Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)
- An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.
(CVE-2018-0847)
- A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-0825)
- An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2018-0742, CVE-2018-0820)
- A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)
- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)
- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0810)
Solution
Microsoft has released the following security updates to address this issue:
-KB4058165
-KB4073080
-KB4034044
-KB4073079
-KB4074851
-KB4074836
-KB4074603
Plugin Details
File Name: smb_nt_ms18_feb_win2008.nasl
Agent: windows
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows_server_2008
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: Exploits are available
Patch Publication Date: 2/13/2018
Vulnerability Publication Date: 2/13/2018
Reference Information
CVE: CVE-2018-0742, CVE-2018-0757, CVE-2018-0810, CVE-2018-0820, CVE-2018-0825, CVE-2018-0829, CVE-2018-0830, CVE-2018-0842, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847
BID: 102861, 102920, 102929, 102931, 102937, 102938, 102945, 102946, 102947, 102948, 102949
MSFT: MS18-4034044, MS18-4058165, MS18-4073079, MS18-4073080, MS18-4074603, MS18-4074836, MS18-4074851
MSKB: 4034044, 4058165, 4073079, 4073080, 4074603, 4074836, 4074851