CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.3%
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions.
Below is a complete list of vulnerabilities:
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2018-8552 critical
CVE-2018-8408 high
CVE-2018-8553 critical
CVE-2018-8550 critical
CVE-2018-8562 critical
CVE-2018-8561 critical
CVE-2018-8563 high
CVE-2018-8415 critical
CVE-2018-8471 critical
CVE-2018-8547 high
CVE-2018-8544 critical
CVE-2018-8485 critical
CVE-2018-8476 critical
CVE-2018-8589 critical
CVE-2018-8256 critical
CVE-2018-8565 high
CVE-2018-8549 high
CVE-2018-8450 critical
CVE-2018-8407 high
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/4466536
support.microsoft.com/kb/4467106
support.microsoft.com/kb/4467107
support.microsoft.com/kb/4467678
support.microsoft.com/kb/4467697
support.microsoft.com/kb/4467700
support.microsoft.com/kb/4467701
support.microsoft.com/kb/4467703
support.microsoft.com/kb/4467706
support.microsoft.com/kb/5039339
support.microsoft.com/kb/5039341
support.microsoft.com/kb/5044410
support.microsoft.com/kb/5044412
msrc.microsoft.com/update-guide/advisory/ADV990001
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8256
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8407
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8408
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8415
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8450
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8471
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8476
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8485
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8544
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8547
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8549
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8550
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8552
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8553
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8561
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8562
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8563
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8565
msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8589
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.3%