Descripción: | Summary: This host is missing a critical security update according to Microsoft KB4338829
Vulnerability Insight: Multiple flaws exist due to errors,
- When Windows improperly handles File Transfer Protocol (FTP) connections.
- When Chakra scripting engine improperly handles objects in memory in browsers.
- When Windows Kernel API improperly enforces permissions.
- when Windows improperly handles objects in memory.
- When the Windows kernel fails to properly handle objects in memory.
- When Microsoft WordPad improperly handles embedded OLE objects.
- When the scripting engine improperly handles objects in memory in Microsoft browsers.
- When Windows fails a check, allowing a sandbox escape.
- A security feature bypass vulnerability exists in Device Guard.
- When Microsoft Internet Explorer improperly handles requests involving UNC resources.
- When the Windows kernel-mode driver fails to properly handle objects in memory.
- When Microsoft Edge improperly accesses objects in memory.
Vulnerability Impact: Successful exploitation will allow an attacker to cause a target system to stop responding, elevate their privilege level, run arbitrary code, bypass security, disclose sensitive information and also take control of an affected system.
Affected Software/OS: - Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|