KLA12551
Multiple vulnerabilities in Microsoft Products (ESU)

Updated: 06/09/2022
Detect date
?
07/10/2018
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
  2. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  3. A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions.
  4. A denial of service vulnerability in Windows Firewall can be exploited remotely to cause denial of service.
  5. A denial of service vulnerability in Windows can be exploited remotely to cause denial of service.
  6. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  7. A security feature bypass vulnerability in WordPad can be exploited remotely to bypass security restrictions.
  8. A denial of service vulnerability in Windows DNSAPI can be exploited remotely to cause denial of service.
  9. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
Affected products

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 9
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8314
CVE-2018-8242
CVE-2018-0949
CVE-2018-8206
CVE-2018-8309
CVE-2018-8308
CVE-2018-8307
CVE-2018-8304
CVE-2018-8282

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft Internet Explorer
Microsoft Windows
Microsoft Windows Server
Microsoft Windows 7
Microsoft Windows Server 2008
CVE-IDS
?
CVE-2018-82827.2High
CVE-2018-83144.3Warning
CVE-2018-83076.8High
CVE-2018-83094.9Warning
CVE-2018-83047.1High
CVE-2018-83088.5Critical
CVE-2018-82067.8Critical
CVE-2018-09494.3Warning
CVE-2018-82427.6Critical
KB list

4340583
4338818
4293756
4339503
4339291
4339854
4295656
4338823
4291391
4345459
4338821
4345397
4339093

Find out the statistics of the vulnerabilities spreading in your region