Multiple vulnerabilities in Microsoft Windows

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
2. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
3. An information disclosure vulnerability in Windows EOT Font Engine can be exploited remotely via specially crafted embedded to obtain sensitive information.
4. An elevation of privilege vulnerability in Windows AppContainer can be exploited remotely via specially crafted application to gain privileges.
5. An elevation of privilege vulnerability in Windows NTFS Global Reparse Point can be exploited remotely via specially crafted application to gain privileges.
6. An elevation of privilege vulnerability in Named Pipe File System can be exploited remotely via specially crafted application to gain privileges.
7. A remote code execution vulnerability in StructuredQuery can be exploited remotely via specially crafted file to execute arbitrary code.
8. An elevation of privilege vulnerability in Windows Storage Services can be exploited remotely via specially crafted application to gain privileges.
9. A security feature bypass vulnerability in Windows can be exploited remotely to bypass security restrictions.
10. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
11. A denial of service vulnerability in Windows can be exploited remotely via specially crafted requests to cause denial of service.
12. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
13. A memory corruption vulnerability in Windows Scripting Engine can be exploited remotely to obtain sensitive information.

Первичный источник обнаружения

• CVE-2018-0742
  CVE-2018-0756
  CVE-2018-0757
  CVE-2018-0760
  CVE-2018-0809
  CVE-2018-0810
  CVE-2018-0820
  CVE-2018-0821
  CVE-2018-0822
  CVE-2018-0823
  CVE-2018-0825
  CVE-2018-0826
  CVE-2018-0827
  CVE-2018-0828
  CVE-2018-0829
  CVE-2018-0830
  CVE-2018-0831
  CVE-2018-0832
  CVE-2018-0833
  CVE-2018-0842
  CVE-2018-0843
  CVE-2018-0844
  CVE-2018-0846
  CVE-2018-0847
  ADV180005
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2018-0742
  warning
• CVE-2018-0756
  warning
• CVE-2018-0757
  warning
• CVE-2018-0760
  warning
• CVE-2018-0809
  high
• CVE-2018-0810
  warning
• CVE-2018-0820
  warning
• CVE-2018-0821
  warning
• CVE-2018-0822
  warning
• CVE-2018-0823
  warning
• CVE-2018-0825
  critical
• CVE-2018-0826
  warning
• CVE-2018-0827
  warning
• CVE-2018-0828
  warning
• CVE-2018-0829
  warning
• CVE-2018-0830
  warning
• CVE-2018-0831
  warning
• CVE-2018-0832
  warning
• CVE-2018-0833
  high
• CVE-2018-0842
  high
• CVE-2018-0843
  warning
• CVE-2018-0844
  warning
• CVE-2018-0846
  warning
• CVE-2018-0847
  warning

Список KB

• 4074591
• 4074590
• 4074594
• 4074597
• 4074593
• 4074589
• 4074596
• 4074592
• 4074588

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com