Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11333
HistoryOct 09, 2018 - 12:00 a.m.

KLA11333 Multiple vulnerabilities in Microsoft Windows

2018-10-0900:00:00
Kaspersky Lab
threats.kaspersky.com
626

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

Low

EPSS

0.947

Percentile

99.3%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in Windows DNS can be exploited remotely to bypass security restrictions.
  2. An elevation of privilege vulnerability in Microsoft Filter Manager can be exploited remotely via specially crafted file to gain privileges.
  3. A remote code execution vulnerability in Microsoft JET Database Engine can be exploited remotely via specially crafted to execute arbitrary code.
  4. A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
  5. An information disclosure vulnerability in DirectX can be exploited remotely via specially crafted application to obtain sensitive information.
  6. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  7. An information disclosure vulnerability in Windows TCP/IP can be exploited remotely via specially crafted fragmented to obtain sensitive information.
  8. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  9. A security feature bypass vulnerability in Device Guard Code Integrity Policy can be exploited remotely to bypass security restrictions.
  10. An information disclosure vulnerability in Windows Media Player can be exploited remotely via specially crafted hyperlink to obtain sensitive information.
  11. An information disclosure vulnerability in Microsoft Windows Codecs Library can be exploited remotely via specially crafted image to obtain sensitive information.
  12. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
  13. A remote code execution vulnerability in Windows Theme API can be exploited remotely via specially crafted file to execute arbitrary code.
  14. An elevation of privilege vulnerability in Linux On Windows can be exploited remotely via specially crafted application to gain privileges.
  15. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  16. An elevation of privilege vulnerability in NTFS can be exploited remotely via specially crafted application to gain privileges.
  17. A remote code execution vulnerability in MS XML can be exploited remotely via specially crafted website to execute arbitrary code.
  18. A remote code execution vulnerability in Windows Shell can be exploited remotely via specially crafted website to execute arbitrary code.
  19. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely via specially crafted application to gain privileges.
  20. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.

Original advisories

CVE-2018-8320

CVE-2018-8333

CVE-2018-8423

CVE-2018-8432

CVE-2018-8486

CVE-2018-8330

CVE-2018-8493

CVE-2018-8472

CVE-2018-8492

CVE-2018-8481

CVE-2018-8482

CVE-2018-8506

CVE-2018-8490

CVE-2018-8413

CVE-2018-8329

CVE-2018-8453

CVE-2018-8411

CVE-2018-8494

CVE-2018-8495

CVE-2018-8484

CVE-2018-8489

CVE-2018-8497

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Word

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2018-8320 warning

CVE-2018-8333 high

CVE-2018-8423 critical

CVE-2018-8432 critical

CVE-2018-8486 high

CVE-2018-8330 high

CVE-2018-8493 critical

CVE-2018-8472 high

CVE-2018-8492 high

CVE-2018-8481 warning

CVE-2018-8482 warning

CVE-2018-8506 high

CVE-2018-8490 critical

CVE-2018-8413 critical

CVE-2018-8329 critical

CVE-2018-8453 critical

CVE-2018-8411 critical

CVE-2018-8494 critical

CVE-2018-8495 critical

CVE-2018-8484 critical

CVE-2018-8489 critical

CVE-2018-8497 critical

KB list

4462917

4462918

4462931

4462919

4464330

4462929

4462937

4462922

4462926

4462941

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1703 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709 for x64-based Systems

References

Related

mskb 20
nessus 11
kaspersky 1
openvas 8
thn 2
talosblog 2
prion 22
nvd 21
cvelist 21
cve 22
krebs 1
qualysblog 1
mscve 20
symantec 19
myhack58 1
zdi 3
checkpoint_advisories 8
exploitdb 2
canvas 1
attackerkb 2
packetstorm 1
zdt 2
metasploit 1
trellix 2
talos 1
cisa_kev 1
securelist 1
threatpost 1
srcincite 1
mskb
mskb
October 9, 2018—KB4462941 (Security-only update)
2018-10-09 07:00:00
October 9, 2018—KB4462929 (Monthly Rollup)
2018-10-09 07:00:00
October 9, 2018—KB4462915 (Security-only update)
2018-10-09 07:00:00
nessus
nessus
KB4462931: Windows Server 2012 October 2018 Security Update
2018-10-09 00:00:00
KB4462941: Windows 8.1 and Windows Server 2012 R2 October 2018 Security Update
2018-10-09 00:00:00
KB4462917: Windows 10 Version 1607 and Windows Server 2016 October 2018 Security Update
2018-10-09 00:00:00
kaspersky
kaspersky
KLA11889 Multiple vulnerabilities in Microsoft Products (ESU)
2018-10-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4462926)
2018-10-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4462923)
2018-10-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4462917)
2018-10-10 00:00:00
thn
thn
Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
2018-10-09 18:40:00
The Hottest Malware Hits of the Summer
2019-09-06 13:02:00
talosblog
talosblog
Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
2018-10-09 11:38:00
Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
2018-10-10 09:21:00
prion
prion
Information disclosure
2018-10-10 13:29:00
Remote code execution
2018-10-10 13:29:00
Remote code execution
2018-10-10 13:29:00
nvd
nvd
CVE-2018-8490
2018-10-10 13:29:03
CVE-2018-8489
2018-10-10 13:29:03
CVE-2018-8481
2018-10-10 13:29:03
cvelist
cvelist
CVE-2018-8490
2018-10-10 13:00:00
CVE-2018-8482
2018-10-10 13:00:00
CVE-2018-8481
2018-10-10 13:00:00
cve
cve
CVE-2018-8489
2018-10-10 13:29:03
CVE-2018-8490
2018-10-10 13:29:03
CVE-2018-8481
2018-10-10 13:29:03
krebs
krebs
Patch Tuesday, October 2018 Edition
2018-10-11 07:34:56
qualysblog
qualysblog
October 2018 Patch Tuesday – 49 Vulns, Critical browser patches, Hyper-V, Adobe vulns
2018-10-09 18:21:32
mscve
mscve
Linux On Windows Elevation Of Privilege Vulnerability
2018-10-09 07:00:00
Windows Kernel Elevation of Privilege Vulnerability
2018-10-09 07:00:00
Windows Kernel Information Disclosure Vulnerability
2018-10-09 07:00:00
symantec
symantec
Microsoft Windows Subsystem for Linux CVE-2018-8329 Local Privilege Escalation Vulnerability
2018-10-09 00:00:00
Microsoft Windows Kernel CVE-2018-8497 Local Privilege Escalation Vulnerability
2018-10-09 00:00:00
Microsoft Windows TCP/IP CVE-2018-8493 Information Disclosure Vulnerability
2018-10-09 00:00:00
myhack58
myhack58
Microsoft Edge browser-explosive high-risk vulnerabilities, controlled by computer-executable any command-vulnerability warning-the black bar safety net
2018-10-13 00:00:00
zdi
zdi
Microsoft Edge Hazardous URI Insufficient UI Warning Remote Code Execution Vulnerability
2018-10-10 00:00:00
Microsoft Windows SMB2 Out-Of-Bounds Access Information Disclosure Vulnerability
2018-10-10 00:00:00
(0Day) Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
2018-09-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Shell Remote Code Execution (CVE-2018-8495)
2018-10-09 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2018-8453)
2018-10-09 00:00:00
Microsoft DirectX Information Disclosure (CVE-2018-8486)
2018-10-09 00:00:00
exploitdb
exploitdb
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
2019-07-17 00:00:00
Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure
2018-10-16 00:00:00
canvas
canvas
Immunity Canvas: SETWINDOWFNID_LPE
2018-10-10 13:29:00
attackerkb
attackerkb
CVE-2018-8453
2018-10-10 00:00:00
CVE-2018-8453
2018-10-10 00:00:00
packetstorm
packetstorm
Microsoft Windows NtUserSetWindowFNID Win32k User Callback
2019-07-16 00:00:00
zdt
zdt
Microsoft Windows NtUserSetWindowFNID Win32k User Callback Exploit
2019-07-17 00:00:00
Microsoft Windows - FSCTL_FIND_FILES_BY_SID Information Disclosure Exploit
2018-10-16 00:00:00
metasploit
metasploit
Windows NtUserSetWindowFNID Win32k User Callback
2019-07-09 12:15:13
trellix
trellix
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us
2019-10-02 00:00:00
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us
2019-10-02 00:00:00
talos
talos
Microsoft WindowsCodecs.dll SniffAndConvertToWideString information leak vulnerability
2018-10-10 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-01-21 00:00:00
securelist
securelist
Sodin ransomware exploits Windows vulnerability and processor architecture
2019-07-03 10:00:00
threatpost
threatpost
Microsoft Patches Zero-Day Under Active Attack by APT
2018-10-09 21:24:54
srcincite
srcincite
SRC-2018-0029 : Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
2018-09-02 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

Low

EPSS

0.947

Percentile

99.3%

JSON
Related for KLA11333
mskb20nessus11kaspersky1openvas8thn2talosblog2prion22nvd21cvelist21cve22krebs1qualysblog1mscve20symantec19myhack581zdi3checkpoint_advisories8exploitdb2canvas1attackerkb2packetstorm1zdt2metasploit1trellix2talos1cisa_kev1securelist1threatpost1srcincite1