
high
CVE-2018-8175
high
CVE-2018-8216
warning

KB list

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Multiple vulnerabilities in Microsoft Windows