KB4471324: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 Security Update

critical Nessus Plugin ID 119586

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing security update 4471324.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(CVE-2018-8540)

- A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality. (CVE-2018-8612)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2018-8595, CVE-2018-8596)

- A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8634)

- An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2018-8637)

- A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. (CVE-2018-8517)

- An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.
(CVE-2018-8599)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8477)

- An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory. (CVE-2018-8514)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8611)

- A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. (CVE-2018-8626)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8641)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8639)

Solution

Apply Cumulative Update KB4471324.

See Also

http://www.nessus.org/u?7a2a924f

Plugin Details

Severity: Critical

ID: 119586

File Name: smb_nt_ms18_dec_4471324.nasl

Version: 1.7

Type: local

Agent: windows

Published: 12/11/2018

Updated: 6/17/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-8626

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows_10_1803

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/11/2018

Vulnerability Publication Date: 12/11/2018

CISA Known Exploited Vulnerability Due Dates: 6/14/2022

Reference Information

CVE: CVE-2018-8477, CVE-2018-8514, CVE-2018-8517, CVE-2018-8540, CVE-2018-8595, CVE-2018-8596, CVE-2018-8599, CVE-2018-8611, CVE-2018-8612, CVE-2018-8626, CVE-2018-8634, CVE-2018-8637, CVE-2018-8639, CVE-2018-8641

MSFT: MS18-4471324

MSKB: 4471324