Дата обнаружения
|
08/05/2018 |
Уровень угрозы
|
Critical |
Описание
|
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities:
|
Эксплуатация
|
The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/45024 https://www.exploit-db.com/exploits/44697 https://www.exploit-db.com/exploits/45653 https://github.com/bigric3/cve-2018-8120 https://github.com/unamer/CVE-2018-8120 https://github.com/ne1llee/cve-2018-8120 https://github.com/alpha1ab/CVE-2018-8120 https://github.com/EVOL4/CVE-2018-8120 https://github.com/ozkanbilge/CVE-2018-8120 https://github.com/qiantu88/CVE-2018-8120 https://github.com/Y0n0Y/cve-2018-8120-exp https://github.com/DreamoneOnly/CVE-2018-8120 https://github.com/StartZYP/CVE-2018-8120 https://github.com/wikiZ/cve-2018-8120 https://github.com/rip1s/CVE-2018-8120 https://www.exploit-db.com/exploits/44906 https://www.exploit-db.com/exploits/44741 https://github.com/0x09AL/CVE-2018-8174-msf https://github.com/Yt1g3r/CVE-2018-8174_EXP https://github.com/SyFi/CVE-2018-8174 https://github.com/orf53975/Rig-Exploit-for-CVE-2018-8174 https://github.com/piotrflorczyk/cve-2018-8174_analysis https://github.com/likescam/CVE-2018-8174-msf https://github.com/ruthlezs/ie11_vbscript_exploit https://github.com/ericisnotrealname/CVE-2018-8174_EXP https://github.com/www201001/https-github.com-iBearcat-CVE-2018-8174_EXP https://github.com/www201001/https-github.com-iBearcat-CVE-2018-8174_EXP.git- https://github.com/delina1/CVE-2018-8174 https://github.com/delina1/CVE-2018-8174_EXP https://github.com/DarkFlameMaster-bit/CVE-2018-8174_EXP https://github.com/lisinan988/CVE-2018-8174-exp https://github.com/sinisterghost/https-github.com-iBearcat-CVE-2018-8174_EXP Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. |
Пораженные продукты
|
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
Решение
|
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) |
Первичный источник обнаружения
|
CVE-2018-0959 CVE-2018-0954 CVE-2018-8167 CVE-2018-8166 CVE-2018-8164 CVE-2018-8174 CVE-2018-8136 CVE-2018-8897 CVE-2018-0955 CVE-2018-0824 CVE-2018-8120 CVE-2018-8127 CVE-2018-8124 |
Оказываемое влияние
?
|
ACE
[?]
OSI
[?]
PE
[?]
|
Связанные продукты
|
Microsoft Internet Explorer Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Windows 10 Microsoft Edge ChakraCore |
CVE-IDS
|
CVE-2018-81674.4Warning
CVE-2018-81666.9High CVE-2018-81647.2High CVE-2018-88977.2High CVE-2018-81207.2High CVE-2018-81272.1Warning CVE-2018-81246.9High CVE-2018-08245.1High CVE-2018-81747.6Critical CVE-2018-81369.3Critical CVE-2018-09597.4High CVE-2018-09547.6Critical CVE-2018-09557.6Critical |
KB list
|
4103712 |