Multiple vulnerabilities in Microsoft Products (ESU)

説明

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted image to execute arbitrary code.
2. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
3. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
4. A remote code execution vulnerability in MS XML can be exploited remotely via specially crafted website to execute arbitrary code.
5. An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
6. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
7. A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
8. A remote code execution vulnerability in Microsoft JET Database Engine can be exploited remotely via specially crafted to execute arbitrary code.
9. An information disclosure vulnerability in Windows can be exploited remotely via specially crafted application to obtain sensitive information.
10. An elevation of privilege vulnerability in Windows Registry can be exploited remotely via specially crafted application to gain privileges.
11. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
12. An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
13. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely via specially crafted application to gain privileges.

オリジナルアドバイザリー

• CVE-2018-8475

• CVE-2018-8419
• CVE-2018-8447
• CVE-2018-8420
• CVE-2018-8468
• CVE-2018-8434
• CVE-2018-8332
• CVE-2018-8392
• CVE-2018-8393
• CVE-2018-8336
• CVE-2018-8442
• CVE-2018-8271
• CVE-2018-8410
• CVE-2018-8422
• CVE-2018-8446
• CVE-2018-8433
• CVE-2018-8440
• CVE-2018-8424
• CVE-2018-8443
• ADV180022

エクスプロイテーション

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

関連製品

• Microsoft-Internet-Explorer
• Microsoft-Office
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

CVEリスト

• CVE-2018-8336
  high
• CVE-2018-8433
  warning
• CVE-2018-8442
  high
• CVE-2018-8440
  critical
• CVE-2018-8392
  critical
• CVE-2018-8410
  critical
• CVE-2018-8332
  critical
• CVE-2018-8422
  high
• CVE-2018-8271
  high
• CVE-2018-8443
  high
• CVE-2018-8475
  critical
• CVE-2018-8419
  high
• CVE-2018-8434
  high
• CVE-2018-8420
  critical
• CVE-2018-8424
  high
• CVE-2018-8468
  warning
• CVE-2018-8393
  critical
• CVE-2018-8446
  high
• CVE-2018-8447
  critical

KBリスト

• 4457984
• 4458010
• 4457144
• 4457145
• 4457426

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com