Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11207
HistoryMar 13, 2018 - 12:00 a.m.

KLA11207 Multiple vulnerabilities in Microsoft Windows

2018-03-1300:00:00
Kaspersky Lab
threats.kaspersky.com
173

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

Low

EPSS

0.671

Percentile

98.0%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  2. An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.
  3. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in Windows Desktop Bridge VFS can be exploited remotely via specially crafted application to gain privileges.
  5. An information disclosure vulnerability in Windows Remote Assistance can be exploited remotely via specially crafted to obtain sensitive information.
  6. An elevation of privilege vulnerability in Windows Desktop Bridge can be exploited remotely via specially crafted application to gain privileges.
  7. An elevation of privilege vulnerability in Microsoft Video Control can be exploited remotely via specially crafted application to gain privileges.
  8. A remote code execution vulnerability in Windows Shell can be exploited remotely via specially crafted file to execute arbitrary code.
  9. A security feature bypass vulnerability in Windows can be exploited remotely to bypass security restrictions.
  10. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
  11. A remote code execution vulnerability in CredSSP can be exploited remotely via specially crafted application to execute arbitrary code.
  12. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to obtain sensitive information.
  13. A security feature bypass vulnerability in CNG can be exploited remotely via specially crafted application to bypass security restrictions.
  14. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  15. An elevation of privilege vulnerability in Windows Storage Services can be exploited remotely via specially crafted application to gain privileges.

Original advisories

CVE-2018-0811

CVE-2018-0813

CVE-2018-0814

CVE-2018-0816

CVE-2018-0817

CVE-2018-0868

CVE-2018-0877

CVE-2018-0878

CVE-2018-0880

CVE-2018-0881

CVE-2018-0882

CVE-2018-0883

CVE-2018-0884

CVE-2018-0885

CVE-2018-0886

CVE-2018-0888

CVE-2018-0894

CVE-2018-0895

CVE-2018-0896

CVE-2018-0897

CVE-2018-0898

CVE-2018-0899

CVE-2018-0900

CVE-2018-0901

CVE-2018-0902

CVE-2018-0904

CVE-2018-0926

CVE-2018-0977

CVE-2018-0983

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2018-0811 warning

CVE-2018-0813 warning

CVE-2018-0814 warning

CVE-2018-0816 high

CVE-2018-0817 high

CVE-2018-0868 high

CVE-2018-0877 high

CVE-2018-0878 warning

CVE-2018-0880 high

CVE-2018-0881 high

CVE-2018-0882 high

CVE-2018-0883 critical

CVE-2018-0884 warning

CVE-2018-0885 high

CVE-2018-0886 critical

CVE-2018-0888 warning

CVE-2018-0894 warning

CVE-2018-0895 warning

CVE-2018-0896 warning

CVE-2018-0897 warning

CVE-2018-0898 warning

CVE-2018-0899 warning

CVE-2018-0900 warning

CVE-2018-0901 warning

CVE-2018-0902 warning

CVE-2018-0904 warning

CVE-2018-0926 warning

CVE-2018-0977 high

CVE-2018-0983 high

KB list

4103723

4088782

4088787

4088786

4088779

4088877

4088776

4088876

4088879

4088880

4103716

4103731

4103715

4103721

4103730

4103726

4103727

4103725

4556799

4551853

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows 10 Version 1511 for 32-bit SystemsWindows 10 Version 1511 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1703 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows 10 Version 1803 for x64-based SystemsWindows Server 2019 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows Server, version 1803 (Server Core Installation)Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2016 (Server Core installation)Windows Server, version 1709 (Server Core Installation)Windows Server 2019Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for x64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit Systems

References

Related

mskb 18
prion 25
cvelist 25
cve 26
nvd 28
nessus 9
kaspersky 1
openvas 6
trendmicroblog 1
qualysblog 1
talosblog 1
threatpost 1
checkpoint_advisories 5
zdi 2
zdt 5
packetstorm 1
symantec 16
mscve 14
thn 1
exploitdb 6
seebug 3
exploitpack 3
osv 1
mskb
mskb
March 13, 2018—KB4088879 (Security-only update)
2018-03-13 07:00:00
March 13, 2018—KB4088880 (Security-only update)
2018-03-13 07:00:00
March 13, 2018—KB4088878 (Security-only update)
2018-03-13 07:00:00
prion
prion
Information disclosure
2018-03-14 17:29:00
Information disclosure
2018-03-14 17:29:00
Information disclosure
2018-03-14 17:29:00
cvelist
cvelist
CVE-2018-0811
2018-03-14 17:00:00
CVE-2018-0899
2018-03-14 17:00:00
CVE-2018-0896
2018-03-14 17:00:00
cve
cve
CVE-2018-0895
2018-03-14 17:29:01
CVE-2018-0896
2018-03-14 17:29:01
CVE-2018-0900
2018-03-14 17:29:02
nvd
nvd
CVE-2018-0811
2018-03-14 17:29:00
CVE-2018-0814
2018-03-14 17:29:00
CVE-2018-0899
2018-03-14 17:29:02
nessus
nessus
Security Updates for Windows Server 2008 (March 2018)
2018-03-13 00:00:00
KB4088787: Windows 10 Version 1607 and Windows Server 2016 March 2018 Security Update
2018-03-13 00:00:00
KB4088879: Windows 8.1 and Windows Server 2012 R2 March 2018 Security Update (Meltdown)(Spectre)
2018-03-13 00:00:00
kaspersky
kaspersky
KLA11778 Multiple vulnerabilities in Microsoft Products (ESU)
2018-03-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4088875)
2018-03-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4088876)
2018-03-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4088787)
2018-03-14 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018
2018-03-16 15:14:43
qualysblog
qualysblog
March Patch Tuesday – 75 Microsoft vulnerabilities, 7 for Adobe
2018-03-13 18:39:45
talosblog
talosblog
Microsoft Patch Tuesday - March 2018
2018-03-13 14:38:00
threatpost
threatpost
Microsoft Patches 15 Critical Bugs in March Patch Tuesday Update
2018-03-13 18:25:37
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Desktop Bridge VFS Elevation of Privilege (CVE-2018-0877)
2018-03-13 00:00:00
Microsoft Windows Remote Assistance XXE Injection Information Disclosure (CVE-2018-0878)
2018-03-20 00:00:00
Microsoft Windows Shell Remote Code Execution (CVE-2018-0883)
2018-03-13 00:00:00
zdi
zdi
Microsoft Windows Remote Assistance XML External Entity Processing Information Disclosure Vulnerability
2018-03-19 00:00:00
Microsoft Windows BasicRender Untrusted Pointer Dereference Privilege Escalation Vulnerability
2018-03-19 00:00:00
zdt
zdt
Microsoft Windows - Desktop Bridge VFS Privilege Escalation Exploit
2018-03-20 00:00:00
Microsoft Windows Remote Assistance - XML External Entity Injection Vulnerability
2018-03-28 00:00:00
Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) 64-bit Pool Memory
2018-03-20 00:00:00
packetstorm
packetstorm
Microsoft Windows Remote Assistance XXE Injection
2018-03-28 00:00:00
symantec
symantec
Microsoft Windows Desktop Bridge VFS CVE-2018-0877 Local Privilege Escalation Vulnerability
2018-03-13 00:00:00
Microsoft Windows Desktop Bridge CVE-2018-0880 Local Privilege Escalation Vulnerability
2018-03-13 00:00:00
Microsoft Windows Kernel CVE-2018-0926 Local Information Disclosure Vulnerability
2018-03-13 00:00:00
mscve
mscve
Windows Remote Assistance Information Disclosure Vulnerability
2018-03-13 07:00:00
Windows Desktop Bridge Elevation of Privilege Vulnerability
2018-03-13 07:00:00
Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
2018-03-13 07:00:00
thn
thn
Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files
2018-03-20 18:56:00
exploitdb
exploitdb
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation
2018-03-20 00:00:00
Microsoft Windows - Desktop Bridge VFS Privilege Escalation
2018-03-20 00:00:00
Microsoft Windows Remote Assistance - XML External Entity Injection
2018-03-28 00:00:00
seebug
seebug
Windows Kernel 64-bit pool memory disclosure in NtQueryVirtualMemory(MemoryMappedFilenameInformation)(CVE-2018-0894)
2018-03-23 00:00:00
Windows Kernel 64-bit stack memory disclosure in msrpc!LRPC_CASSOCIATION::AlpcSendCancelMessage(CVE-2018-0896)
2018-03-23 00:00:00
Windows Kernel 64-bit stack memory disclosure in NtQueryInformationThread(ThreadBasicInformation)(CVE-2018-0895)
2018-03-23 00:00:00
exploitpack
exploitpack
Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
2018-06-20 00:00:00
Microsoft Windows Remote Assistance - XML External Entity Injection
2018-03-28 00:00:00
Microsoft Credential Security Support Provider - Remote Code Execution
2018-04-13 00:00:00
osv
osv
python310-pyspnego-0.5.0-1.1 on GA media
2024-06-15 00:00:00

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

Low

EPSS

0.671

Percentile

98.0%

JSON
Related for KLA11207
mskb18prion25cvelist25cve26nvd28nessus9kaspersky1openvas6trendmicroblog1qualysblog1talosblog1threatpost1checkpoint_advisories5zdi2zdt5packetstorm1symantec16mscve14thn1exploitdb6seebug3exploitpack3osv1