Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
.NET Framework CVE-2018-8517 .NET Framework Denial Of Service Vulnerability
.NET Framework CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability
Adobe Flash Player ADV180031 December 2018 Adobe Flash Security Update
Internet Explorer CVE-2018-8619 Internet Explorer Remote Code Execution Vulnerability
Internet Explorer CVE-2018-8631 Internet Explorer Memory Corruption Vulnerability
Microsoft Dynamics CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability
Microsoft Exchange Server CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability
Microsoft Graphics Component CVE-2018-8639 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8638 DirectX Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-8595 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-8596 Windows GDI Information Disclosure Vulnerability
Microsoft Office CVE-2018-8628 Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8636 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8627 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2018-8598 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2018-8587 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8597 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2018-8635 Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8580 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-8629 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8643 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8625 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-8617 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8583 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8618 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8624 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-8649 Windows Denial of Service Vulnerability
Microsoft Windows DNS CVE-2018-8514 Remote Procedure Call runtime Information Disclosure Vulnerability
Microsoft Windows DNS CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability
Visual Studio CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Windows Authentication Methods CVE-2018-8634 Microsoft Text-To-Speech Remote Code Execution Vulnerability
Windows Azure Pack CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability
Windows Kernel CVE-2018-8477 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8621 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8612 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Windows Kernel CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-8622 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8637 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2018-8641 Win32k Elevation of Privilege Vulnerability

CVE-2018-8477 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8477
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8477
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 for x64-based Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Information Disclosure 4467691 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Information Disclosure 4467691 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Information Disclosure 4467696 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Information Disclosure 4467696 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 7 for 32-bit Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 7 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 8.1 for 32-bit systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 8.1 for x64-based systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows RT 8.1 4471320 (Monthly Rollup) Important Information Disclosure 4467697 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 (Server Core installation) 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 (Server Core installation) 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 4471321 (Security Update) Important Information Disclosure 4467691 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Information Disclosure 4467691 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Information Disclosure 4467686 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Information Disclosure 4467702 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8477 ZiMi and JunGu of Alibaba Orion Security Lab
https://twitter.com/YHZX_2013,https://twitter.com/Bl1nnnk


CVE-2018-8514 - Remote Procedure Call runtime Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8514
MITRE
NVD
CVE Title: Remote Procedure Call runtime Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory.

To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

The update addresses the vulnerability by correcting how the Remote Procedure Call runtime i initializes objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8514
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 for x64-based Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Information Disclosure 4467691 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Information Disclosure 4467691 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Information Disclosure 4467696 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Information Disclosure 4467696 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 7 for 32-bit Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 7 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 8.1 for 32-bit systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows 8.1 for x64-based systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows RT 8.1 4471320 (Monthly Rollup) Important Information Disclosure 4467697 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 (Server Core installation) 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2012 R2 (Server Core installation) 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 4471321 (Security Update) Important Information Disclosure 4467691 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Information Disclosure 4467691 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Information Disclosure 4467708 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Information Disclosure 4467686 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Information Disclosure 4467702 Base: 3.30
Temporal: 3.30
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8514 Alex Ionescu, CrowdStrike Inc.
https://www.crowdstrike.com


CVE-2018-8517 - .NET Framework Denial Of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8517
MITRE
NVD
CVE Title: .NET Framework Denial Of Service Vulnerability
Description:

A denial of service vulnerability exists when .NET Framework improperly handles special web requests.

An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authentication.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application.

The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8517
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Denial of Service 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Denial of Service 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Denial of Service 4467696 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Denial of Service 4467696 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Denial of Service 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Denial of Service 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Denial of Service 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Denial of Service 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for 32-bit Systems 4470502 (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for x64-based Systems 4470502 (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems 4470602 (Security Only)
4470630 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems 4470602 (Security Only)
4470630 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 4470601 (Security Only)
4470629 (Monthly Rollup)
Important Denial of Service
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) 4470601 (Security Only)
4470629 (Monthly Rollup)
Important Denial of Service
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 4470602 (Security Only)
4470630 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) 4470602 (Security Only)
4470630 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2016 4471321 (Security Update) Important Denial of Service 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Denial of Service 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server 2019 4470502 (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2019 (Server Core installation) 4470502 (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Denial of Service 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Denial of Service 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 4470600 (Security Only)
4470641 (Monthly Rollup)
Important Denial of Service
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 4470600 (Security Only)
4470641 (Monthly Rollup)
Important Denial of Service
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4470600 (Security Only)
4470641 (Monthly Rollup)
Important Denial of Service
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470600 (Security Only)
4470641 (Monthly Rollup)
Important Denial of Service
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4470600 (Security Only)
4470641 (Monthly Rollup)
Important Denial of Service
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 4470637 (Monthly Rollup)
4470493 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 4470637 (Monthly Rollup)
4470493 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems 4470491 (Security Only)
4470622 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems 4470491 (Security Only)
4470622 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows RT 8.1 4470622 (Monthly Rollup) Important Denial of Service 4467226; 4467242 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 4470637 (Monthly Rollup)
4470493 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 4470637 (Monthly Rollup)
4470493 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470637 (Monthly Rollup)
4470493 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4470637 (Monthly Rollup)
4470493 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 4470492 (Security Only)
4470623 (Monthly Rollup)
Important Denial of Service
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) 4470492 (Security Only)
4470623 (Monthly Rollup)
Important Denial of Service
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 4470491 (Security Only)
4470622 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) 4470491 (Security Only)
4470622 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 4470500 (Security Only)
4470637 (Monthly Rollup)
Important Denial of Service
4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 4470500 (Security Only)
4470640 (Monthly Rollup)
Important Denial of Service
4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Denial of Service 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Denial of Service 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 4471321 (Security Update) Important Denial of Service 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Denial of Service 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 4470640 (Monthly Rollup)
4470500 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 4470640 (Monthly Rollup)
4470500 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems 4470499 (Security Only)
4470630 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems 4470499 (Security Only)
4470639 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1 4470639 (Monthly Rollup) Important Denial of Service 4467226; 4467242 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470640 (Monthly Rollup)
4470500 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4470640 (Monthly Rollup)
4470500 (Security Only)
Important Denial of Service 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 4470498 (Security Only)
4470638 (Monthly Rollup)
Important Denial of Service
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) 4470498 (Security Only)
4470638 (Monthly Rollup)
Important Denial of Service
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 4470499 (Security Only)
4470639 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) 4470499 (Security Only)
4470639 (Monthly Rollup)
Important Denial of Service
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Denial of Service 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Denial of Service 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Denial of Service 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Denial of Service 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Denial of Service 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Denial of Service 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems 4470502 (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems 4470502 (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows Server 2019 4470502 (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) 4470502 (Security Update) Important Denial of Service None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Denial of Service 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Denial of Service 4467696 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Denial of Service 4467696 Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8517 None

CVE-2018-8540 - .NET Framework Remote Code Injection Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8540
MITRE
NVD
CVE Title: .NET Framework Remote Code Injection Vulnerability
Description:

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker would need to pass specific input to an application utilizing susceptible .Net methods.

The security update addresses the vulnerability by correcting how the Microsoft .NET Framework validates input.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8540
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for 32-bit Systems 4470502 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for x64-based Systems 4470502 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems 4470602 (Security Only)
4470630 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems 4470602 (Security Only)
4470630 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 4470601 (Security Only)
4470629 (Monthly Rollup)
Critical Remote Code Execution
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) 4470601 (Security Only)
4470629 (Monthly Rollup)
Critical Remote Code Execution
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 4470602 (Security Only)
4470630 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) 4470602 (Security Only)
4470630 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2016 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server 2019 4470502 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2019 (Server Core installation) 4470502 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 4470600 (Security Only)
4470641 (Monthly Rollup)
Critical Remote Code Execution
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 4470600 (Security Only)
4470641 (Monthly Rollup)
Critical Remote Code Execution
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470600 (Security Only)
4470641 (Monthly Rollup)
Critical Remote Code Execution
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4470600 (Security Only)
4470641 (Monthly Rollup)
Critical Remote Code Execution
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 4470637 (Monthly Rollup)
4470493 (Security Only)
Critical Remote Code Execution 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 4470637 (Monthly Rollup)
4470493 (Security Only)
Critical Remote Code Execution 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems 4470491 (Security Only)
4470622 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems 4470491 (Security Only)
4470622 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows RT 8.1 4470622 (Monthly Rollup) Critical Remote Code Execution 4467226; 4467242 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 4470493 (Security Only)
4470637 (Monthly Rollup)
Critical Remote Code Execution
4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 4470493 (Security Only)
4470637 (Monthly Rollup)
Critical Remote Code Execution
4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470637 (Monthly Rollup)
4470493 (Security Only)
Critical Remote Code Execution 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4470637 (Monthly Rollup)
4470493 (Security Only)
Critical Remote Code Execution 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 4470492 (Security Only)
4470623 (Monthly Rollup)
Critical Remote Code Execution
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) 4470492 (Security Only)
4470623 (Monthly Rollup)
Critical Remote Code Execution
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 4470491 (Security Only)
4470622 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) 4470491 (Security Only)
4470622 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 4470500 (Security Only)
4470640 (Monthly Rollup)
Critical Remote Code Execution
4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 4470500 (Security Only)
4470640 (Monthly Rollup)
Critical Remote Code Execution
4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 4470640 (Monthly Rollup)
4470500 (Security Only)
Critical Remote Code Execution 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 4470640 (Monthly Rollup)
4470500 (Security Only)
Critical Remote Code Execution 4467227; 4467243
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems 4470499 (Security Only)
4470639 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems 4470499 (Security Only)
4470639 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1 4470639 (Monthly Rollup) Critical Remote Code Execution 4467226; 4467242 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470600 (Security Only)
4470641 (Monthly Rollup)
Critical Remote Code Execution
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4470600 (Security Only)
4470641 (Monthly Rollup)
Critical Remote Code Execution
4467224; 4467240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 4470498 (Security Only)
4470638 (Monthly Rollup)
Critical Remote Code Execution
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) 4470498 (Security Only)
4470638 (Monthly Rollup)
Critical Remote Code Execution
4467225; 4467241
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 4470499 (Security Only)
4470639 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) 4470499 (Security Only)
4470639 (Monthly Rollup)
Critical Remote Code Execution
4467226; 4467242
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems 4470502 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems 4470502 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows Server 2019 4470502 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) 4470502 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8540 Peter Stöckli of Alphabot Security, Switzerland
https://twitter.com/ulldma,https://www.alphabot.com/


CVE-2018-8587 - Microsoft Outlook Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8587
MITRE
NVD
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability.

The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8587
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Outlook 2010 Service Pack 2 (32-bit editions) 4461576 (Security Update) Important Remote Code Execution 4461529 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2010 Service Pack 2 (64-bit editions) 4461576 (Security Update) Important Remote Code Execution 4461529 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 RT Service Pack 1 4461556 (Security Update) Important Remote Code Execution 4461486 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 Service Pack 1 (32-bit editions) 4461556 (Security Update) Important Remote Code Execution 4461486 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 Service Pack 1 (64-bit editions) 4461556 (Security Update) Important Remote Code Execution 4461486 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (32-bit edition) 4461544 (Security Update) Important Remote Code Execution 4461506 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (64-bit edition) 4461544 (Security Update) Important Remote Code Execution 4461506 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8587 Yonghui Han of Fortinet’s FortiGuard Labs


CVE-2018-8595 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8595
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8595
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Information Disclosure 4467691 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Information Disclosure 4467691 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Information Disclosure 4467696 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Information Disclosure 4467696 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4471320 (Monthly Rollup) Important Information Disclosure 4467697 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4471321 (Security Update) Important Information Disclosure 4467691 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Information Disclosure 4467691 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Information Disclosure 4467686 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8595 Kamlapati Choubey working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8596 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8596
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8596
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Information Disclosure 4467691 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Information Disclosure 4467691 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Information Disclosure 4467696 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Information Disclosure 4467696 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Information Disclosure 4467686 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4471320 (Monthly Rollup) Important Information Disclosure 4467697 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4471321 (Security Update) Important Information Disclosure 4467691 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Information Disclosure 4467691 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4471332 (Security Update) Important Information Disclosure 4467708 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Information Disclosure 4467708 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Information Disclosure 4467686 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8596 Pengsu Cheng of Trend Micro Security Research


CVE-2018-8597 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8597
MITRE
NVD
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8597
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4461577 (Security Update) Important Remote Code Execution 4461530 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4461577 (Security Update) Important Remote Code Execution 4461530 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4461559 (Security Update) Important Remote Code Execution 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4461559 (Security Update) Important Remote Code Execution 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4461559 (Security Update) Important Remote Code Execution 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4461542 (Security Update) Important Remote Code Execution 4461503 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4461542 (Security Update) Important Remote Code Execution 4461503 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4461570 (Security Update) Important Remote Code Execution 4032218 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4461570 (Security Update) Important Remote Code Execution 4032218 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4461565 (Security Update) Important Remote Code Execution 4461518 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8597 Omair working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8598 - Microsoft Excel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8598
MITRE
NVD
CVE Title: Microsoft Excel Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.

To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.

The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8598
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4461577 (Security Update) Important Information Disclosure 4461530 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4461577 (Security Update) Important Information Disclosure 4461530 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4461559 (Security Update) Important Information Disclosure 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4461559 (Security Update) Important Information Disclosure 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4461559 (Security Update) Important Information Disclosure 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4461542 (Security Update) Important Information Disclosure 4461503 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4461542 (Security Update) Important Information Disclosure 4461503 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8598 Omair working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8604 - Microsoft Exchange Server Tampering Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8604
MITRE
NVD
CVE Title: Microsoft Exchange Server Tampering Vulnerability
Description:

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.

To exploit the vulnerability, an attacker would need to be authenticated on an affected Exchange Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.

The security update addresses the vulnerability by modifying how Microsoft Exchange Server handles profile data.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Tampering

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8604
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Exchange Server 2016 Cumulative Update 10 4468741 (Security Update) Important Tampering 4459266 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Exchange Server 2016 Cumulative Update 11 4468741 (Security Update) Important Tampering None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8604 Cameron Vincent
https://twitter.com/secretlyhidden1


CVE-2018-8580 - Microsoft SharePoint Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8580
MITRE
NVD
CVE Title: Microsoft SharePoint Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).

When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user. While the attacker can’t access the search results or documents as such, the attacker can determine whether the query did return results or not, and thus by issuing targeted queries discover facts about documents that are searchable for the logged-in user.

The security update addresses the vulnerability by running the search queries in a way that doesn’t expose them to this browser vulnerability.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII).



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8580
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4461549 (Security Update) Important Information Disclosure 4461483 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4461541 (Security Update) Important Information Disclosure 4461501 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2010 Service Pack 2 4461580 (Security Update) Important Information Disclosure 3141547 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8580 Nethanel Gelernter of Cyberpion
http://cyberpion.com/


CVE-2018-8583 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8583
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8583
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4471332 (Security Update) Moderate Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8583 Qixun Zhao of Qihoo 360 Vulcan Team​
https://twitter.com/S0rryMybad,http://www.360.com/


CVE-2018-8599 - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8599
MITRE
NVD
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.

An attacker with unprivileged access to a vulnerable system could exploit this vulnerability.

The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8599
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Visual Studio 2015 Update 3 4469516 (Security Update) Important Elevation of Privilege 4463110 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visual Studio 2017 Release Notes (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visual Studio 2017 version 15.9 Release Notes (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10 for 32-bit Systems 4471323 (Security Update) Important Elevation of Privilege 4467680 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4471323 (Security Update) Important Elevation of Privilege 4467680 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Elevation of Privilege 4467691 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Elevation of Privilege 4467691 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Elevation of Privilege 4467696 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Elevation of Privilege 4467696 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Elevation of Privilege 4467686 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Elevation of Privilege 4467686 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Elevation of Privilege 4467686 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Elevation of Privilege 4467702 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Elevation of Privilege 4467702 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Elevation of Privilege 4467702 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4471321 (Security Update) Important Elevation of Privilege 4467691 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Elevation of Privilege 4467691 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Elevation of Privilege 4467686 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Elevation of Privilege 4467702 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8599 Bryan De Houwer of the PwC Belgium Cyber&Privacy team
https://twitter.com/nurfed1,https://www.pwc.be/en/services/consulting/technology-consulting/cybersecurity-cybercrime.html


CVE-2018-8611 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8611
MITRE
NVD
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation Detected Not Applicable No Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8611
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4471323 (Security Update) Important Elevation of Privilege 4467680 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 for x64-based Systems 4471323 (Security Update) Important Elevation of Privilege 4467680 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Elevation of Privilege 4467691 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Elevation of Privilege 4467691 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Elevation of Privilege 4467696 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Elevation of Privilege 4467696 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Elevation of Privilege 4467686 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Elevation of Privilege 4467686 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Elevation of Privilege 4467686 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Elevation of Privilege 4467702 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Elevation of Privilege 4467702 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Elevation of Privilege 4467702 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 7 for 32-bit Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Elevation of Privilege 4467107
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 7 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Elevation of Privilege 4467107
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 8.1 for 32-bit systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Elevation of Privilege 4467697
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows 8.1 for x64-based systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Elevation of Privilege 4467697
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows RT 8.1 4471320 (Monthly Rollup) Important Elevation of Privilege 4467697 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Elevation of Privilege
4467706
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Elevation of Privilege
4467706
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Elevation of Privilege
4467706
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Elevation of Privilege
4467706
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Elevation of Privilege
4467706
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Elevation of Privilege 4467107
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Elevation of Privilege 4467107
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Elevation of Privilege 4467107
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2012 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Elevation of Privilege
4467701
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2012 (Server Core installation) 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Elevation of Privilege
4467701
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2012 R2 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Elevation of Privilege 4467697
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2012 R2 (Server Core installation) 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Elevation of Privilege 4467697
Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2016 4471321 (Security Update) Important Elevation of Privilege 4467691 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Elevation of Privilege 4467691 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2019 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Elevation of Privilege 4467708 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Elevation of Privilege 4467686 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Elevation of Privilege 4467702 Base: 7.00
Temporal: 7.00
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8611 Igor Soumenkov of Kaspersky Lab Boris Larin of Kaspersky Lab
https://www.kaspersky.com/,https://www.kaspersky.com/


CVE-2018-8612 - Connected User Experiences and Telemetry Service Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8612
MITRE
NVD
CVE Title: Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Description:

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8612
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Denial of Service 4467691 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Denial of Service 4467691 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Denial of Service 4467696 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Denial of Service 4467696 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Denial of Service 4467686 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Denial of Service 4467686 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Denial of Service 4467686 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Denial of Service 4467702 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Denial of Service 4467702 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Denial of Service 4467702 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Denial of Service 4467708 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Denial of Service 4467708 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Denial of Service 4467708 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows Server 2016 4471321 (Security Update) Important Denial of Service 4467691 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Important Denial of Service 4467691 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows Server 2019 4471332 (Security Update) Important Denial of Service 4467708 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Denial of Service 4467708 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Important Denial of Service 4467686 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Denial of Service 4467702 Base: 4.70
Temporal: 4.70
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8612 Wayne Low of Fortinet’s FortiGuard Labs
https://fortiguard.com/


CVE-2018-8617 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8617
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8617
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
Microsoft Edge on Windows 10 for 32-bit Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4471321 (Security Update) Moderate Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4471332 (Security Update) Moderate Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8617 Zhenhuan Li(@zenhumany) of Tencent Zhanlu Lab
http://www.tencent.com/


Qixun Zhao of Qihoo 360 Vulcan Team​
https://twitter.com/S0rryMybad,http://www.360.com/


Lokihardt of Google Project Zero
https://www.google.com


CVE-2018-8618 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8618
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8618
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4471321 (Security Update) Moderate Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4471332 (Security Update) Moderate Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8618 Yuki Chen of Qihoo 360 Vulcan Team
http://www.360.com/


CVE-2018-8619 - Internet Explorer Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8619
MITRE
NVD
CVE Title: Internet Explorer Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current user).

In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability.

However, in all cases, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site.

The update addresses the vulnerability by fixing how the Internet Explorer VBScript execution policy validates embedded VBScript content.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8619
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 10 on Windows Server 2012 4470199 (IE Cumulative)
4471330 (Monthly Rollup)
Important Remote Code Execution 4466536
4467701
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems 4471323 (Security Update) Important Remote Code Execution 4467680 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4471323 (Security Update) Important Remote Code Execution 4467680 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Remote Code Execution 4467691 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Remote Code Execution 4467691 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Remote Code Execution 4467696 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Remote Code Execution 4467696 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Remote Code Execution 4467686 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Remote Code Execution 4467686 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Remote Code Execution 4467702 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Remote Code Execution 4467702 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Important Remote Code Execution 4466536
4467107
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Important Remote Code Execution 4466536
4467107
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Important Remote Code Execution 4466536
4467697
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Important Remote Code Execution 4466536
4467697
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows RT 8.1 4471320 (Monthly Rollup) Important Remote Code Execution 4467697 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Low Remote Code Execution 4466536
4467107
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows Server 2012 R2 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Low Remote Code Execution 4466536
4467697
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows Server 2016 4471321 (Security Update) Low Remote Code Execution 4467691 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 11 on Windows Server 2019 4471332 (Security Update) Low Remote Code Execution 4467708 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 4471325 (Monthly Rollup) Important Remote Code Execution 4467706 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 4471325 (Monthly Rollup) Important Remote Code Execution 4467706 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8619 Ivan Fratric of Google Project Zero
https://www.google.com/


CVE-2018-8621 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8621
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

An authenticated attacker could exploit this vulnerability by running a specially crafted application.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8621
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8621 JunGu and ZiMi of Alibaba Orion Security Lab.
https://twitter.com/Bl1nnnk,https://twitter.com/YHZX_2013


CVE-2018-8622 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8622
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

An authenticated attacker could exploit this vulnerability by running a specially crafted application.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8622
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 4471320 (Monthly Rollup) Important Information Disclosure 4467697 Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4471319 (Security Only)
4471325 (Monthly Rollup)
Important Information Disclosure
4467706
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4471318 (Monthly Rollup)
4471328 (Security Only)
Important Information Disclosure 4467107
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4471326 (Security Only)
4471330 (Monthly Rollup)
Important Information Disclosure
4467701
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4471320 (Monthly Rollup)
4471322 (Security Only)
Important Information Disclosure 4467697
Base: 4.70
Temporal: 4.10
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8622 ZiMi and JunGu of Alibaba Orion Security Lab
https://twitter.com/YHZX_2013,https://twitter.com/Bl1nnnk


CVE-2018-8624 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8624
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8624
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4471321 (Security Update) Moderate Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4471332 (Security Update) Moderate Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8624 Qixun Zhao of Qihoo 360 Vulcan Team​
https://twitter.com/S0rryMybad,http://www.360.com/


CVE-2018-8625 - Windows VBScript Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8625
MITRE
NVD
CVE Title: Windows VBScript Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8625
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 10 on Windows Server 2012 4470199 (IE Cumulative)
4471330 (Monthly Rollup)
Important Remote Code Execution 4466536
4467701
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems 4471323 (Security Update) Important Remote Code Execution 4467680 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4471323 (Security Update) Important Remote Code Execution 4467680 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Important Remote Code Execution 4467691 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Important Remote Code Execution 4467691 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Important Remote Code Execution 4467696 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Important Remote Code Execution 4467696 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Important Remote Code Execution 4467686 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Important Remote Code Execution 4467686 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Important Remote Code Execution 4467686 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Remote Code Execution 4467702 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Remote Code Execution 4467702 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Remote Code Execution 4467702 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Important Remote Code Execution 4466536
4467107
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Important Remote Code Execution 4466536
4467107
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Important Remote Code Execution 4466536
4467697
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Important Remote Code Execution 4466536
4467697
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4471320 (Monthly Rollup) Important Remote Code Execution 4467697 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Low Remote Code Execution 4466536
4467107
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Low Remote Code Execution 4466536
4467697
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4471321 (Security Update) Low Remote Code Execution 4467691 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2019 4471332 (Security Update) Low Remote Code Execution 4467708 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 4470199 (IE Cumulative)
4471325 (Monthly Rollup)
Low Remote Code Execution 4466536
4467706
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 4470199 (IE Cumulative)
4471325 (Monthly Rollup)
Low Remote Code Execution 4466536
4467706
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8625 Ivan Fratric of Google Project Zero
https://www.google.com/


CVE-2018-8626 - Windows DNS Server Heap Overflow Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8626
MITRE
NVD
CVE Title: Windows DNS Server Heap Overflow Vulnerability
Description:

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

The update addresses the vulnerability by modifying how Windows DNS servers handle requests.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8626
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4471320 (Monthly Rollup)
4471322 (Security Only)
Critical Remote Code Execution 4467697
Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4471320 (Monthly Rollup)
4471322 (Security Only)
Critical Remote Code Execution 4467697
Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 9.80
Temporal: 8.80
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8626 Mitch Adair, Microsoft Windows Enterprise Security Team


CVE-2018-8627 - Microsoft Excel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8627
MITRE
NVD
CVE Title: Microsoft Excel Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel software.

The security update addresses the vulnerability by properly initializing the affected variable.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8627
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Excel Services on Microsoft SharePoint Server 2010 Service Pack 2 4461569 (Security Update) Important Information Disclosure 4011190 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4461577 (Security Update) Important Information Disclosure 4461530 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4461577 (Security Update) Important Information Disclosure 4461530 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4461559 (Security Update) Important Information Disclosure 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4461559 (Security Update) Important Information Disclosure 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4461559 (Security Update) Important Information Disclosure 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4461542 (Security Update) Important Information Disclosure 4461503 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4461542 (Security Update) Important Information Disclosure 4461503 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel Viewer 2007 Service Pack 3 4461566 (Security Update) Important Information Disclosure 4461519 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4461570 (Security Update) Important Information Disclosure 4032218 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4461570 (Security Update) Important Information Disclosure 4032218 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for Mac Release Notes (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4461565 (Security Update) Important Information Disclosure 4461518 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8627 Yangkang(@dnpushme) & Jinquan(@jq0904) of Qihoo360 CoreSecurity(@360CoreSec)
https://twitter.com/dnpushme,https://twitter.com/jq0904,https://twitter.com/360CoreSec


CVE-2018-8628 - Microsoft PowerPoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8628
MITRE
NVD
CVE Title: Microsoft PowerPoint Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office PowerPoint software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Microsoft PowerPoint handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8628
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011207 (Security Update) Important Remote Code Execution 3213644 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps 2010 Service Pack 2 2965312 (Security Update) Important Remote Code Execution 4461527 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps 2013 Service Pack 1 4461551 (Security Update) Important Remote Code Execution 4092473 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) 4461521 (Security Update) Important Remote Code Execution 4092482 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) 4461521 (Security Update) Important Remote Code Execution 4092482 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 RT Service Pack 1 4461481 (Security Update) Important Remote Code Execution 4092453 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) 4461481 (Security Update) Important Remote Code Execution 4092453 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) 4461481 (Security Update) Important Remote Code Execution 4092453 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2016 (32-bit edition) 4461532 (Security Update) Important Remote Code Execution 4461434 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2016 (64-bit edition) 4461532 (Security Update) Important Remote Code Execution 4461434 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint Viewer 2597975 (Security Update) Important Remote Code Execution 2596912 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4461541 (Security Update) Important Remote Code Execution 4461501 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2013 Service Pack 1 4092472 (Security Update) Important Remote Code Execution 4018392 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4461548 (Security Update) Important Remote Code Execution 4461513 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office Online Server 4011027 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8628 Jaanus Kp Clarified Security working with Trend Micro's Zero Day Initiative
http://www.zerodayinitiative.com/


CVE-2018-8629 - Chakra Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8629
MITRE
NVD
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8629
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Release Notes (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Edge on Windows 10 for 32-bit Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4471321 (Security Update) Moderate Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2019 4471332 (Security Update) Moderate Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8629 Bruno Keith
https://twitter.com/bkth_


CVE-2018-8631 - Internet Explorer Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8631
MITRE
NVD
CVE Title: Internet Explorer Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.

The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8631
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 10 on Windows Server 2012 4470199 (IE Cumulative)
4471330 (Monthly Rollup)
Moderate Remote Code Execution 4466536
4467701
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Critical Remote Code Execution 4466536
4467107
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Critical Remote Code Execution 4466536
4467107
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Critical Remote Code Execution 4466536
4467697
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Critical Remote Code Execution 4466536
4467697
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4471320 (Monthly Rollup) Critical Remote Code Execution 4467697 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4470199 (IE Cumulative)
4471318 (Monthly Rollup)
Moderate Remote Code Execution 4466536
4467107
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4470199 (IE Cumulative)
4471320 (Monthly Rollup)
Moderate Remote Code Execution 4466536
4467697
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4471321 (Security Update) Moderate Remote Code Execution 4467691 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2019 4471332 (Security Update) Moderate Remote Code Execution 4467708 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 4470199 (IE Cumulative)
4471325 (Monthly Rollup)
Moderate Remote Code Execution 4466536
4467706
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 4470199 (IE Cumulative)
4471325 (Monthly Rollup)
Moderate Remote Code Execution 4466536
4467706
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8631 Ivan Fratric of Google Project Zero
https://www.google.com/


CVE-2018-8634 - Microsoft Text-To-Speech Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8634
MITRE
NVD
CVE Title: Microsoft Text-To-Speech Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security update addresses the vulnerability by correcting how the Microsoft text-to-speech handles objects in the memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8634
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4471323 (Security Update) Critical Remote Code Execution 4467680 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4471327 (Security Update) Critical Remote Code Execution 4467696 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4471321 (Security Update) Critical Remote Code Execution 4467691 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Critical Remote Code Execution 4467708 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4471329 (Security Update) Critical Remote Code Execution 4467686 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Critical Remote Code Execution 4467702 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8634 Marcin Towalski (@mtowalski1)
https://twitter.com/mtowalski1


CVE-2018-8635 - Microsoft SharePoint Server Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8635
MITRE
NVD
CVE Title: Microsoft SharePoint Server Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account.

To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack.

The update addresses the vulnerability by modifying how Microsoft SharePoint Server manages server authentication.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8635
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4461558 (Security Update) Important Elevation of Privilege 4461511 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4461541 (Security Update) Important Elevation of Privilege 4461501 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2010 Service Pack 2 4461465 (Security Update) Important Elevation of Privilege 4022207 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8635 Ivan Vagunin
https://twitter.com/ivagunin


CVE-2018-8636 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8636
MITRE
NVD
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8636
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4461577 (Security Update) Important Remote Code Execution 4461530 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4461577 (Security Update) Important Remote Code Execution 4461530 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4461559 (Security Update) Important Remote Code Execution 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4461559 (Security Update) Important Remote Code Execution 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4461559 (Security Update) Important Remote Code Execution 4461488 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4461542 (Security Update) Important Remote Code Execution 4461503 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4461542 (Security Update) Important Remote Code Execution 4461503 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8636 Nathan Shomber of Microsoft


CVE-2018-8637 - Win32k Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8637
MITRE
NVD
CVE Title: Win32k Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8637
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4471324 (Security Update) Important Information Disclosure 4467702 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8637 Alex Ionescu, CrowdStrike Inc.
https://www.crowdstrike.com


CVE-2018-8638 - DirectX Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8638
MITRE
NVD
CVE Title: DirectX Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

An authenticated attacker could exploit this vulnerability by running a specially crafted application.

The update addresses the vulnerability by correcting how DirectX handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.



Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8638
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4471332 (Security Update) Important Information Disclosure 4467708 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-8638 Laith AL-Satari
https://twitter.com/laith_satari


CVE-2018-8639 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-8639
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-12-11T08:00:00    

Information published.


Important Information Disclosure,
Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-8639
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4471323 (Security Update) Important Information Disclosure 4467680 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4471323 (Security Update) Important Information Disclosure 4467680