Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
Azure CVE-2018-8531 Azure IoT Device Client SDK Memory Corruption Vulnerability
Device Guard CVE-2018-8492 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Internet Explorer CVE-2018-8460 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2018-8491 Internet Explorer Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8473 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8512 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2018-8530 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2018-8509 Microsoft Edge Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2010-3190 MFC Insecure Library Loading Vulnerability
Microsoft Exchange Server CVE-2018-8448 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2018-8265 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-8486 DirectX Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-8484 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8453 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8472 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability
Microsoft Office ADV180026 Microsoft Office Defense in Depth Update
Microsoft Office CVE-2018-8501 Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8427 Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft Office CVE-2018-8504 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8502 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8432 Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2018-8498 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8480 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8488 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8518 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting Engine CVE-2018-8511 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8500 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8505 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8503 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8510 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8513 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-8411 NTFS Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft Windows CVE-2018-8493 Windows TCP/IP Information Disclosure Vulnerability
Microsoft Windows CVE-2018-8506 Microsoft Windows Codecs Library Information Disclosure Vulnerability
Microsoft Windows DNS CVE-2018-8320 Windows DNS Security Feature Bypass Vulnerability
Microsoft XML Core Services CVE-2018-8494 MS XML Remote Code Execution Vulnerability
SQL Server CVE-2018-8527 SQL Server Management Studio Information Disclosure Vulnerability
SQL Server CVE-2018-8532 SQL Server Management Studio Information Disclosure Vulnerability
SQL Server CVE-2018-8533 SQL Server Management Studio Information Disclosure Vulnerability
Windows - Linux CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability
Windows Hyper-V CVE-2018-8489 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2018-8490 Windows Hyper-V Remote Code Execution Vulnerability
Windows Kernel CVE-2018-8330 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8497 Windows Kernel Elevation of Privilege Vulnerability
Windows Media Player CVE-2018-8482 Windows Media Player Information Disclosure Vulnerability
Windows Media Player CVE-2018-8481 Windows Media Player Information Disclosure Vulnerability
Windows Shell CVE-2018-8413 Windows Theme API Remote Code Execution Vulnerability
Windows Shell CVE-2018-8495 Windows Shell Remote Code Execution Vulnerability

CVE-2018-8320 - Windows DNS Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8320
MITRE
NVD
CVE Title: Windows DNS Security Feature Bypass Vulnerability
Description:

A security feature bypass vulnerability exists in DNS Global Blocklist feature.

An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints.

The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8320
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Security Feature Bypass 4457131 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Security Feature Bypass 4457131 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Security Feature Bypass 4457128 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Security Feature Bypass 4457128 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Security Feature Bypass None Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Security Feature Bypass None Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Security Feature Bypass 4458010
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Security Feature Bypass 4458010
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Security Feature Bypass
4458010
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Security Feature Bypass 4458010
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Security Feature Bypass 4458010
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Security Feature Bypass
4457144
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Security Feature Bypass
4457144
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Security Feature Bypass
4457144
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Security Feature Bypass
4457135
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Security Feature Bypass
4457135
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Security Feature Bypass 4457129
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Security Feature Bypass 4457129
Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 4462917 (Security Update) Important Security Feature Bypass 4457131 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Security Feature Bypass 4457131 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 4464330 (Security Update) Important Security Feature Bypass None Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Security Feature Bypass None Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Security Feature Bypass 4457128 Base: 4.30
Temporal: 4.30
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8320 Kevin Robertson of NetSPI
https://www.netspi.com/


CVE-2018-8329 - Linux On Windows Elevation Of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8329
MITRE
NVD
CVE Title: Linux On Windows Elevation Of Privilege Vulnerability
Description:

An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit the vulnerability, an attacker would first have to log on to a target system and then run a specially crafted application.

The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8329
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8329 Anthony LAOU HINE TSUEI of Tencent Keen Security Lab​
https://twitter.com/anarcheuz,https://keenlab.tencent.com/en/


CVE-2018-8330 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8330
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8330
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Information Disclosure
4457129
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Information Disclosure 4457129 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Information Disclosure
4458010
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8330 Ruibo Liu of Baidu XLab Tianya Team
http://xlab.baidu.com


CVE-2018-8333 - Microsoft Filter Manager Elevation Of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8333
MITRE
NVD
CVE Title: Microsoft Filter Manager Elevation Of Privilege Vulnerability
Description:

An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit the vulnerability, an attacker would first have to log on to a target system and then delete a specially crafted file.

The security update addresses the vulnerability by correcting how Filter Manager handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8333
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Elevation of Privilege 4457132 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Elevation of Privilege 4457132 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Elevation of Privilege
4457129
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Elevation of Privilege 4457129 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Elevation of Privilege
4458010
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Elevation of Privilege
4457135
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Elevation of Privilege
4457135
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2016 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2019 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8333 Anonymous working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8411 - NTFS Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8411
MITRE
NVD
CVE Title: NTFS Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how NTFS checks access.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8411
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Elevation of Privilege 4457132 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Elevation of Privilege 4457132 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Elevation of Privilege
4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Elevation of Privilege 4457129 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Elevation of Privilege
4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Elevation of Privilege
4457135
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Elevation of Privilege
4457135
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8411 James Forshaw of Google Project Zero
http://www.google.com/


CVE-2018-8413 - Windows Theme API Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8413
MITRE
NVD
CVE Title: Windows Theme API Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files.

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, a victim user must open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by helping to ensure that "Windows Theme API" properly decompresses files.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8413
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Remote Code Execution 4457132 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Remote Code Execution 4457132 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Remote Code Execution 4457138 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Remote Code Execution 4457138 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Remote Code Execution None Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Remote Code Execution None Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Remote Code Execution
4457129
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Remote Code Execution 4457129
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Remote Code Execution 4457129 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Remote Code Execution
4457135
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Remote Code Execution
4457135
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Remote Code Execution 4457129
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Remote Code Execution 4457129
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Remote Code Execution None Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Remote Code Execution None Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8413 Eduardo Braun Prado working with iDefense Labs


CVE-2018-8432 - Microsoft Graphics Components Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8432
MITRE
NVD
CVE Title: Microsoft Graphics Components Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.

To exploit the vulnerability, a user would have to open a specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.


FAQ:

What is Office 365 ProPlus?

Office 365 ProPlus is the same product formerly be referred to as Microsoft Office 2016 Click-to-Run (C2R). The name has been updated in this guide to reflect Microsoft’s branding.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8432
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel Viewer 2007 Service Pack 3 4092444 (Security Update) Important Remote Code Execution 4011202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Unknown
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4092444 (Security Update) Important Remote Code Execution 4011202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Word Viewer 4092464 (Security Update) Important Remote Code Execution 4032214 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint Viewer 2007 4092444 (Security Update) Important Remote Code Execution 4011202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Remote Code Execution None Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Remote Code Execution None Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Remote Code Execution 4458010
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Remote Code Execution 4458010
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Remote Code Execution
4458010
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Remote Code Execution 4458010
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Remote Code Execution 4458010
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Remote Code Execution None Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Remote Code Execution None Base: 5.00
Temporal: 4.50
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8432 Lin Wang of Beihang University


CVE-2018-8453 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8453
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation Detected Not Applicable No Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8453
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Elevation of Privilege 4457132 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Elevation of Privilege 4457132 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Elevation of Privilege
4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Elevation of Privilege 4457129 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Elevation of Privilege
4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Elevation of Privilege 4458010
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Elevation of Privilege
4457144
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Elevation of Privilege
4457135
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Elevation of Privilege
4457135
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8453 Kaspersky Lab
https://www.kaspersky.com/


CVE-2018-8473 - Microsoft Edge Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8473
MITRE
NVD
CVE Title: Microsoft Edge Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.

The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8473
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8473 None

CVE-2018-8480 - Microsoft SharePoint Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8480
MITRE
NVD
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8480
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4461447 (Security Update) Important Elevation of Privilege 4092459 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8480 Ashar Javed of Hyundai AutoEver Europe GmbH
https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/


CVE-2018-8481 - Windows Media Player Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8481
MITRE
NVD
CVE Title: Windows Media Player Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk.

To exploit the vulnerability, a user would have to open a specially crafted hyperlink.

The update addresses the vulnerability by changing the way Windows Media Player discloses file information.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8481
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Information Disclosure None Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Information Disclosure None Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Information Disclosure
4457129
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Information Disclosure 4457129 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Information Disclosure
4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 4462917 (Security Update) Important Information Disclosure 4457131 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Information Disclosure 4457131 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 4464330 (Security Update) Important Information Disclosure None Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Information Disclosure None Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8481 James Lee @Windowsrcer of Kryptos Logic
https://twitter.com/Windowsrcer,https://kryptoslogic.com


CVE-2018-8482 - Windows Media Player Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8482
MITRE
NVD
CVE Title: Windows Media Player Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk.

To exploit the vulnerability, a user would have to open a specially crafted hyperlink.

The update addresses the vulnerability by changing the way Windows Media Player discloses file information.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8482
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Information Disclosure None Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Information Disclosure None Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Information Disclosure
4457129
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Information Disclosure 4457129 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Information Disclosure
4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 4462917 (Security Update) Important Information Disclosure 4457131 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Information Disclosure 4457131 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 4464330 (Security Update) Important Information Disclosure None Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Information Disclosure None Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.50
Temporal: 3.50
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8482 James Lee @Windowsrcer of Kryptos Logic
https://twitter.com/Windowsrcer,https://kryptoslogic.com


CVE-2018-8484 - DirectX Graphics Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8484
MITRE
NVD
CVE Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how DXGKRNL handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8484
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Elevation of Privilege 4457132 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Elevation of Privilege 4457132 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Elevation of Privilege
4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Elevation of Privilege 4457129 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Elevation of Privilege
4457135
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Elevation of Privilege
4457135
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Elevation of Privilege 4457129
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8484 Communications Security Establishment
https://www.cse-cst.gc.ca/


CVE-2018-8486 - DirectX Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8486
MITRE
NVD
CVE Title: DirectX Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

An authenticated attacker could exploit this vulnerability by running a specially crafted application.

The update addresses the vulnerability by correcting how DirectX handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8486
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Information Disclosure
4457129
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Information Disclosure 4457129 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Information Disclosure
4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8486 Ruibo Liu of Baidu XLab Tianya Team
http://xlab.baidu.com


CVE-2018-8488 - Microsoft SharePoint Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8488
MITRE
NVD
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8488
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4461450 (Security Update) Important Elevation of Privilege 4092470 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4461447 (Security Update) Important Elevation of Privilege 4092459 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8488 Ashar Javed of Hyundai AutoEver Europe GmbH
https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/


CVE-2018-8506 - Microsoft Windows Codecs Library Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8506
MITRE
NVD
CVE Title: Microsoft Windows Codecs Library Information Disclosure Vulnerability
Description:

An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Exploitation of the vulnerability requires that a program process a specially crafted image file.

The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8506
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Information Disclosure None Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Information Disclosure None Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 4464330 (Security Update) Important Information Disclosure None Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Information Disclosure None Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Information Disclosure 4457142 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Information Disclosure 4457128 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8506 Discovered by Marcin ‘Icewall’ Noga of Cisco Talos​
http://talosintelligence.com/vulnerability-reports/


CVE-2018-8518 - Microsoft SharePoint Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8518
MITRE
NVD
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8518
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4461450 (Security Update) Important Elevation of Privilege 4092470 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4461447 (Security Update) Important Elevation of Privilege 4092459 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8518 Ashar Javed of Hyundai AutoEver Europe GmbH
https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/


CVE-2018-8423 - Microsoft JET Database Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8423
MITRE
NVD
CVE Title: Microsoft JET Database Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in the Microsoft JET Database Engine.

An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, a user must open/import a specially crafted Microsoft JET Database Engine file. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user, and then convince the user to open the file.

The security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8423
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Remote Code Execution 4457132 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Remote Code Execution 4457132 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Remote Code Execution 4457138 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Remote Code Execution 4457138 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Remote Code Execution
4457129
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Remote Code Execution 4457129
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Remote Code Execution 4457129 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Remote Code Execution 4458010
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Remote Code Execution 4458010
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Remote Code Execution
4458010
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Remote Code Execution 4458010
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Remote Code Execution 4458010
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Remote Code Execution
4457144
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Remote Code Execution
4457135
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Remote Code Execution
4457135
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Remote Code Execution 4457129
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Remote Code Execution 4457129
Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Remote Code Execution None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8423 Lucas Leong (@wmliang) working with Trend Micro's Zero Day Initiative
https://twitter.com/_wmliang_,http://www.zerodayinitiative.com/


Steven Seeley (mr_me) of Source Incite
https://srcincite.io


CVE-2018-8427 - Microsoft Graphics Components Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8427
MITRE
NVD
CVE Title: Microsoft Graphics Components Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation.

To exploit the vulnerability, a user would have to open a specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


What is Office 365 ProPlus?

Office 365 ProPlus is the same product formerly be referred to as Microsoft Office 2016 Click-to-Run (C2R). The name has been updated in this guide to reflect Microsoft’s branding.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8427
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel Viewer 2007 Service Pack 3 4092444 (Security Update) Important Information Disclosure 4011202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Unknown
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4092444 (Security Update) Important Information Disclosure 4011202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Word Viewer 4092464 (Security Update) Important Information Disclosure 4032214 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint Viewer 2007 4092444 (Security Update) Important Information Disclosure 4011202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Information Disclosure
4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8427 Lin Wang of Beihang University


CVE-2018-8460 - Internet Explorer Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8460
MITRE
NVD
CVE Title: Internet Explorer Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.

The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8460
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 11 on Windows 10 for 32-bit Systems 4462922 (Security Update) Critical Remote Code Execution 4457132 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4462922 (Security Update) Critical Remote Code Execution 4457132 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4462923 (Monthly Rollup)
4462949 (IE Cumulative)
Critical Remote Code Execution 4457144
4457426
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4462923 (Monthly Rollup)
4462949 (IE Cumulative)
Critical Remote Code Execution 4457144
4457426
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4462926 (Monthly Rollup)
4462949 (IE Cumulative)
Critical Remote Code Execution 4457129
4457426
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462949 (IE Cumulative)
Critical Remote Code Execution 4457129
4457426
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4462926 (Monthly Rollup) Critical Remote Code Execution 4457129 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462923 (Monthly Rollup)
4462949 (IE Cumulative)
Moderate Remote Code Execution 4457144
4457426
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4462926 (Monthly Rollup)
4462949 (IE Cumulative)
Moderate Remote Code Execution 4457129
4457426
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4462917 (Security Update) Moderate Remote Code Execution 4457131 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2019 4464330 (Security Update) Moderate Remote Code Execution None Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8460 Anonymous working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8265 - Microsoft Exchange Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8265
MITRE
NVD
CVE Title: Microsoft Exchange Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the system user. An attacker could then install programs; view, change, add, or delete data.

To exploit this vulnerability, an attacker would need to send a specially crafted email to an affected Exchange server, and then convince the recipient to perform multiple actions while replying to the message.

The security update addresses the vulnerability by correcting how Microsoft Exchange parses specially crafted email messages.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8265
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 21 4459266 (Security Update) Important Remote Code Execution 4340731 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016 Cumulative Update 10 4459266 (Security Update) Important Remote Code Execution 4340731 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8265 Sabri Haddouche of Wire Swiss GmbH
https://wire.com


CVE-2018-8448 - Microsoft Exchange Server Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8448
MITRE
NVD
CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.

To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link.

The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.

Note: In order to exploit this vulnerability, a user must click a maliciously crafted link from an attacker.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8448
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 21 4459266 (Security Update) Important Elevation of Privilege 4340731 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016 Cumulative Update 10 4459266 (Security Update) Important Elevation of Privilege 4340731 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8448 Adrian Ivascu


CVE-2018-8472 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8472
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how GDI handles memory addresses.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8472
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Information Disclosure
4457129
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Information Disclosure 4457129 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Important Information Disclosure
4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Important Information Disclosure 4458010
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Important Information Disclosure
4457144
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Important Information Disclosure
4457135
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Information Disclosure 4457131 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Information Disclosure 4457142 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Information Disclosure 4457128 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8472 Symeon Paraschoudis of Pen Test Partners LLP
https://www.pentestpartners.com/


CVE-2018-8489 - Windows Hyper-V Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8489
MITRE
NVD
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8489
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for x64-based Systems 4462922 (Security Update) Critical Remote Code Execution 4457132 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Critical Remote Code Execution
4457144
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Critical Remote Code Execution 4457129
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Critical Remote Code Execution 4457129 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Critical Remote Code Execution 4458010
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Critical Remote Code Execution 4458010
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Critical Remote Code Execution
4457144
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Critical Remote Code Execution
4457144
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Critical Remote Code Execution
4457135
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Critical Remote Code Execution
4457135
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Critical Remote Code Execution 4457129
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Critical Remote Code Execution 4457129
Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Critical Remote Code Execution None Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Critical Remote Code Execution None Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8489 None

CVE-2018-8490 - Windows Hyper-V Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8490
MITRE
NVD
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8490
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for x64-based Systems 4462922 (Security Update) Critical Remote Code Execution 4457132 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Critical Remote Code Execution None Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Critical Remote Code Execution None Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.60
Temporal: 6.80
Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8490 None

CVE-2018-8491 - Internet Explorer Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8491
MITRE
NVD
CVE Title: Internet Explorer Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.

The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8491
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 11 on Windows 10 for 32-bit Systems 4462922 (Security Update) Critical Remote Code Execution 4457132 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4462922 (Security Update) Critical Remote Code Execution 4457132 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4462923 (Monthly Rollup)
4462949 (IE Cumulative)
Critical Remote Code Execution 4457144
4457426
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4462923 (Monthly Rollup)
4462949 (IE Cumulative)
Critical Remote Code Execution 4457144
4457426
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4462926 (Monthly Rollup)
4462949 (IE Cumulative)
Critical Remote Code Execution 4457129
4457426
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462949 (IE Cumulative)
Critical Remote Code Execution 4457129
4457426
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4462926 (Monthly Rollup) Critical Remote Code Execution 4457129 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462923 (Monthly Rollup)
4462949 (IE Cumulative)
Moderate Remote Code Execution 4457144
4457426
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4462926 (Monthly Rollup)
4462949 (IE Cumulative)
Moderate Remote Code Execution 4457129
4457426
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4462917 (Security Update) Moderate Remote Code Execution 4457131 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2019 4464330 (Security Update) Moderate Remote Code Execution None Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8491 Lucas Pinheiro - Windows & Devices Group - Operating System Security Team


Simon Zuckerbraun of the Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8492 - Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8492
MITRE
NVD
CVE Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Description:

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

To exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy.

The update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8492
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Security Feature Bypass 4457131 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Security Feature Bypass 4457131 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Security Feature Bypass 4457138 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Security Feature Bypass 4457138 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Security Feature Bypass 4457128 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Security Feature Bypass 4457128 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Security Feature Bypass None Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Security Feature Bypass None Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Security Feature Bypass 4457131 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Security Feature Bypass 4457131 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Security Feature Bypass None Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Security Feature Bypass None Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Security Feature Bypass 4457128 Base: 5.30
Temporal: 4.80
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8492 Jimmy Bayne (@bohops)
https://twitter.com/bohops


CVE-2018-8493 - Windows TCP/IP Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8493
MITRE
NVD
CVE Title: Windows TCP/IP Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to send specially crafted fragmented IP packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles fragmented IP packets.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8493
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Important Information Disclosure 4457132 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Information Disclosure 4457131 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Information Disclosure 4457138 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Information Disclosure 4457142 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Information Disclosure 4457128 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Important Information Disclosure
4457129
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Important Information Disclosure 4457129 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Important Information Disclosure 4457129
Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Information Disclosure 4457131 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Information Disclosure 4457131 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Information Disclosure 4457142 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Information Disclosure 4457128 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8493 Ran Menscher


CVE-2018-8494 - MS XML Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8494
MITRE
NVD
CVE Title: MS XML Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.

To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system.

The update addresses the vulnerability by correcting how the MSXML parser processes user input.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8494
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4462922 (Security Update) Critical Remote Code Execution 4457132 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4462922 (Security Update) Critical Remote Code Execution 4457132 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Critical Remote Code Execution
4457144
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Critical Remote Code Execution
4457144
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4462941 (Security Only)
4462926 (Monthly Rollup)
Critical Remote Code Execution
4457129
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4462926 (Monthly Rollup)
4462941 (Security Only)
Critical Remote Code Execution 4457129
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4462926 (Monthly Rollup) Critical Remote Code Execution 4457129 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Critical Remote Code Execution 4458010
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Critical Remote Code Execution 4458010
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4463104 (Security Only)
4463097 (Monthly Rollup)
Critical Remote Code Execution
4458010
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4463097 (Monthly Rollup)
4463104 (Security Only)
Critical Remote Code Execution 4458010
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4463097 (Monthly Rollup)
4463104 (Security Only)
Critical Remote Code Execution 4458010
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Critical Remote Code Execution
4457144
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4462915 (Security Only)
4462923 (Monthly Rollup)
Critical Remote Code Execution
4457144
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4462915 (Security Only)
4462923 (Monthly Rollup)
Critical Remote Code Execution
4457144
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4462931 (Security Only)
4462929 (Monthly Rollup)
Critical Remote Code Execution
4457135
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4462931 (Security Only)
4462929 (Monthly Rollup)
Critical Remote Code Execution
4457135
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4462926 (Monthly Rollup)
4462941 (Security Only)
Critical Remote Code Execution 4457129
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4462926 (Monthly Rollup)
4462941 (Security Only)
Critical Remote Code Execution 4457129
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Critical Remote Code Execution None Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8494 Guy Inbar (guyio)


CVE-2018-8495 - Windows Shell Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8495
MITRE
NVD
CVE Title: Windows Shell Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when Windows Shell improperly handles URIs. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attack requires specific user interaction which an attacker would need to trick the user into performing. There is no way an attacker could exploit the vulnerability without the user performing the specific action.

The security update addresses the vulnerability by modifying how Windows Shell handles URIs.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8495
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Remote Code Execution 4457138 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Remote Code Execution 4457138 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8495 @qab working with working with Trend Micro's Zero Day Initiative
https://twitter.com/qab,http://www.zerodayinitiative.com/


CVE-2018-8497 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8497
MITRE
NVD
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8497
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Elevation of Privilege 4457138 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4462917 (Security Update) Important Elevation of Privilege 4457131 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4464330 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4464330 (Security Update) Important Elevation of Privilege None Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4462918 (Security Update) Important Elevation of Privilege 4457142 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4462919 (Security Update) Important Elevation of Privilege 4457128 Base: 7.80
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8497 None

CVE-2018-8498 - Microsoft SharePoint Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8498
MITRE
NVD
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8498
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4461450 (Security Update) Important Elevation of Privilege 4092470 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4461447 (Security Update) Important Elevation of Privilege 4092459 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8498 Ashar Javed of Hyundai AutoEver Europe GmbH
https://twitter.com/soaj1664ashar,https://www.hyundai-autoever.eu/


CVE-2018-8500 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8500
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8500
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8500 Paul Leathers


CVE-2018-8501 - Microsoft PowerPoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8501
MITRE
NVD
CVE Title: Microsoft PowerPoint Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office PowerPoint software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Microsoft PowerPoint handles objects in Protected View.


FAQ:

What is Office 365 ProPlus?

Office 365 ProPlus is the same product formerly be referred to as Microsoft Office 2016 Click-to-Run (C2R). The name has been updated in this guide to reflect Microsoft’s branding.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8501
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4092483 (Security Update) Important Remote Code Execution 4022198 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4092483 (Security Update) Important Remote Code Execution 4022198 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4461437 (Security Update) Important Remote Code Execution 4032233 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4461437 (Security Update) Important Remote Code Execution 4032233 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) 4092482 (Security Update) Important Remote Code Execution 4018310 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) 4092482 (Security Update) Important Remote Code Execution 4018310 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 RT Service Pack 1 4092453 (Security Update) Important Remote Code Execution 4011069 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) 4092453 (Security Update) Important Remote Code Execution 4011069 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) 4092453 (Security Update) Important Remote Code Execution 4011069 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2016 (32-bit edition) 4461434 (Security Update) Important Remote Code Execution 4011041 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2016 (64-bit edition) 4461434 (Security Update) Important Remote Code Execution 4011041 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
PowerPoint Viewer 2010 32-bit edition 4022138 (Security Update) Important Remote Code Execution 3128030 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8501 None

CVE-2018-8502 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8502
MITRE
NVD
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office Excel software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in Protected View.


FAQ:

What is Office 365 ProPlus?

Office 365 ProPlus is the same product formerly be referred to as Microsoft Office 2016 Click-to-Run (C2R). The name has been updated in this guide to reflect Microsoft’s branding.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8502
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4461466 (Security Update) Important Remote Code Execution 4227175 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4461466 (Security Update) Important Remote Code Execution 4227175 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4461460 (Security Update) Important Remote Code Execution 4092479 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4461460 (Security Update) Important Remote Code Execution 4092479 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4461460 (Security Update) Important Remote Code Execution 4092479 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4461448 (Security Update) Important Remote Code Execution 4092460 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4461448 (Security Update) Important Remote Code Execution 4092460 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4461466 (Security Update) Important Remote Code Execution 4227175 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4461466 (Security Update) Important Remote Code Execution 4227175 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4461437 (Security Update) Important Remote Code Execution 4032233 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4461437 (Security Update) Important Remote Code Execution 4032233 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8502 None

CVE-2018-8503 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8503
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Low Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8503
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Low Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Edge on Windows 10 for 32-bit Systems 4462922 (Security Update) Low Remote Code Execution 4457132 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4462922 (Security Update) Low Remote Code Execution 4457132 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Low Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Low Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Low Remote Code Execution 4457138 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Low Remote Code Execution 4457138 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Low Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Low Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Low Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Low Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Low Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4464330 (Security Update) Low Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Low Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4462917 (Security Update) Low Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4464330 (Security Update) Low Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8503 Qixun Zhao of Qihoo 360 Vulcan Team​
https://twitter.com/S0rryMybad,http://www.360.com/


CVE-2018-8504 - Microsoft Word Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8504
MITRE
NVD
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Microsoft Word handles objects in Protected View.


FAQ:

What is Office 365 ProPlus?

Office 365 ProPlus is the same product formerly be referred to as Microsoft Office 2016 Click-to-Run (C2R). The name has been updated in this guide to reflect Microsoft’s branding.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8504
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4092437 (Security Update)
4092483 (Security Update)
Important Remote Code Execution 4022200
4022198
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4092437 (Security Update)
4092483 (Security Update)
Important Remote Code Execution 4022200
4022198
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4461445 (Security Update) Important Remote Code Execution 4032239 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4461437 (Security Update) Important Remote Code Execution 4032233 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4461437 (Security Update) Important Remote Code Execution 4032233 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Web Apps 2010 Service Pack 2 4227167 (Security Update) Important Remote Code Execution 4032220 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2010 Service Pack 2 4092481 (Security Update) Important Remote Code Execution 4032215 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4092439 (Security Update) Important Remote Code Execution 4022202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4092439 (Security Update) Important Remote Code Execution 4022202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4461457 (Security Update) Important Remote Code Execution 4032246 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4461457 (Security Update) Important Remote Code Execution 4032246 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4461457 (Security Update) Important Remote Code Execution 4032246 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4461449 (Security Update) Important Remote Code Execution 4092447 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4461449 (Security Update) Important Remote Code Execution 4092447 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8504 None

CVE-2018-8505 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8505
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8505
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4462917 (Security Update) Critical Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Critical Remote Code Execution 4457138 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4462917 (Security Update) Moderate Remote Code Execution 4457131 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4464330 (Security Update) Moderate Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8505 Lokihardt of Google Project Zero
https://www.google.com


Qixun Zhao of Qihoo 360 Vulcan Team​
https://twitter.com/S0rryMybad,http://www.360.com/


CVE-2018-8509 - Microsoft Edge Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8509
MITRE
NVD
CVE Title: Microsoft Edge Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.

The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8509
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Critical Remote Code Execution 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Critical Remote Code Execution 4457128 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8509 None

CVE-2018-8510 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8510
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8510
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4464330 (Security Update) Moderate Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8510 None

CVE-2018-8511 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8511
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8511
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4464330 (Security Update) Moderate Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8511 None

CVE-2018-8512 - Microsoft Edge Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8512
MITRE
NVD
CVE Title: Microsoft Edge Security Feature Bypass Vulnerability
Description:

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.

To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network.

The security update addresses the bypass by correcting how the Edge CSP validates documents.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8512
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Security Feature Bypass 4457138 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Security Feature Bypass 4457138 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8512 None

CVE-2018-8513 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8513
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8513
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4464330 (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4464330 (Security Update) Moderate Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8513 Lucas Pinheiro - Windows & Devices Group - Operating System Security Team


CVE-2010-3190 - MFC Insecure Library Loading Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2010-3190
MITRE
NVD
CVE Title: MFC Insecure Library Loading Vulnerability
Description:

A remote code execution vulnerability exists in the way that certain applications built using Microsoft Foundation Classes (MFC) handle the loading of DLL files.

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The update addresses this vulnerability by correcting how applications built using MFC load DLL files.


FAQ:

Why is Microsoft documenting a 2010 CVE in this release?

Exchange Server was not identified as an in-scope product when CVE-2010-3190 was originally published. This vulnerability affects all installations of Exchange Server. If you are running any version of Exchange server released prior to Exchange Server 2016 Cumulative Update 11 (as of this publishing, Cumulative Update 10 is the most recent cumulative update for Exchange 2016), the Visual Studio 2010 updates in MS11-025 should be applied to your Exchange Server.

Is there anything else that I need to do to ensure that my Exchange server remains protected from this vulnerability?

Yes, you must install the next cumulative update for your Exchange server when it becomes available. This document will be revised at such time to include information on where to obtain the update.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2010-3190
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Exchange Server 2010 Service Pack 3 2565063 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2013 2565063 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016 2565063 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2010-3190 None

CVE-2018-8527 - SQL Server Management Studio Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8527
MITRE
NVD
CVE Title: SQL Server Management Studio Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.

To exploit the vulnerability, an attacker must entice a user on an affected SSMS server to open a specially crafted XEL file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link and open the specially crafted file.

The security update addresses the vulnerability by correcting how SQL Server Management Studio parses XML input.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8527
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
SQL Server Management Studio 17.9 Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
SQL Server Management Studio 18.0 (Preview 4) Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8527 John Page (aka hyp3rlinx) - ApparitionSec working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8530 - Microsoft Edge Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8530
MITRE
NVD
CVE Title: Microsoft Edge Security Feature Bypass Vulnerability
Description:

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.


FAQ:

After I installed the security update and restarted my device, third-party cookies are no longer blocked even though I had previously selected that setting. What do I do?

In some cases, after installing the security updates, sites you visit might still be able to use third-party cookies that they originally set on your browser before Microsoft updated the setting. To learn more and to reset your browser cookies, see Microsoft Knowledge Base article 4464209.

Guidance for Enterprise Admins:

Enterprise admins can optionally choose to show a warning dialog to users in their environments that informs them about this issue. This dialog will be displayed on the first launch of Microsoft Edge after the Windows 10 October Update has been installed on the users' machines, and will only be shown to users who had previously set the Block only third party cookies setting in Microsoft Edge.

To show this warning dialog, Enterprise admins need to configure and deploy the following reg key:

HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ ThirdPartyCookiesMessageManagedOptIn

The value DWORD (32-bit) registry key should be set to 1.

Note that users in enterprises will not get any in-product notifications about this issue unless their admin configures and deploys this ThirdPartyCookiesMessageManagedOptIn registry value. This reg key will only display the notification on devices running Desktop and Mobile versions of Windows 10.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8530
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4462937 (Security Update) Important Security Feature Bypass 4457138 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4462937 (Security Update) Important Security Feature Bypass 4457138 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4462918 (Security Update) Important Security Feature Bypass 4457142 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4462919 (Security Update) Important Security Feature Bypass 4457128 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4462919 (Security Update) Important Security Feature Bypass 4457128 Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8530 Richard Shupak
https://www.linkedin.com/in/rshupak


CVE-2018-8531 - Azure IoT Device Client SDK Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8531
MITRE
NVD
CVE Title: Azure IoT Device Client SDK Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.

The security update addresses the vulnerability by changing the default allocators.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8531
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Hub Device Client SDK for Azure IoT Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8531 Cristian Pop of Azure IoT


ADV180026 - Microsoft Office Defense in Depth Update

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
ADV180026
MITRE
NVD
CVE Title: Microsoft Office Defense in Depth Update
Description:

Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure.


FAQ:

What is Office 365 ProPlus?

Office 365 ProPlus is the same product formerly be referred to as Microsoft Office 2016 Click-to-Run (C2R). The name has been updated in this guide to reflect Microsoft’s branding.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Unkwown Defense in Depth

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

ADV180026
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4092437 (Security Update) None Defense in Depth 4022200 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4092437 (Security Update) None Defense in Depth 4022200 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) None Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) None Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Outlook 2010 Service Pack 2 (32-bit editions) 4227170 (Security Update) None Defense in Depth 4032222 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2010 Service Pack 2 (64-bit editions) 4227170 (Security Update) None Defense in Depth 4032222 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 RT Service Pack 1 4092477 (Security Update) None Defense in Depth 4032240 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 Service Pack 1 (32-bit editions) 4092477 (Security Update) None Defense in Depth 4032240 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 Service Pack 1 (64-bit editions) 4092477 (Security Update) None Defense in Depth 4032240 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (32-bit edition) 4461440 (Security Update) None Defense in Depth 4032235 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (64-bit edition) 4461440 (Security Update) None Defense in Depth 4032235 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4092439 (Security Update) None Defense in Depth 4022202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4092439 (Security Update) None Defense in Depth 4022202 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4461457 (Security Update) None Defense in Depth 4032246 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4461457 (Security Update) None Defense in Depth 4032246 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4461457 (Security Update) None Defense in Depth 4032246 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4461449 (Security Update) None Defense in Depth 4092447 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4461449 (Security Update) None Defense in Depth 4092447 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) None Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) None Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
ADV180026 None

CVE-2018-8532 - SQL Server Management Studio Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8532
MITRE
NVD
CVE Title: SQL Server Management Studio Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.

To exploit the vulnerability, an attacker must entice a user on an affected SSMS server to open a specially crafted XMLA file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link and open the specially crafted file.

The security update addresses the vulnerability by correcting how SQL Server Management Studio parses XML input.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8532
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
SQL Server Management Studio 17.9 Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
SQL Server Management Studio 18.0 (Preview 4) Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8532 John Page (aka hyp3rlinx) - ApparitionSec working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8533 - SQL Server Management Studio Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8533
MITRE
NVD
CVE Title: SQL Server Management Studio Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.

To exploit the vulnerability, an attacker must entice a user on an affected SSMS server to open a specially crafted XML file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link and open the specially crafted file.

The security update addresses the vulnerability by correcting how SQL Server Management Studio parses XML input.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-10-09T07:00:00    

Information published.


Moderate Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8533
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
SQL Server Management Studio 17.9 Release Notes (Security Update) Moderate Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
SQL Server Management Studio 18.0 (Preview 4) Release Notes (Security Update) Moderate Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8533 John Page (aka hyp3rlinx) - ApparitionSec working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/