Beschreibung: | Summary: This host is missing a critical security update according to Microsoft KB4525236
Vulnerability Insight: Multiple flaws exist due to:
- Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
- Windows Installer fails to properly handles certain filesystem operations.
- Windows Error Reporting (WER) improperly handles objects in memory.
- Windows Universal Plug and Play (UPnP) service improperly allows COM object creation.
- Windows Jet Database Engine improperly handles objects in memory.
- Windows Graphics Component improperly handles objects in memory.
- Scripting engine handles objects in memory in Internet Explorer.
- Windows Netlogon improperly handles a secure communications channel.
- Windows Win32k component fails to properly handle objects in memory.
- Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory.
Please see the references for more information about the vulnerabilities.
Vulnerability Impact: Successful exploitation will allow an attacker to crash host server, execute code with elevated permissions, obtain information to further compromise the user's system and bypass security restrictions.
Affected Software/OS: - Microsoft Windows 10 Version 1607 x32/x64
- Microsoft Windows Server 2016
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|