KLA12551
Multiple vulnerabilities in Microsoft Products (ESU)

Обновлено: 09/06/2022
Дата обнаружения
10/07/2018
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows can be exploited remotely to gain privileges.
  2. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  3. A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions.
  4. A denial of service vulnerability in Windows Firewall can be exploited remotely to cause denial of service.
  5. A denial of service vulnerability in Windows can be exploited remotely to cause denial of service.
  6. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  7. A security feature bypass vulnerability in WordPad can be exploited remotely to bypass security restrictions.
  8. A denial of service vulnerability in Windows DNSAPI can be exploited remotely to cause denial of service.
  9. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
Пораженные продукты

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 9
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-8314
CVE-2018-8242
CVE-2018-0949
CVE-2018-8206
CVE-2018-8309
CVE-2018-8308
CVE-2018-8307
CVE-2018-8304
CVE-2018-8282
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Windows
Microsoft Windows Server
Microsoft Windows 7
Microsoft Windows Server 2008
CVE-IDS
CVE-2018-82827.2High
CVE-2018-83144.3Warning
CVE-2018-83076.8High
CVE-2018-83094.9Warning
CVE-2018-83047.1High
CVE-2018-83088.5Critical
CVE-2018-82067.8Critical
CVE-2018-09494.3Warning
CVE-2018-82427.6Critical
KB list

4340583
4338818
4293756
4339503
4339291
4339854
4295656
4338823
4291391
4345459
4338821
4345397
4339093

Узнай статистику распространения уязвимостей в твоем регионе