Kaspersky Threats

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions.
A denial of service vulnerability in Windows Firewall can be exploited remotely to cause denial of service.
A denial of service vulnerability in Windows can be exploited remotely to cause denial of service.
An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
A security feature bypass vulnerability in WordPad can be exploited remotely to bypass security restrictions.
A denial of service vulnerability in Windows DNSAPI can be exploited remotely to cause denial of service.
An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.

Original advisories

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

CVE list

CVE-2018-8282
critical
CVE-2018-8314
warning
CVE-2018-8307
high
CVE-2018-8309
high
CVE-2018-8304
high
CVE-2018-8308
high
CVE-2018-8206
critical
CVE-2018-0949
high
CVE-2018-8242
critical

KB list

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Multiple vulnerabilities in Microsoft Products (ESU)