Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11894
HistoryMay 08, 2018 - 12:00 a.m.

KLA11894 Multiple vulnerabilities in Microsoft Products (ESU)

2018-05-0800:00:00
Kaspersky Lab
threats.kaspersky.com
41

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
  2. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  3. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
  4. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  5. A remote code execution vulnerability in Windows VBScript Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  6. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted document to execute arbitrary code.
  7. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  8. A remote code execution vulnerability in Microsoft COM for Windows can be exploited remotely via specially crafted file to execute arbitrary code.
  9. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.

Original advisories

CVE-2018-0959

CVE-2018-0954

CVE-2018-8167

CVE-2018-8166

CVE-2018-8164

CVE-2018-8174

CVE-2018-8136

CVE-2018-8897

CVE-2018-0955

CVE-2018-0824

CVE-2018-8120

CVE-2018-8127

CVE-2018-8124

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

Microsoft-Edge

ChakraCore

CVE list

CVE-2018-8167 high

CVE-2018-8166 high

CVE-2018-8164 critical

CVE-2018-8897 critical

CVE-2018-8120 high

CVE-2018-8127 high

CVE-2018-8124 high

CVE-2018-0824 critical

CVE-2018-8174 critical

CVE-2018-8136 critical

CVE-2018-0959 critical

CVE-2018-0954 critical

CVE-2018-0955 critical

KB list

4103712

4103718

4134651

4131188

4094079

4130944

4101477

4130956

4103768

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 for 32-bit SystemsWindows Server, version 1803 (Server Core Installation)Internet Explorer 9Windows 10 for x64-based SystemsWindows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2012ChakraCoreWindows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows Server 2008 for 32-bit Systems Service Pack 2Internet Explorer 11Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2016Windows 10 Version 1709 for x64-based SystemsWindows RT 8.1Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows 10 Version 1703 for x64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1511 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1511 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 10 Version 1803 for 32-bit SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Internet Explorer 10Windows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1709 for 32-bit SystemsWindows Server 2012 R2Windows 10 Version 1803 for x64-based Systems

References

Related

mskb 18
nessus 19
nvd 12
attackerkb 3
prion 12
cvelist 12
cve 12
openvas 8
kaspersky 1
threatpost 3
thn 2
malwarebytes 2
metasploit 3
securelist 5
checkpoint_advisories 8
zdt 5
mscve 13
canvas 2
cisa_kev 2
symantec 12
packetstorm 3
zdi 5
qualysblog 2
krebs 1
fireeye 2
hackread 1
photon 1
oraclelinux 3
exploitpack 2
huawei 2
debiancve 1
freebsd 1
redhat 2
cisa 1
redhatcve 1
xen 1
myhack58 2
exploitdb 3
cert 1
ubuntucve 1
veracode 1
freebsd_advisory 1
osv 1
f5 1
trellix 2
seebug 1
mssecure 1
trendmicroblog 1
mskb
mskb
May 8, 2018—KB4103712 (Security-only update)
2018-05-08 07:00:00
May 8, 2018—KB4103730 (Monthly Rollup)
2018-05-08 07:00:00
May 8, 2018—KB4103726 (Security-only update)
2018-05-08 07:00:00
nessus
nessus
Security Updates for Windows Server 2008 (May 2018)
2018-05-09 00:00:00
KB4103726: Windows Server 2012 May 2018 Security Update
2018-05-08 00:00:00
KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update
2018-05-08 00:00:00
nvd
nvd
CVE-2018-8164
2018-05-09 19:29:02
CVE-2018-8120
2018-05-09 19:29:01
CVE-2018-8124
2018-05-09 19:29:01
attackerkb
attackerkb
CVE-2018-8120
2018-05-09 00:00:00
CVE-2018-8164
2018-05-09 00:00:00
CVE-2018-8174
2018-05-09 00:00:00
prion
prion
Privilege escalation
2018-05-09 19:29:00
Privilege escalation
2018-05-09 19:29:00
Privilege escalation
2018-05-09 19:29:00
cvelist
cvelist
CVE-2018-8166
2018-05-09 19:00:00
CVE-2018-8120
2018-05-09 19:00:00
CVE-2018-8124
2018-05-09 19:00:00
cve
cve
CVE-2018-8124
2018-05-09 19:29:01
CVE-2018-8120
2018-05-09 19:29:01
CVE-2018-8166
2018-05-09 19:29:02
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4103718)
2018-05-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4103725)
2018-05-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4103723)
2018-05-09 00:00:00
kaspersky
kaspersky
KLA11241 Multiple vulnerabilities in Microsoft Windows
2018-05-08 00:00:00
threatpost
threatpost
May Patch Tuesday Fixes Two Bugs Under Active Attack
2018-05-08 20:42:20
ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
2019-05-13 16:46:09
Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked
2018-05-10 15:37:07
thn
thn
Microsoft Patches Two Zero-Day Flaws Under Active Attack
2018-05-09 06:14:00
Two Zero-Day Exploits Found After Someone Uploaded 'Unarmed' PoC to VirusTotal
2018-07-02 18:28:00
malwarebytes
malwarebytes
Adobe Reader zero-day discovered alongside Windows vulnerability
2018-05-15 18:44:14
Maze: the ransomware that introduced an extra twist
2020-05-29 15:00:00
metasploit
metasploit
Windows SetImeInfoEx Win32k NULL Pointer Dereference
2018-10-10 19:41:14
Windows unmarshal post exploitation
2018-10-19 23:15:44
Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
2018-07-13 06:11:37
securelist
securelist
ScarCruft continues to evolve, introduces Bluetooth harvester
2019-05-13 10:00:03
CactusPete APT group’s updated Bisonal backdoor
2020-08-13 10:00:09
A mining multitool
2018-07-26 10:00:25
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2018-8167)
2018-05-08 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2018-8120)
2018-05-08 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2018-8164)
2018-05-08 00:00:00
zdt
zdt
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference Exploit
2018-10-22 00:00:00
Microsoft COM for Windows - Privilege Escalation Exploit
2018-06-19 00:00:00
Microsoft Windows #MicrosoftWindows POP/MOV SS Local Privilege Elevation Exploit
2018-07-13 00:00:00
mscve
mscve
Win32k Elevation of Privilege Vulnerability
2018-05-08 07:00:00
Win32k Elevation of Privilege Vulnerability
2018-05-08 07:00:00
Windows Remote Code Execution Vulnerability
2018-05-08 07:00:00
canvas
canvas
Immunity Canvas: SETIMEINFOEX_LPE
2018-05-09 19:29:00
Immunity Canvas: UNMARSHAL_TO_SYSTEM
2018-09-07 14:29:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-03-15 00:00:00
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
2022-02-15 00:00:00
symantec
symantec
Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8164 Local Privilege Escalation Vulnerability
2018-05-08 00:00:00
Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8120 Local Privilege Escalation Vulnerability
2018-05-08 00:00:00
Microsoft Windows Common Log File System CVE-2018-8167 Local Privilege Escalation Vulnerability
2018-05-08 00:00:00
packetstorm
packetstorm
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference
2018-10-19 00:00:00
Microsoft Internet Explorer 11 Vbscript Code Execution
2018-05-24 00:00:00
Microsoft Windows POP/MOV SS Local Privilege Elevation
2018-07-13 00:00:00
zdi
zdi
Microsoft Windows win32k Menu Use-After-Free Privilege Escalation Vulnerability
2018-05-14 00:00:00
(Pwn2Own) Microsoft Windows D3DKMTCreateDCFromMemory Memory Corruption Privilege Escalation Vulnerability
2018-06-08 00:00:00
Microsoft Windows VBScript Class_Terminate Use-After-Free Remote Code Execution Vulnerability
2018-06-05 00:00:00
qualysblog
qualysblog
May 2018 Patch Tuesday – Medium Weight, However One Active Exploit Needs Attention
2018-05-08 18:20:24
What we’ve got here is failure to communicate: OS vendors misread CPU docs, create flaw
2018-05-14 18:47:42
krebs
krebs
Microsoft Patch Tuesday, May 2018 Edition
2018-05-08 20:38:16
fireeye
fireeye
Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware
2018-09-06 11:00:00
Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
2020-05-07 00:00:00
hackread
hackread
New backdoor malware hits Slack and Github platforms
2019-03-08 15:56:09
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0132-A
2018-05-03 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-05-08 00:00:00
Unbreakable Enterprise kernel security update
2018-05-08 00:00:00
kernel security update
2018-09-18 00:00:00
exploitpack
exploitpack
Microsoft Windows - POPMOV SS Privilege Escalation
2018-05-22 00:00:00
Microsoft COM for Windows - Privilege Escalation
2018-06-18 00:00:00
huawei
huawei
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
2019-09-21 00:00:00
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
2019-09-21 00:00:00
debiancve
debiancve
CVE-2018-8897
2018-05-08 18:29:00
freebsd
freebsd
FreeBSD -- Mishandling of x86 debug exceptions
2018-05-08 00:00:00
redhat
redhat
(RHSA-2018:1353) Moderate: kernel security update
2018-05-08 21:59:19
(RHSA-2018:1352) Moderate: kernel security update
2018-05-08 21:59:05
cisa
cisa
Debug Exception May Cause Unexpected Behavior
2018-05-08 00:00:00
redhatcve
redhatcve
CVE-2018-8897
2020-04-07 11:35:31
xen
xen
x86: mishandling of debug exceptions
2018-05-08 16:45:00
myhack58
myhack58
The Windows VBScript Engine RCE vulnerability of CVE-2018-8174 analysis and use-vulnerability and early warning-the black bar safety net
2018-11-08 00:00:00
CVE-2018-4990 Adobe Reader code execution exploit analysis-exploit warning-the black bar safety net
2018-06-01 00:00:00
exploitdb
exploitdb
Microsoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
2018-10-22 00:00:00
Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)
2018-07-13 00:00:00
Microsoft Windows - 'POP/MOV SS' Privilege Escalation
2018-05-22 00:00:00
cert
cert
Hardware debug exception documentation may result in unexpected behavior
2018-05-08 00:00:00
ubuntucve
ubuntucve
CVE-2018-8897
2018-05-08 00:00:00
veracode
veracode
Local Privilege Escalation
2019-01-15 09:21:51
freebsd_advisory
freebsd_advisory
FreeBSD-SA-18:06.debugreg
2018-05-08 00:00:00
osv
osv
CVE-2018-8897
2018-05-08 18:29:00
f5
f5
K17403481 : Linux kernel vulnerability CVE-2018-8897
2018-05-15 00:00:00
trellix
trellix
Rapidly Evolving Ransomware Gandcrab Version
2018-10-10 00:00:00
Rapidly Evolving Ransomware Gandcrab Version
2018-10-10 00:00:00
seebug
seebug
Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability(CVE-2018-8120)
2018-05-21 00:00:00
mssecure
mssecure
Taking apart a double zero-day sample discovered in joint hunt with ESET
2018-07-02 15:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018
2018-05-11 15:37:20

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON
Related for KLA11894
mskb18nessus19nvd12attackerkb3prion12cvelist12cve12openvas8kaspersky1threatpost3thn2malwarebytes2metasploit3securelist5checkpoint_advisories8zdt5mscve13canvas2cisa_kev2symantec12packetstorm3zdi5qualysblog2krebs1fireeye2hackread1photon1oraclelinux3exploitpack2huawei2debiancve1freebsd1redhat2cisa1redhatcve1xen1myhack582exploitdb3cert1ubuntucve1veracode1freebsd_advisory1osv1f51trellix2seebug1mssecure1trendmicroblog1