KLA11898 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
2. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
3. A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely to execute arbitrary code.
4. An elevation of privilege vulnerability in Windows COM Aggregate Marshaler can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Windows when the Win32k component fails to properly handle objects in memory can be exploited remotely to gain privileges.
6. Information disclosure vulnerability when DirectX improperly handles objects in memory can be exploited to obtain sensitive information.
7. A tampering vulnerability exists in PowerShell can be exploited to execute unlogged code.
8. An elevation of privilege vulnerability in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory can be exploited remotely to gain privileges.
9. A remote code execution vulnerability in the way that the VBScript engine handles objects in memory can be exploited remotely to execute arbitrary code.
10. A remote code execution vulnerability in the way that Windows Deployment Services TFTP Server handles objects in memory can be exploited remotely to execute arbitrary code.
11. An elevation of privilege vulnerability when Windows improperly handles calls to Win32k.sys can be exploited remotely to gain privileges.
12. A remote code execution vulnerability when PowerShell improperly handles specially crafted files can be exploited remotely to execute arbitrary code.
13. Information disclosure vulnerability when the win32k component improperly provides kernel information can be exploited to obtain sensitive information.
14. A remote code execution vulnerability when Windows Search handles objects in memory can be exploited remotely to execute arbitrary code.
15. Information disclosure vulnerability when “Kernel Remote Procedure Call Provider” driver improperly initializes objects in memory can be exploited to obtain sensitive information.
16. Security vulnerability when Windows incorrectly validates kernel driver signatures can be exploited to bypass security restrictions.
17. Security UI vulnerability when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server can be exploited to spoof user interface.
18. An elevation of privilege vulnerability when DirectX improperly handles objects in memory can be exploited remotely to gain privileges.

Original advisories

CVE-2018-8552

CVE-2018-8408

CVE-2018-8553

CVE-2018-8550

CVE-2018-8562

CVE-2018-8563

CVE-2018-8415

CVE-2018-8471

CVE-2018-8544

CVE-2018-8476

CVE-2018-8589

CVE-2018-8256

CVE-2018-8565

CVE-2018-8450

CVE-2018-8407

CVE-2018-8549

CVE-2018-8547

CVE-2018-8485

CVE-2018-8561

ADV990001

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2018-8552 critical

CVE-2018-8408 high

CVE-2018-8553 critical

CVE-2018-8550 critical

CVE-2018-8562 critical

CVE-2018-8561 critical

CVE-2018-8563 high

CVE-2018-8415 critical

CVE-2018-8471 critical

CVE-2018-8547 high

CVE-2018-8544 critical

CVE-2018-8485 critical

CVE-2018-8476 critical

CVE-2018-8589 critical

CVE-2018-8256 critical

CVE-2018-8565 high

CVE-2018-8549 high

CVE-2018-8450 critical

CVE-2018-8407 high

KB list

4467701

4467697

4467706

4466536

4467107

4467703

4467678

4467700

4467106

5039339

5039341

5044412

5044410

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Internet Explorer 9Windows Server 2012 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2012Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2012 R2