<html> <head> <!-- this is the css from the old bulletin site. Change this to better style your report to your liking --> <link rel="stylesheet" href="https://i-technet.sec.s-msft.com/Combined.css?resources=0:ImageSprite,0:TopicResponsive,0:TopicResponsive.MediaQueries,1:CodeSnippet,1:ProgrammingSelector,1:ExpandableCollapsibleArea,0:CommunityContent,1:TopicNotInScope,1:FeedViewerBasic,1:ImageSprite,2:Header.2,2:HeaderFooterSprite,2:Header.MediaQueries,2:Banner.MediaQueries,3:megabladeMenu.1,3:MegabladeMenu.MediaQueries,3:MegabladeMenuSpriteCluster,0:Breadcrumbs,0:Breadcrumbs.MediaQueries,0:ResponsiveToc,0:ResponsiveToc.MediaQueries,1:NavSidebar,0:LibraryMemberFilter,4:StandardRating,2:Footer.2,5:LinkList,2:Footer.MediaQueries,0:BaseResponsive,6:MsdnResponsive,0:Tables.MediaQueries,7:SkinnyRatingResponsive,7:SkinnyRatingV2;/Areas/Library/Content:0,/Areas/Epx/Content/Css:1,/Areas/Epx/Themes/TechNet/Content:2,/Areas/Epx/Themes/Shared/Content:3,/Areas/Global/Content:4,/Areas/Epx/Themes/Base/Content:5,/Areas/Library/Themes/Msdn/Content:6,/Areas/Library/Themes/TechNet/Content:7&amp;v=9192817066EC5D087D15C766A0430C95"> <!-- this style section changes cell widths in the exec header table so that the affected products at the end are wide enough to read --> <style> #execHeader td:first-child { width: 10% ;} #execHeader td:nth-child(5) { width: 37% ;} </style> <!-- this section defines explicit width for all cells in the affected software tables. This is so the column width is the same across each product --> <style> .affected_software td:first-child { width: 34% ; } .affected_software td:nth-child(2) { width: 14% ; } .affected_software td:nth-child(3) { width: 6% ; } .affected_software td:nth-child(4) { width: 6% ; } .affected_software td:nth-child(5) { width: 7.5% ; } .affected_software td:nth-child(6) { width: 28.5% ; } .affected_software td:nth-child(7) { width: 4% ; } </style> <!-- remove spacing between table of contents cells --> <style> #tableOfContents tr td { padding: 0px; } </style> </head> <body lang=EN-US link=blue> <div id="documentWrapper" style="width: 90%; margin-left: auto; margin-right: auto;"> <h1 id="top">Microsoft CVE Summary</h1> <p style="margin:0; padding:0">This report contains detail for the following vulnerabilities:</p> <table id="tableOfContents" style="width:65%; margin-top:5"> <tr> <th>Tag</th> <th>CVE ID</th> <th>CVE Title</th> </tr> <tr><td>.NET Framework</td> <td><a href="#CVE-2018-1039">CVE-2018-1039</a></td> <td>.NET Framework Device Guard Security Feature Bypass Vulnerability</td></tr> <tr><td>.NET Framework</td> <td><a href="#CVE-2018-0765">CVE-2018-0765</a></td> <td>.NET and .NET Core Denial of Service Vulnerability</td></tr> <tr><td>Adobe Flash Player</td> <td><a href="#ADV180008">ADV180008</a></td> <td>May 2018 Adobe Flash Security Update</td></tr> <tr><td>Azure</td> <td><a href="#CVE-2018-8119">CVE-2018-8119</a></td> <td>Azure IoT SDK Spoofing Vulnerability</td></tr> <tr><td>Common Log File System Driver</td> <td><a href="#CVE-2018-8167">CVE-2018-8167</a></td> <td>Windows Common Log File System Driver Elevation of Privilege Vulnerability</td></tr> <tr><td>Device Guard</td> <td><a href="#CVE-2018-8129">CVE-2018-8129</a></td> <td>Windows Security Feature Bypass Vulnerability</td></tr> <tr><td>Device Guard</td> <td><a href="#CVE-2018-8132">CVE-2018-8132</a></td> <td>Windows Security Feature Bypass Vulnerability</td></tr> <tr><td>Device Guard</td> <td><a href="#CVE-2018-0854">CVE-2018-0854</a></td> <td>Windows Security Feature Bypass Vulnerability</td></tr> <tr><td>GitHub</td> <td><a href="#CVE-2018-8115">CVE-2018-8115</a></td> <td>Windows Host Compute Service Shim Remote Code Execution Vulnerability</td></tr> <tr><td>Internet Explorer</td> <td><a href="#CVE-2018-8126">CVE-2018-8126</a></td> <td>Internet Explorer Security Feature Bypass Vulnerability</td></tr> <tr><td>Microsoft Browsers</td> <td><a href="#CVE-2018-8178">CVE-2018-8178</a></td> <td>Microsoft Browser Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Browsers</td> <td><a href="#CVE-2018-1025">CVE-2018-1025</a></td> <td>Microsoft Browser Information Disclosure Vulnerability</td></tr> <tr><td>Microsoft Edge</td> <td><a href="#CVE-2018-1021">CVE-2018-1021</a></td> <td>Microsoft Edge Information Disclosure Vulnerability</td></tr> <tr><td>Microsoft Edge</td> <td><a href="#CVE-2018-8123">CVE-2018-8123</a></td> <td>Microsoft Edge Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Edge</td> <td><a href="#CVE-2018-8179">CVE-2018-8179</a></td> <td>Microsoft Edge Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Edge</td> <td><a href="#CVE-2018-8112">CVE-2018-8112</a></td> <td>Microsoft Edge Security Feature Bypass Vulnerability</td></tr> <tr><td>Microsoft Exchange Server</td> <td><a href="#CVE-2018-8151">CVE-2018-8151</a></td> <td>Microsoft Exchange Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Exchange Server</td> <td><a href="#CVE-2018-8152">CVE-2018-8152</a></td> <td>Microsoft Exchange Server Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Exchange Server</td> <td><a href="#CVE-2018-8154">CVE-2018-8154</a></td> <td>Microsoft Exchange Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Exchange Server</td> <td><a href="#CVE-2018-8159">CVE-2018-8159</a></td> <td>Microsoft Exchange Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Exchange Server</td> <td><a href="#CVE-2018-8153">CVE-2018-8153</a></td> <td>Microsoft Exchange Spoofing Vulnerability</td></tr> <tr><td>Microsoft Graphics Component</td> <td><a href="#CVE-2018-8165">CVE-2018-8165</a></td> <td>DirectX Graphics Kernel Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Graphics Component</td> <td><a href="#CVE-2018-8120">CVE-2018-8120</a></td> <td>Win32k Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Graphics Component</td> <td><a href="#CVE-2018-8164">CVE-2018-8164</a></td> <td>Win32k Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Graphics Component</td> <td><a href="#CVE-2018-8124">CVE-2018-8124</a></td> <td>Win32k Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8148">CVE-2018-8148</a></td> <td>Microsoft Excel Remote Code Execution Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8157">CVE-2018-8157</a></td> <td>Microsoft Office Remote Code Execution Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8158">CVE-2018-8158</a></td> <td>Microsoft Office Remote Code Execution Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8173">CVE-2018-8173</a></td> <td>Microsoft InfoPath Remote Code Execution Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8168">CVE-2018-8168</a></td> <td>Microsoft SharePoint Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8150">CVE-2018-8150</a></td> <td>Microsoft Outlook Security Feature Bypass Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8155">CVE-2018-8155</a></td> <td>Microsoft SharePoint Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8147">CVE-2018-8147</a></td> <td>Microsoft Excel Remote Code Execution Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8149">CVE-2018-8149</a></td> <td>Microsoft SharePoint Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8156">CVE-2018-8156</a></td> <td>Microsoft SharePoint Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8162">CVE-2018-8162</a></td> <td>Microsoft Excel Remote Code Execution Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8163">CVE-2018-8163</a></td> <td>Microsoft Excel Information Disclosure Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8160">CVE-2018-8160</a></td> <td>Microsoft Outlook Information Disclosure Vulnerability</td></tr> <tr><td>Microsoft Office</td> <td><a href="#CVE-2018-8161">CVE-2018-8161</a></td> <td>Microsoft Office Remote Code Execution Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-0955">CVE-2018-0955</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-1022">CVE-2018-1022</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8114">CVE-2018-8114</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8122">CVE-2018-8122</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-0954">CVE-2018-0954</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8130">CVE-2018-8130</a></td> <td>Chakra Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8128">CVE-2018-8128</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8177">CVE-2018-8177</a></td> <td>Chakra Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8133">CVE-2018-8133</a></td> <td>Chakra Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8137">CVE-2018-8137</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8139">CVE-2018-8139</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-8145">CVE-2018-8145</a></td> <td>Chakra Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-0946">CVE-2018-0946</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-0945">CVE-2018-0945</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-0951">CVE-2018-0951</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-0953">CVE-2018-0953</a></td> <td>Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Scripting Engine</td> <td><a href="#CVE-2018-0943">CVE-2018-0943</a></td> <td>Chakra Scripting Engine Memory Corruption Vulnerability</td></tr> <tr><td>Microsoft Windows</td> <td><a href="#CVE-2018-0958">CVE-2018-0958</a></td> <td>Windows Security Feature Bypass Vulnerability</td></tr> <tr><td>Microsoft Windows</td> <td><a href="#CVE-2018-8170">CVE-2018-8170</a></td> <td>Windows Image Elevation of Privilege Vulnerability</td></tr> <tr><td>Microsoft Windows</td> <td><a href="#CVE-2018-8136">CVE-2018-8136</a></td> <td>Windows Remote Code Execution Vulnerability</td></tr> <tr><td>Microsoft Windows</td> <td><a href="#CVE-2018-8174">CVE-2018-8174</a></td> <td>Windows VBScript Engine Remote Code Execution Vulnerability</td></tr> <tr><td>Windows COM</td> <td><a href="#CVE-2018-0824">CVE-2018-0824</a></td> <td>Microsoft COM for Windows Remote Code Execution Vulnerability</td></tr> <tr><td>Windows Hyper-V</td> <td><a href="#CVE-2018-0961">CVE-2018-0961</a></td> <td>Hyper-V vSMB Remote Code Execution Vulnerability</td></tr> <tr><td>Windows Hyper-V</td> <td><a href="#CVE-2018-0959">CVE-2018-0959</a></td> <td>Hyper-V Remote Code Execution Vulnerability</td></tr> <tr><td>Windows Kernel</td> <td><a href="#CVE-2018-8166">CVE-2018-8166</a></td> <td>Win32k Elevation of Privilege Vulnerability</td></tr> <tr><td>Windows Kernel</td> <td><a href="#CVE-2018-8127">CVE-2018-8127</a></td> <td>Windows Kernel Information Disclosure Vulnerability</td></tr> <tr><td>Windows Kernel</td> <td><a href="#CVE-2018-8897">CVE-2018-8897</a></td> <td>Windows Kernel Elevation of Privilege Vulnerability</td></tr> <tr><td>Windows Kernel</td> <td><a href="#CVE-2018-8134">CVE-2018-8134</a></td> <td>Windows Elevation of Privilege Vulnerability</td></tr> <tr><td>Windows Kernel</td> <td><a href="#CVE-2018-8141">CVE-2018-8141</a></td> <td>Windows Kernel Information Disclosure Vulnerability</td></tr> </table> <h1 id="CVE-2018-0854">CVE-2018-0854 - Windows Security Feature Bypass Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0854<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0854">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0854">NVD</a></td> <td> <b>CVE Title:</b> Windows Security Feature Bypass Vulnerability <br> <b>Description:</b> <br><p>A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.</p> <p>To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.</p> <p>The update addresses the vulnerability by correcting how Windows Scripting Host handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Security Feature Bypass</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Unlikely</td> <td>Exploitation Unlikely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0854</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 2.40<br />Temporal: 2.20<br />Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 2.40<br />Temporal: 2.20<br />Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 2.40<br />Temporal: 2.20<br />Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0854</td> <td>Matt Graeber of SpecterOps<br>https://specterops.io/<br><br><br></td> </tr> </table><h1 id="CVE-2018-0958">CVE-2018-0958 - Windows Security Feature Bypass Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0958<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0958">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0958">NVD</a></td> <td> <b>CVE Title:</b> Windows Security Feature Bypass Vulnerability <br> <b>Description:</b> <br><p>A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.</p> <p>To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.</p> <p>The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Security Feature Bypass</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0958</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Unknown</td> <td>Unknown</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0958</td> <td>Lee Christensen (@tifkin_) of SpecterOps<br>https://twitter.com/tifkin_,https://www.specterops.io/<br><br><br></td> </tr> </table><h1 id="CVE-2018-0959">CVE-2018-0959 - Hyper-V Remote Code Execution Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0959<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0959">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0959">NVD</a></td> <td> <b>CVE Title:</b> Hyper-V Remote Code Execution Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.</p> <p>An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.</p> <p>The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0959</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093114</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4094079" >4094079 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088827</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4094079" >4094079 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088827</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td><br />4093123</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td><br />4093123</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0959</td> <td>None</td> </tr> </table><h1 id="CVE-2018-0961">CVE-2018-0961 - Hyper-V vSMB Remote Code Execution Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0961<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0961">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0961">NVD</a></td> <td> <b>CVE Title:</b> Hyper-V vSMB Remote Code Execution Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system.</p> <p>To exploit these vulnerabilities, an attacker running inside a virtual machine could run a specially crafted application that could cause the Hyper-V host operating system to execute arbitrary code.</p> <p>The update addresses the vulnerabilities by correcting how Windows Hyper-V validates vSMB packet data.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0961</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Unknown</td> <td>Unknown</td> <td>None</td> <td>Base: 7.60<br />Temporal: 6.80<br />Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0961</td> <td>None</td> </tr> </table><h1 id="CVE-2018-8119">CVE-2018-8119 - Azure IoT SDK Spoofing Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8119<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8119">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8119">NVD</a></td> <td> <b>CVE Title:</b> Azure IoT SDK Spoofing Vulnerability <br> <b>Description:</b> <br><p>A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol. An attacker who successfully exploited this vulnerability could impersonate a server used duing the provisioning process.</p> <p>To exploit this vulnerability, an attacker would need to perform a man-in-the-middle (MitM) attack on the network that provisioning was taking place.</p> <p>This security update addresses the vulnerability by correcting how the AMQP Transport library validates certifcates.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Information Disclosure</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Unlikely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8119</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>C SDK for Azure IoT</td> <td><a href="https://github.com/Azure/azure-iot-sdk-csharp/releases/tag/lts_2018-3-13" >Release Notes (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>C# SDK for Azure IoT</td> <td><a href="https://github.com/Azure/azure-iot-sdk-csharp/releases/tag/lts_2018-3-13" >Release Notes (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Java SDK for Azure IoT</td> <td><a href="https://github.com/Azure/azure-iot-sdk-csharp/releases/tag/lts_2018-3-13" >Release Notes (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8119</td> <td>John Spaith of Azure IoT<br><br><br>Tim Taylor of Azure IoT<br><br><br>Rajeev Vokkarne of Azure IoT<br><br><br>Cristian Pop of Azure IoT<br><br><br></td> </tr> </table><h1 id="CVE-2018-8122">CVE-2018-8122 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8122<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8122">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8122">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8122</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4092946<br />4093118</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4092946<br />4093118</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4092946<br />4093114</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4092946<br />4093114</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093114</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4092946<br />4093118</td> <td>Base: 6.40<br />Temporal: 5.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4092946<br />4093114</td> <td>Base: 6.40<br />Temporal: 5.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 6.40<br />Temporal: 5.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8122</td> <td>Yuki Chen of Qihoo 360 Vulcan Team<br>http://www.360.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8124">CVE-2018-8124 - Win32k Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8124<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8124">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8124">NVD</a></td> <td> <b>CVE Title:</b> Win32k Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how Win32k handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8124</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for Itanium-Based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8124</td> <td>nyaacate of Viettel Cyber Security working with Trend Micro's Zero Day Initiative<br>http://www.zerodayinitiative.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8126">CVE-2018-8126 - Internet Explorer Security Feature Bypass Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8126<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8126">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8126">NVD</a></td> <td> <b>CVE Title:</b> Internet Explorer Security Feature Bypass Vulnerability <br> <b>Description:</b> <br><p>A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UMCI policies.</p> <p>To exploit the vulnerability, a user could either visit a malicious website or an attacker with access to the system could run a specially crafted application. An attacker could then leverage the vulnerability to run unsigned malicious code as though it were signed by a trusted source.</p> <p>The update addresses the vulnerability by correcting how Internet Explorer validates UMCI policies.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Security Feature Bypass</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8126</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Low</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8126</td> <td>Matt Nelson (@enigma0x3) of SpecterOps<br>https://twitter.com/@enigma0x3,https://www.specterops.io/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8127">CVE-2018-8127 - Windows Kernel Information Disclosure Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8127<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8127">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8127">NVD</a></td> <td> <b>CVE Title:</b> Windows Kernel Information Disclosure Vulnerability <br> <b>Description:</b> <br><p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Information Disclosure</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8127</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093111</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093111</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093107</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093107</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093112</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093118</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093118</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093114</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093114</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093114</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093118</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093118</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093118</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093123</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093123</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093114</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td><br />4093114</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093112</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: 4.70<br />Temporal: 4.20<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8127</td> <td>Andrei Vlad Lutas of Bitdefender<br>https://www.bitdefender.com<br><br><br>Rohit Mothe of Project Minus Storm Team, Intel Corp. <br><br><br></td> </tr> </table><h1 id="CVE-2018-8128">CVE-2018-8128 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8128<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8128">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8128">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8128</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8128</td> <td>None</td> </tr> </table><h1 id="CVE-2018-8129">CVE-2018-8129 - Windows Security Feature Bypass Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8129<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8129">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8129">NVD</a></td> <td> <b>CVE Title:</b> Windows Security Feature Bypass Vulnerability <br> <b>Description:</b> <br><p>A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.</p> <p>To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.</p> <p>The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Security Feature Bypass</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8129</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8129</td> <td>Aaron Margosis of Microsoft<br><br><br></td> </tr> </table><h1 id="CVE-2018-8130">CVE-2018-8130 - Chakra Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8130<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8130">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8130">NVD</a></td> <td> <b>CVE Title:</b> Chakra Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8130</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8130</td> <td>None</td> </tr> </table><h1 id="CVE-2018-8132">CVE-2018-8132 - Windows Security Feature Bypass Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8132<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8132">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8132">NVD</a></td> <td> <b>CVE Title:</b> Windows Security Feature Bypass Vulnerability <br> <b>Description:</b> <br><p>A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.</p> <p>To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.</p> <p>The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Security Feature Bypass</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8132</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093111</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093107</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093119</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>4093112</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Security Feature Bypass</td> <td>None</td> <td>Base: 5.30<br />Temporal: 4.80<br />Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8132</td> <td>Alex Bass of Microsoft<br><br><br></td> </tr> </table><h1 id="CVE-2018-8134">CVE-2018-8134 - Windows Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8134<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8134">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8134">NVD</a></td> <td> <b>CVE Title:</b> Windows Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8134</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8134</td> <td>James Forshaw of Google Project Zero<br>http://www.google.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8133">CVE-2018-8133 - Chakra Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8133<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8133">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8133">NVD</a></td> <td> <b>CVE Title:</b> Chakra Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8133</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8133</td> <td>Lokihardt of Google Project Zero<br>https://www.google.com<br><br><br></td> </tr> </table><h1 id="CVE-2018-8136">CVE-2018-8136 - Windows Remote Code Execution Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8136<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8136">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8136">NVD</a></td> <td> <b>CVE Title:</b> Windows Remote Code Execution Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.</p> <p>To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.</p> <p>The security update addresses the vulnerability by correcting how Windows handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published. All versions of Windows Server 2008 are affected but an update is not yet available. This information will be amended and republished when a security update is available.</p> <br></td> <td>Low</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8136</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093114</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2</td> <td></td> <td>Low</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Unknown</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)</td> <td></td> <td>Low</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Unknown</td> </tr> <tr> <td>Windows Server 2008 for Itanium-Based Systems Service Pack 2</td> <td></td> <td>Low</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Unknown</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2</td> <td></td> <td>Low</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Unknown</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)</td> <td></td> <td>Low</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Unknown</td> </tr> <tr> <td>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093123</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093123</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Low</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Low</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 6.50<br />Temporal: 5.90<br />Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8136</td> <td>Kushal Arvind Shah of Fortinet's FortiGuard Labs<br><br><br></td> </tr> </table><h1 id="CVE-2018-8137">CVE-2018-8137 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8137<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8137">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8137">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8137</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8137</td> <td>None</td> </tr> </table><h1 id="CVE-2018-8139">CVE-2018-8139 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8139<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8139">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8139">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8139</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8139</td> <td>Johnathan Norman, Windows & Devices Group - Operating System Security Team<br><br><br></td> </tr> </table><h1 id="CVE-2018-8145">CVE-2018-8145 - Chakra Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8145<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8145">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8145">NVD</a></td> <td> <b>CVE Title:</b> Chakra Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user s computer or data.</p> <p>To exploit the vulnerability, an attacker must know the memory address of where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain functions handle objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Information Disclosure</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Unlikely</td> <td>Exploitation Unlikely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8145</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 10 on Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Low</td> <td>Information Disclosure</td> <td>4092946<br />4093123</td> <td>Base: 2.40<br />Temporal: 2.20<br />Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093111</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093111</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093107</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093107</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093112</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093112</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td>4092946<br />4093118</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td>4092946<br />4093118</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td>4092946<br />4093114</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td>4092946<br />4093114</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093114</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Low</td> <td>Information Disclosure</td> <td>4092946<br />4093118</td> <td>Base: 2.40<br />Temporal: 2.20<br />Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Low</td> <td>Information Disclosure</td> <td>4092946<br />4093114</td> <td>Base: 2.40<br />Temporal: 2.20<br />Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Low</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 2.40<br />Temporal: 2.20<br />Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093111</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093111</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093107</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093107</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093112</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4093112</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Low</td> <td>Information Disclosure</td> <td>4093119</td> <td>Base: 4.30<br />Temporal: 3.90<br />Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8145</td> <td>None</td> </tr> </table><h1 id="CVE-2018-8897">CVE-2018-8897 - Windows Kernel Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8897<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8897">NVD</a></td> <td> <b>CVE Title:</b> Windows Kernel Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p> <br> <b>FAQ:</b><br><p><strong>1. Is there an expected performance impact associated with the update for this vulnerability?</strong></p> <p>No. There is no anticipated performance impact associated with the update for this vulnerability.</p> <p><strong>2. Question: Does this update also require microcode updates that would be provided by a hardware OEM?</strong></p> <p>No. The Windows update fully resolves this vulnerability, and no additional hardware updates are needed.</p> <p><strong>3. Question: Is this vulnerability related to speculative execution side-channel attacks?</strong></p> <p>No. This issue results from the way in which Windows handles some debug exceptions and is unrelated to speculative execution side-channel attacks.</p> <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Unlikely</td> <td>Exploitation Unlikely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8897</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4134651" >4134651 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018556</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4134651" >4134651 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018556</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for Itanium-Based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4134651" >4134651 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018556</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4134651" >4134651 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018556</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4134651" >4134651 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018556</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8897</td> <td>Nick Peterson, Everdox Tech LLCAndy Lutomirski<br>https://www.linkedin.com/in/everdox<br><br><br></td> </tr> </table><h1 id="ADV180008">ADV180008 - May 2018 Adobe Flash Security Update</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>ADV180008<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=ADV180008">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=ADV180008">NVD</a></td> <td> <b>CVE Title:</b> May 2018 Adobe Flash Security Update <br> <b>Description:</b> <br><p>This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin <a href="http://helpx.adobe.com/security/products/flash-player/apsb18-16.html">APSB18-16</a>: CVE-2018-4944. ,</p> <br> <b>FAQ:</b><br><p><strong>How could an attacker exploit these vulnerabilities?</strong> In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p> <p>In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.</p> <br> <b>Mitigations:</b><br> <br> <b>Workarounds:</b><br><p>Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update.</p> <p><strong>Prevent Adobe Flash Player from running</strong> You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry.</p> <p><strong>Warning</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To set the kill bit for the control in the registry, perform the following steps:</p> <ol> <li><p>Paste the following into a text file and save it with the .reg file extension.</p> <pre><code> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}] &quot;Compatibility Flags&quot;=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}] &quot;Compatibility Flags&quot;=dword:00000400 </code></pre> </li> <li><p>Double-click the .reg file to apply it to an individual system.</p> <p>You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.</p> </li> </ol> <p><strong>Note</strong> You must restart Internet Explorer for your changes to take effect. <strong>Impact of workaround</strong>. There is no impact as long as the object is not intended to be used in Internet Explorer. <strong>How to undo the workaround.</strong> Delete the registry keys that were added in implementing this workaround. <strong>Prevent Adobe Flash Player from running in Internet Explorer through Group Policy</strong> <strong>Note</strong> The Group Policy MMC snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For more information about Group Policy, visit the following Microsoft Web sites:</p> <p><a href="https://technet.microsoft.com/library/hh831791">Group Policy Overview</a> <a href="https://technet.microsoft.com/library/cc737816%28v=ws.10%29.aspx">What is Group Policy Object Editor?</a> <a href="https://technet.microsoft.com/library/cc784165%28v=ws.10%29.aspx">Core Group Policy tools and settings</a></p> <p>To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps: <strong>Note</strong> This workaround does not prevent Flash from being invoked from other applications, such as Microsoft Office 2007 or Microsoft Office 2010.</p> <ol> <li>Open the Group Policy Management Console and configure the console to work with the appropriate Group Policy object, such as local machine, OU, or domain GPO.</li> <li>Navigate to the following node: <strong>Administrative Templates -&gt; Windows Components -&gt; Internet Explorer -&gt; Security Features -&gt; Add-on Management</strong></li> <li>Double-click <strong>Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects</strong>.</li> <li>Change the setting to Enabled.</li> <li>Click <strong>Apply</strong> and then click <strong>OK</strong> to return to the Group Policy Management Console.</li> <li>Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval for the settings to take effect. <strong>Prevent Adobe Flash Player from running in Office 2010 on affected systems</strong> <strong>Note</strong> This workaround does not prevent Adobe Flash Player from running in Internet Explorer. <strong>Warning</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.</li> </ol> <p>To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash Player in the registry using the following steps:</p> <ol> <li>Create a text file named Disable_Flash.reg with the following contents:</li> </ol> <pre><code> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}] &quot;Compatibility Flags&quot;=dword:00000400 </code></pre> <ol start="2"> <li>Double-click the .reg file to apply it to an individual system.</li> <li><strong>Note</strong> You must restart Internet Explorer for your changes to take effect. You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, <a href="http://go.microsoft.com/fwlink/?LinkID=215719">Group Policy collection</a>. <strong>Prevent ActiveX controls from running in Office 2007 and Office 2010</strong></li> </ol> <p>To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe Flash Player in Internet Explorer, perform the following steps:</p> <ol> <li>Click File, click Options, click Trust Center, and then click Trust Center Settings.</li> <li>Click ActiveX Settings in the left-hand pane, and then select Disable all controls without notifications.</li> <li>Click OK to save your settings. <strong>Impact of workaround</strong>. Office documents that use embedded ActiveX controls may not display as intended. <strong>How to undo the workaround</strong>.</li> </ol> <p>To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps:</p> <ol> <li>Click File, click Options, click Trust Center, and then click Trust Center Settings.</li> <li>Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without notifications.</li> <li>Click OK to save your settings. <strong>Set Internet and Local intranet security zone settings to &quot;High&quot; to block ActiveX Controls and Active Scripting in these zones</strong> You can help protect against exploitation of these vulnerabilities by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.</li> </ol> <p>To raise the browsing security level in Internet Explorer, perform the following steps:</p> <ol> <li>On the Internet Explorer <strong>Tools</strong> menu, click** Internet Option**s.</li> <li>In the <strong>Internet Options</strong> dialog box, click the <strong>Security</strong> tab, and then click <strong>Internet</strong>.</li> <li>Under <strong>Security level for this zone</strong>, move the slider to <strong>High</strong>. This sets the security level for all websites you visit to High.</li> <li>Click <strong>Local intranet</strong>.</li> <li>Under <strong>Security level for this zone</strong>, move the slider to <strong>High</strong>. This sets the security level for all websites you visit to High.</li> <li>Click <strong>OK</strong> to accept the changes and return to Internet Explorer. <strong>Note</strong> If no slider is visible, click <strong>Default Level</strong>, and then move the slider to <strong>High</strong>. <strong>Note</strong> Setting the level to High may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High. <strong>Impact of workaround</strong>. There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in &quot;Add sites that you trust to the Internet Explorer Trusted sites zone&quot;. <strong>Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone</strong></li> </ol> <p>You can help protect against exploitation of these vulnerabilities by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:</p> <ol> <li>In Internet Explorer, click <strong>Internet Options</strong> on the <strong>Tools</strong> menu.</li> <li>Click the <strong>Security</strong> tab.</li> <li>Click <strong>Internet</strong>, and then click <strong>Custom Level</strong>.</li> <li>Under <strong>Settings</strong>, in the <strong>Scripting</strong> section, under <strong>Active Scripting</strong>, click <strong>Prompt</strong> or <strong>Disable</strong>, and then click <strong>OK</strong>.</li> <li>Click <strong>Local intranet</strong>, and then click <strong>Custom Level</strong>.</li> <li>Under <strong>Settings</strong>, in the <strong>Scripting</strong> section, under <strong>Active Scripting</strong>, click <strong>Prompt</strong> or <strong>Disable</strong>, and then click <strong>OK</strong>.</li> <li>Click <strong>OK</strong> to return to Internet Explorer, and then click <strong>OK</strong> again. <strong>Note</strong> Disabling Active Scripting in the Internet and Local intranet security zones may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly. <strong>Impact of workaround</strong>. There are side effects to prompting before running Active Scripting. Many websites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click <strong>Yes</strong> to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in &quot;Add sites that you trust to the Internet Explorer Trusted sites zone&quot;. <strong>Add sites that you trust to the Internet Explorer Trusted sites zone</strong> After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.</li> </ol> <p>To do this, perform the following steps:</p> <ol> <li>In Internet Explorer, click <strong>Tools</strong>, click <strong>Internet Options</strong>, and then click the <strong>Security</strong> tab.</li> <li>In the <strong>Select a web content zone to specify its current security settings</strong> box, click <strong>Trusted Sites</strong>, and then click <strong>Sites</strong>.</li> <li>If you want to add sites that do not require an encrypted channel, click to clear the <strong>Require server verification (https:) for all sites in this zone</strong> check box.</li> <li>In the <strong>Add this website to the zone</strong> box, type the URL of a site that you trust, and then click <strong>Add</strong>.</li> <li>Repeat these steps for each site that you want to add to the zone.</li> <li>Click <strong>OK</strong> two times to accept the changes and return to Internet Explorer. <strong>Note</strong> Add any sites that you trust not to take malicious action on your system. Two sites in particular that you may want to add are *<strong>.windowsupdate.microsoft.com</strong> and *<strong>.update.microsoft.com</strong>. These are the sites that will host the update, and they require an ActiveX control to install the update.</li> </ol> <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Not Found</td> <td>Not Found</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>ADV180008</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Adobe Flash Player on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows RT 8.1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> <tr> <td>Adobe Flash Player on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103729" >4103729 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4088785</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>ADV180008</td> <td>None</td> </tr> </table><h1 id="CVE-2018-8151">CVE-2018-8151 - Microsoft Exchange Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8151<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8151">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8151">NVD</a></td> <td> <b>CVE Title:</b> Microsoft Exchange Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the remote system.</p> <p>To exploit the vulnerability, an attacker would send a specially-crafted email to an affected Exchange Server.</p> <p>The security update addresses the vulnerability by modifying how Microsoft Exchange handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Information Disclosure</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8151</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=f2c20ab1-3c99-4224-829f-cd8d8ae55031" >4091243 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4073537</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2013 Cumulative Update 19</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=2b2cf7bd-a14b-4513-8aaa-e7d1beef9482" >4092041 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4073392</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2013 Cumulative Update 20</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=59e87632-8ac1-4a70-85eb-dd8cc3d54066" >4092041 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2013 Service Pack 1</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=faff77cb-7532-40cf-ad6d-f43b06d7373c" >4092041 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4073392</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2016 Cumulative Update 8</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=909e04bb-5ae5-498d-9c9b-545f78a20aeb" >4092041 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4073392</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2016 Cumulative Update 9</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d39c23d1-8e6b-4e25-8e05-5d8487b0194f" >4092041 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8151</td> <td>Nicolas Joly of Microsoft Corporation<br>https://twitter.com/n_joly<br><br><br></td> </tr> </table><h1 id="CVE-2018-8152">CVE-2018-8152 - Microsoft Exchange Server Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8152<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8152">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8152">NVD</a></td> <td> <b>CVE Title:</b> Microsoft Exchange Server Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.</p> <p>To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.</p> <p>Note: In order to exploit this vulnerability, a user must click a maliciously crafted link from an attacker.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8152</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Exchange Server 2016 Cumulative Update 8</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=909e04bb-5ae5-498d-9c9b-545f78a20aeb" >4092041 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4073392</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2016 Cumulative Update 9</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d39c23d1-8e6b-4e25-8e05-5d8487b0194f" >4092041 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8152</td> <td>Mohamed El Azaar<br><br><br></td> </tr> </table><h1 id="CVE-2018-8154">CVE-2018-8154 - Microsoft Exchange Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8154<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8154">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8154">NVD</a></td> <td> <b>CVE Title:</b> Microsoft Exchange Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.</p> <p>Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8154</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=f2c20ab1-3c99-4224-829f-cd8d8ae55031" >4091243 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4073537</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2013 Cumulative Update 19</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=2b2cf7bd-a14b-4513-8aaa-e7d1beef9482" >4092041 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4073392</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2013 Cumulative Update 20</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=59e87632-8ac1-4a70-85eb-dd8cc3d54066" >4092041 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2013 Service Pack 1</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=faff77cb-7532-40cf-ad6d-f43b06d7373c" >4092041 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4073392</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2016 Cumulative Update 8</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=909e04bb-5ae5-498d-9c9b-545f78a20aeb" >4092041 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4073392</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Exchange Server 2016 Cumulative Update 9</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d39c23d1-8e6b-4e25-8e05-5d8487b0194f" >4092041 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8154</td> <td>Nicolas Joly of Microsoft Corporation<br>https://twitter.com/n_joly<br><br><br></td> </tr> </table><h1 id="CVE-2018-8155">CVE-2018-8155 - Microsoft SharePoint Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8155<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8155">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8155">NVD</a></td> <td> <b>CVE Title:</b> Microsoft SharePoint Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8155</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft SharePoint Enterprise Server 2016</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=8af3ae77-78f7-4b56-b4ee-0bf7f7064117" >4018381 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018336</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft SharePoint Foundation 2013 Service Pack 1</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=53058629-8f89-4f56-ab64-78cff773d667" >4018398 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018304</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8155</td> <td>Ashar Javed of Hyundai AutoEver Europe GmbH<br>https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8156">CVE-2018-8156 - Microsoft SharePoint Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8156<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8156">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8156">NVD</a></td> <td> <b>CVE Title:</b> Microsoft SharePoint Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8156</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Project Server 2010 Service Pack 2</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=9ba66389-6948-4b52-8477-81a07dfbb8a5" >3114889 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>2965302</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Project Server 2013 Service Pack 1</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=3cb0e2f5-0cad-4424-ae5b-c246ba1fbf55" >4022130 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018305</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft SharePoint Enterprise Server 2016</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=8af3ae77-78f7-4b56-b4ee-0bf7f7064117" >4018381 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018336</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8156</td> <td>Ashar Javed of Hyundai AutoEver Europe GmbH<br>https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8160">CVE-2018-8160 - Microsoft Outlook Information Disclosure Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8160<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8160">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8160">NVD</a></td> <td> <b>CVE Title:</b> Microsoft Outlook Information Disclosure Vulnerability <br> <b>Description:</b> <br><p>An information disclosure vulnerability exists in Outlook when a message is opened. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.</p> <p>To exploit the vulnerability, an attacker would have to send a malicious email to a user and convince the user to open the email. A connection to a remote SMB server could then be automatically initiated, enabling the attacker to brute-force attack the corresponding NTLM challenge and response in order to disclose the corresponding hash password. Depending on the URL contained in the malicious email, Outlook could fall back to initating a web request to a remote server, disclosing the the external IP of the user's system.</p> <p>The security update addresses the vulnerability by correcting how Outlook processes embedded URLs.</p> <br> <b>FAQ:</b><br><p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong></p> <p>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p> <p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Information Disclosure</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>N/A</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8160</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Office 2010 Service Pack 2 (32-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=a82fcc5d-046c-4858-be7b-6de1d95062e7" >4022137 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018311</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Office 2010 Service Pack 2 (64-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=7bfe5672-f131-4206-a368-e83e45f4d890" >4022137 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018311</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Office Compatibility Pack Service Pack 3</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=0ca0c5c8-036c-408f-a083-d2ddc26702d9" >4018308 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4011715</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Office Web Apps Server 2010 Service Pack 2</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=3d97c427-d685-4028-bd20-2156be83b490" >4022142 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018360</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=e5f4ce13-b890-4119-a5b6-2ef90a6a8616" >4022135 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018356</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8160</td> <td>Jens Mller of Ruhr-University Bochum<br>http://www.nds.rub.de/chair/people/jmueller/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8161">CVE-2018-8161 - Microsoft Office Remote Code Execution Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8161<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8161">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8161">NVD</a></td> <td> <b>CVE Title:</b> Microsoft Office Remote Code Execution Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.</p> <br> <b>FAQ:</b><br><p><strong>I have Microsoft Word 2010 installed. Why am I not being offered the 4022139 update?</strong> The 4022139 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.</p> <p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong> When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p> <p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8161</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Office 2010 Service Pack 2 (32-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=28df0ab0-d164-4fff-be57-4aa66ba3af2e" >4022139 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018357</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Office 2010 Service Pack 2 (64-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=3bdece1c-e13d-48ae-9c39-1d3447f1b342" >4022139 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018357</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Office Web Apps 2010 Service Pack 2</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=3d97c427-d685-4028-bd20-2156be83b490" >4022142 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018360</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Office Web Apps Server 2013 Service Pack 1</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=b1f706d8-6980-4ce6-8fd1-d0ae3c3d68bc" >4018393 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018344</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft SharePoint Enterprise Server 2016</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=8af3ae77-78f7-4b56-b4ee-0bf7f7064117" >4018381 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018336</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Word 2010 Service Pack 2 (32-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=745950a8-ab18-4821-92f7-2b0f13edbd89" >4022141 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018359</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Word 2010 Service Pack 2 (64-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=75ae455d-7a0c-477e-ac0d-4b8e824888a5" >4022141 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018359</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Word 2013 RT Service Pack 1</td> <td><a href="" >4018396 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018347</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Word 2013 Service Pack 1 (32-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=f7e759af-f368-4c13-bd55-fcc6792c6292" >4018396 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018347</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Word 2013 Service Pack 1 (64-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=26303af5-c7f7-475b-827c-52d1944910c6" >4018396 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018347</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Word 2016 (32-bit edition)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=9e0fcf8b-d6e2-49cc-93b9-9c01c9252207" >4018383 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018339</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Word 2016 (64-bit edition)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=6bfb17b5-df03-4b40-90ae-8f3d9bfad9fe" >4018383 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018339</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=e5f4ce13-b890-4119-a5b6-2ef90a6a8616" >4022135 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018356</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=7f458e8d-fa2b-4f50-b26e-898ef675168f" >4018388 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018341</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8161</td> <td>Jens Mller of Ruhr-University Bochum<br>http://www.nds.rub.de/chair/people/jmueller/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8162">CVE-2018-8162 - Microsoft Excel Remote Code Execution Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8162<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8162">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8162">NVD</a></td> <td> <b>CVE Title:</b> Microsoft Excel Remote Code Execution Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p> <br> <b>FAQ:</b><br><p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong></p> <p>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p> <p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8162</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Excel 2010 Service Pack 2 (32-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=dddca56c-39d7-49f8-8f56-694d7ea2b394" >4022146 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018362</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2010 Service Pack 2 (64-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=efa8bfda-023d-43be-8a93-d0ac0f55c01a" >4022146 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018362</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2013 RT Service Pack 1</td> <td><a href="" >4018399 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018350</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2013 Service Pack 1 (32-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d41ad60e-7f92-49dd-9e3a-affedc0ea38f" >4018399 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018350</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2013 Service Pack 1 (64-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d391567c-84dc-4e9c-ac5f-48dc8810d9d9" >4018399 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018350</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2016 (32-bit edition)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d39e619f-fda5-45e5-a917-9fd02d56836b" >4018382 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018337</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2016 (64-bit edition)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=6ecded07-a073-434c-adfa-a809475bb0c0" >4018382 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4018337</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions</td> <td><a href="" >Click to Run (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>No</td> </tr> <tr> <td>Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions</td> <td><a href="" >Click to Run (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>No</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8162</td> <td>Omair working with Trend Micro's Zero Day Initiative<br>http://www.zerodayinitiative.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8163">CVE-2018-8163 - Microsoft Excel Information Disclosure Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8163<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8163">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8163">NVD</a></td> <td> <b>CVE Title:</b> Microsoft Excel Information Disclosure Vulnerability <br> <b>Description:</b> <br><p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user s computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p> <br> <b>FAQ:</b><br><p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong></p> <p>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p> <p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Information Disclosure</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8163</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Excel 2010 Service Pack 2 (32-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=dddca56c-39d7-49f8-8f56-694d7ea2b394" >4022146 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018362</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2010 Service Pack 2 (64-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=efa8bfda-023d-43be-8a93-d0ac0f55c01a" >4022146 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018362</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2013 RT Service Pack 1</td> <td><a href="" >4018399 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018350</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2013 Service Pack 1 (32-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d41ad60e-7f92-49dd-9e3a-affedc0ea38f" >4018399 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018350</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2013 Service Pack 1 (64-bit editions)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d391567c-84dc-4e9c-ac5f-48dc8810d9d9" >4018399 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018350</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2016 (32-bit edition)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=d39e619f-fda5-45e5-a917-9fd02d56836b" >4018382 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018337</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Excel 2016 (64-bit edition)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=6ecded07-a073-434c-adfa-a809475bb0c0" >4018382 (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>4018337</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions</td> <td><a href="" >Click to Run (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>No</td> </tr> <tr> <td>Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions</td> <td><a href="" >Click to Run (Security Update)</td> <td>Important</td> <td>Information Disclosure</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>No</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8163</td> <td>Omair working with Trend Micro's Zero Day Initiative<br>http://www.zerodayinitiative.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8164">CVE-2018-8164 - Win32k Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8164<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8164">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8164">NVD</a></td> <td> <b>CVE Title:</b> Win32k Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how Win32k handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8164</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for Itanium-Based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8164</td> <td>Richard Zhu (fluorescence), working with Trend Micro's Zero Day Initiative<br>http://www.zerodayinitiative.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8165">CVE-2018-8165 - DirectX Graphics Kernel Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8165<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8165">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8165">NVD</a></td> <td> <b>CVE Title:</b> DirectX Graphics Kernel Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how DXGKRNL handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8165</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8165</td> <td>Richard Zhu (fluorescence), working with Trend Micro's Zero Day Initiative<br>http://www.zerodayinitiative.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8166">CVE-2018-8166 - Win32k Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8166<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8166">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8166">NVD</a></td> <td> <b>CVE Title:</b> Win32k Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how Win32k handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8166</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for Itanium-Based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4131188" >4131188 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093224</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.30<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8166</td> <td>guangmingliu of Tencent ZhanluLab <br>http://slab.qq.com/zhanlu.html<br><br><br>RanchoIce of Tencent ZhanluLab <br>https://twitter.com/zhanlulab/,http://slab.qq.com/zhanlu.html<br><br><br></td> </tr> </table><h1 id="CVE-2018-8167">CVE-2018-8167 - Windows Common Log File System Driver Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8167<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8167">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8167">NVD</a></td> <td> <b>CVE Title:</b> Windows Common Log File System Driver Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8167</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093111</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093107</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093114</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4130944" >4130944 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4073079</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4130944" >4130944 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4073079</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for Itanium-Based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4130944" >4130944 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4073079</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4130944" >4130944 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4073079</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4130944" >4130944 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4073079</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093118</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093123</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Elevation of Privilege</td> <td><br />4093114</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093119</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4093112</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: 7.00<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8167</td> <td>bear13oy of DBAPPSecurity Co., Ltd<br>https://twitter.com/bear13oy, http://www.dbappsecurity.com/ <br><br><br></td> </tr> </table><h1 id="CVE-2018-8168">CVE-2018-8168 - Microsoft SharePoint Elevation of Privilege Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8168<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8168">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8168">NVD</a></td> <td> <b>CVE Title:</b> Microsoft SharePoint Elevation of Privilege Vulnerability <br> <b>Description:</b> <br><p>An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>N/A</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8168</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft SharePoint Enterprise Server 2013 Service Pack 1</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=1934b00d-623d-48ae-8ee2-539b944de0f9" >4018390 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4018342</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft SharePoint Server 2010 Service Pack 2</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=9e1a0496-75d1-495a-8ef0-bf5b20658b46" >4022145 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>4011712</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8168</td> <td>Ashar Javed of Hyundai AutoEver Europe GmbH<br>https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/<br><br><br></td> </tr> </table><h1 id="CVE-2018-8173">CVE-2018-8173 - Microsoft InfoPath Remote Code Execution Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8173<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8173">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8173">NVD</a></td> <td> <b>CVE Title:</b> Microsoft InfoPath Remote Code Execution Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft InfoPath. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft InfoPath handles objects in memory. By default, when a user opens an InfoPath form, a dialog box will appear informing the user that code will be running if they choose to open the form.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Elevation of Privilege</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>N/A</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8173</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Infopath 2013 Service Pack 1 (32-bit edition)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=05b5c97f-103d-437e-9a1d-7918b90e940f" >3162075 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> <tr> <td>Microsoft Infopath 2013 Service Pack 1 (64-bit edition)</td> <td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=042a4f41-acb4-4784-b822-e41b0438fb40" >3162075 (Security Update)</td> <td>Important</td> <td>Elevation of Privilege</td> <td>None</td> <td>Base: N/A<br />Temporal: N/A<br />Vector: N/A<br /></td> <td>Maybe</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8173</td> <td>None</td> </tr> </table><h1 id="CVE-2018-8177">CVE-2018-8177 - Chakra Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-8177<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8177">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8177">NVD</a></td> <td> <b>CVE Title:</b> Chakra Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-8177</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-8177</td> <td>None</td> </tr> </table><h1 id="CVE-2018-0824">CVE-2018-0824 - Microsoft COM for Windows Remote Code Execution Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0824<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0824">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0824">NVD</a></td> <td> <b>CVE Title:</b> Microsoft COM for Windows Remote Code Execution Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in &quot;Microsoft COM for Windows&quot; when it fails to properly handle serialized objects.</p> <p>An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how &quot;Microsoft COM for Windows&quot; handles serialized objects.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Important</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation Less Likely</td> <td>Exploitation Less Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0824</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for 32-bit Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 7 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for 32-bit systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows 8.1 for x64-based systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows RT 8.1</td> <td><a href="" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093114</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4101477" >4101477 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>3108381</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4101477" >4101477 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>3108381</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for Itanium-Based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4101477" >4101477 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>3108381</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4101477" >4101477 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>3108381</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4101477" >4101477 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>3108381</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103712" >4103712 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103718" >4103718 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093118</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093123</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103726" >4103726 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093123</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2012 R2 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103715" >4103715 (Security Only)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103725" >4103725 (Monthly Rollup)</td> <td>Important</td> <td>Remote Code Execution</td> <td><br />4093114</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server 2016 (Server Core installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1709 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Windows Server, version 1803 (Server Core Installation)</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Important</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 7.50<br />Temporal: 6.70<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0824</td> <td>Nicolas Joly of MSRCE UK<br><br><br></td> </tr> </table><h1 id="CVE-2018-0943">CVE-2018-0943 - Chakra Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0943<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0943">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0943">NVD</a></td> <td> <b>CVE Title:</b> Chakra Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0943</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0943</td> <td>None</td> </tr> </table><h1 id="CVE-2018-0945">CVE-2018-0945 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0945<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0945">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0945">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0945</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0945</td> <td>Johnathan Norman, Windows & Devices Group - Operating System Security Team<br><br><br></td> </tr> </table><h1 id="CVE-2018-0946">CVE-2018-0946 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0946<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0946">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0946">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0946</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0946</td> <td>Lokihardt of Google Project Zero<br>https://www.google.com<br><br><br></td> </tr> </table><h1 id="CVE-2018-0951">CVE-2018-0951 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0951<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0951">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0951">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0951</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0951</td> <td>Yuki Chen of Qihoo 360 Vulcan Team<br>http://www.360.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-0953">CVE-2018-0953 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0953<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0953">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0953">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Moderate</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>N/A</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0953</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Microsoft Edge on Windows Server 2016</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> </table> <br><h2>Acknowledgements</h2> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Acknowledgements</b></td> </tr> </thead> <tr> <td>CVE-2018-0953</td> <td>Lokihardt of Google Project Zero<br>https://www.google.com<br><br><br>Yuki Chen of Qihoo 360 Vulcan Team<br>http://www.360.com/<br><br><br></td> </tr> </table><h1 id="CVE-2018-0954">CVE-2018-0954 - Scripting Engine Memory Corruption Vulnerability</h1> (<a href="#top">top</a>)<table id="execHeader" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>CVE ID</b></td> <td><b>Vulnerability Description</b></td> <td><b>Maximum Severity Rating</b></td> <td><b>Vulnerability Impact</b></td> </tr> </thead> <tr> <td>CVE-2018-0954<br><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0954">MITRE</a><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0954">NVD</a></td> <td> <b>CVE Title:</b> Scripting Engine Memory Corruption Vulnerability <br> <b>Description:</b> <br><p>A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> <br> <b>FAQ:</b><br>None <br> <b>Mitigations:</b><br>None <br> <b>Workarounds:</b><br>None <br> <b>Revision:</b><br>1.0&nbsp&nbsp&nbsp&nbsp2018-05-08T07:00:00&nbsp&nbsp&nbsp&nbsp<p>Information published.</p> <br></td> <td>Critical</td> <td>Remote Code Execution</td> </tr> </table> <h2>Exploitability Index</h2> <p>The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.</p> <table border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td><b>Exploitability Assessment for Latest Software Release</b></td> <td><b>Exploitability Assessment for Older Software Release</b></td> <td><b>Denial of Service Exploitability Assessment</b></td> <td><b>Publicly Disclosed</b></td> <td><b>Exploited</b></td> </tr> </thead> <tr> <td>Exploitation More Likely</td> <td>Exploitation More Likely</td> <td>Not Applicable</td> <td>No</td> <td>No</td> </tr> </table><h2>Affected Software</h2> <p>The following tables list the affected software details for the vulnerability.</p><table class="affected_software" border=1 cellpadding=0 width="99%"> <thead style="background-color: #ededed"> <tr> <td colspan="7"><b>CVE-2018-0954</b></td> </tr> </thead> <tr> <td><b>Product</b></td> <td><b>KB Article</b></td> <td><b>Severity</b></td> <td><b>Impact</b></td> <td><b>Supersedence</b></td> <td><b>CVSS Score Set</b></td> <td><b>Restart Required</b></td> </tr> <tr> <td>ChakraCore</td> <td><a href="https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.4" >Commit (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 10 on Windows Server 2012</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103768" >4103768 (IE Cumulative)<br /><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103730" >4103730 (Monthly Rollup)</td> <td>Moderate</td> <td>Remote Code Execution</td> <td>4092946<br />4093123</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103716" >4103716 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093111</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103723" >4103723 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093119</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103731" >4103731 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093107</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103727" >4103727 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>4093112</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C<br /></td> <td>Yes</td> </tr> <tr> <td>Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems</td> <td><a href="https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4103721" >4103721 (Security Update)</td> <td>Critical</td> <td>Remote Code Execution</td> <td>None</td> <td>Base: 4.20<br />Temporal: 3.80<br />Vector: CVSS:3.