Beschreibung: | Summary: This host is missing a critical security update according to Microsoft KB4074592
Vulnerability Insight: Multiple flaws exist due to:
- The scripting engine improperly handles objects in memory in Microsoft browsers.
- The windows kernel fails to properly handle objects in memory.
- The windows Common Log File System (CLFS) driver improperly handles objects in memory.
- The VBScript improperly discloses the contents of its memory.
- The scripting engine improperly handles objects in memory in Microsoft Edge.
- The scripting engine improperly handles objects in memory in Internet Explorer.
- The storage Services improperly handles objects in memory.
- The NTFS improperly handles objects.
- The AppContainer improperly implements constrained impersonation.
- Microsoft has deprecated the Document Signing functionality in XPS Viewer.
- Microsoft Edge improperly handles requests of different origins.
Vulnerability Impact: Successful exploitation will allow an attacker who successfully exploited the vulnerability to gain the same user rights as the current user, run arbitrary code in kernel mode, run processes in an elevated context, circumvent a User Mode Code Integrity (UMCI) policy on the machine, spoof content, perform phishing attacks, or otherwise manipulate content of a document, force the browser to send data that would otherwise be restricted and retrieve the memory address of a kernel object.
Affected Software/OS: Microsoft Windows 10 Version 1703 x32/x64.
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|