Beschreibung: | Summary: This host is missing a critical security update according to Microsoft KB4343909
Vulnerability Insight: Multiple flaws exist due to:
- A new speculative execution side channel vulnerability known as L1 Terminal Fault.
- Diagnostics Hub Standard Collector allows file creation in arbitrary locations.
- Multiple security bypass vulnerabilities exist in Device Guard.
- Chakra scripting engine improperly handles objects in memory in Microsoft Edge.
- Internet Explorer improperly validates hyperlinks before loading executable libraries.
- Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.
- Windows kernel and DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
- NDIS fails to check the length of a buffer prior to copying memory to it.
- Windows font library improperly handles specially crafted embedded fonts.
- An improper processing for a .LNK file.
- 'Microsoft COM for Windows' fails to properly handle serialized objects.
- Microsoft browsers improperly allow cross-frame interaction.
- Microsoft browsers allowing sandbox escape.
- Microsoft Edge improperly handles redirect requests and specific HTML content.
- Microsoft .NET Framework improperly access information in multi-tenant environments.
- WebAudio Library improperly handles audio requests.
- Windows GDI component improperly discloses the contents of its memory.
- Windows PDF Library improperly handles objects in memory.
- Microsoft Edge does not properly parse HTTP content.
- Windows Shell does not properly validate file paths.
Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code, run processes in an elevated context, obtain information to further compromise the user's system, trick a user into believing that the user was on a legitimate website, read privileged data across trust boundaries and also bypass certain security restrictions.
Affected Software/OS: - Microsoft Windows 10 Version 1803 for 32-bit Systems
- Microsoft Windows 10 Version 1803 for x64-based Systems
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|